Enquiries To: Kevin Symm

Enquiries To: Kevin Symm

Enquiries to: Wendy Twigge
Your Ref:
Our Ref: FOI/116794 /
Mr Dave Schneider
Email: / Date: 24 September 2010

Dear Mr Schneider

Freedom of Information request 116794

Thank you for your recent request received 18 August 2010 and actioned under the Freedom of Information Act 2000 in which you requested the following information:

Provide, name, address and telephone number for the following people:

  1. Senior Information Risk Owner
  2. Governance Manager
  3. Information Security Officer/Manager
  4. Information Technology Security Officer/Manager
  5. Caldecott Guardian

PCI-DSS

  1. Does your organisation process electronic payment cards?
  2. How much money is processed from electronic payment cards per annum?
  3. How many electronic payment card transactions are processed per annum?
  4. Are you PCI-DSS compliant?

ISO 27001

  1. Are you or have you considered becoming ISO 27001 compliant or certified?

Government Connect

  1. Are you connected and operationally utilising the Government Connect network?
  2. If not have you considered connecting to Government Connect and why was the decision made not to connect?
  3. Do you meet the Government Connect version three requirements?
  4. Please supply your latest CLAS consultant annual Government Connect assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.
  5. Do you meet the Government Connect version four requirements?
  6. Please supply the latest internal report for the Government Connect version four Audit/Assessment, blanking out any statements which could contravene a security concern from a third party reading it.

Criminal Justice Network

  1. Are you connected to and operationally utilising the Criminal Justice Network?
  2. If not have you considered connecting to the Criminal Justice Network and why was the decision made not to connect?
  3. Please supply your latest annual assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.

NHS N3 Network

  1. Are you connected to and operationally utilising the NHS N3 Network?
  2. If not have you considered connecting to the NHS N3 network and why was the decision made not to connect?
  3. Please supply your latest N3 Connection assessment/audit report, blanking out any statements which could contravene a security concern from a third party reading it.
  4. Do both schools and the Council share the same physical network responsible for voice and data communications?

Response:

Liverpool City Council (LCC) had a contract with Liverpool Direct Limited (LDL) for the provision of IT services and support; some areas therefore are not covered by LCC employers but by the services provided by LDL.

Staff Details

  1. Susan Curran
  2. Wendy Twigge is the Information Manager. The Information Team covers Data Protection Act (DPA) 1998, Freedom of Information Act (FOIA) 2000 and The Environmental Information Regulations (EIR) 2004 requests.
  3. Dave Crone.
  4. Dave Crone.
  5. Sandra Campbell

PCI-DSS

  1. No
  2. N/A
  3. N/A
  4. N/A

ISO 27001

  1. Yes

Government Connect

  1. Yes
  2. N/A
  3. Yes
  4. This information is exempt from disclosure by virtue of Section 41 of FOIA which state that public authority do not have to disclosure information provided by third party if the disclosure will constitute a breach of confidence actionable by that or any other person. We would also consider that Exemption 24 applies to this response as disclosure of this information would enable infiltration into the council’s network and would provide a staging post to attach this or other UK Government ICT.
  5. Yes
  6. This information is exempt from disclosure by virtue of Section 41 of FOIA which state that public authority do not have to disclosure information provided by third party if the disclosure will be constitute a breach of confidence actionable by that or any other person. We also consider Section 23 applies as it is information supplied by or relating to specified bodies dealing with security matters. You may wish to refer any queries of this nature to GCHQ on 10242 221491 ext 30306.

Criminal Justice Network

  1. Yes
  2. N/A
  3. We do not hold this information.

NHS N3 Network

  1. We connect through their firewall to allow Hospital based social workers to access the LCC network
  2. N/A
  3. N/A
  4. No

This concludes the response to your request for information. The City Council will consider appeals, referrals or complaints in respect of your Freedom of Information Act 2000 request under the Have Your Say Scheme.You can either complete a form on-line at our website you can complete a form at any One Stop Shop or Library.Alternatively, you can write to us at Liverpool Direct, Freepost, NWW 3400A, Liverpool L1 3ZZ.Your complaint/appeal/referral will be investigated by a senior officer within twenty eight days.

If you remain dissatisfied you may also apply to the Information Commissioner for a decision about whether the request for information has been dealt with in accordance with the Freedom of Information Act 2000.

The Information Commissioner’s website is and the postal address and telephone numbers are:-

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, CheshireSK9 5AF.Fax number 01625 524 510, DX 20819, Telephone 01625 545745.Email – (they advise that their email is not secure)

I trust this information satisfies your enquiry

Yours sincerely

Ms W Twigge

Information Manager

Information Team, Legal Services Municipal Buildings Dale Street

Liverpool L2 2DH

Telephone 0151 225 3132 Fax 0151 225 2392

Email