Data Storage and Protection - Find a freedom of information request

Request

I am writing to you under the Freedom of Information Act 2000 to request the following information:

1. Which of the following data sources is the local authority responsible for protecting?

  • Personal citizen data
  • Personal staff / civil servant data
  • Research data
  • Intellectual property
  • Other, please specify

 

2. What is the average length of time data is stored by the local authority?

  • Less than one year
  • More than one year
  • More than three years
  • More than five years
  • More than 10 years
  • Other, please specify

 

3.

a) Do you have a back-up of your organisation's data?

  • Yes
  • No
  • Other, please specify

b) If yes, what third party organisations (vendor and/or supplier) do you use to backup your organisation's data?

 

4. Does your organisation have a disaster recovery plan in case of IT failure/outage?

  • Yes
  • No
  • Other, please specify

 

5.

a) Does your organisation have an official/formal policy detailing the disaster recovery process in the event of an IT failure/outage?

  • Yes
  • No
  • Other, please specify

b) If yes, how often is this updated?

  • At least once a month
  • Once or more a year
  • Less than once a year
  • It has never been updated
  • Other, please specify

6.

a) Does your organisation conduct tests on its data backup and IT disaster recovery system?

  • Yes
  • No
  • Other, please specify

b) If yes, how often does your organisation test its data backup and IT disaster recovery system?

  • At least once a month
  • Once or more a year
  • Less than once a year
  • It has never been updated
  • Other, please specify

 

7.

a) Does your organisation use Microsoft Office 365?

  • Yes
  • No
  • Other, please specify

b) If so, how many users do you currently have?

  • 0-99
  • 100-249
  • 250-499
  • Over 500
  • Other, please specify

 

 

8.

a) How many cyber-attacks against your organisation have you recorded in the last 12 months? (from the date of receiving the FOI request)

b) If more than zero, of these incidents, how many had an impact on the organisation's operations?

 

 

 

Definitions:

Re the above, the following definitions have been provided to help with this request.

* A backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event.

* An unplanned IT outage is a period of downtime during which IT systems are unavailable due to a network or power fault/failure.

* A cyber-attack is an attack launched from one or more computers against another computer, multiple computers or networks. Specific examples include but are not limited to ransomware and phishing attacks.

Decision

1. The council is responsible for protecting all data it processes including all of the categories set out above. The following link provides a number of Information Assurance policies that may be helpful.

Policies, Strategies & Plans

 

2. No data held. It may be useful to know the council has a set of retention schedules that sets out how long specific categories of records should be held for. These can be found here: Records Management . Please note the current schedules are under review in order to align with the local government classification scheme. These schedules are planned to be published in January 2021.

 

3. Yes, Commvault

 

4. Yes

 

5. Yes

b. Other, – the policy is updated when there is a requirement to update it (i.e. a change in business process, personnel, business structure or the technical landscape, for instance)

6. a. Yes

b. Backups are checked continuously by the service provider (daily) – restorations of data are conducted at least once a month, other aspects of DR solutions are tested monthly during regular maintenance windows. Restorations of data are also tested as part of tests for key change processes

 

7. a. Yes

b. When the rollout is complete there will be over 5,000

 

8. The figures provided below relate to instances where the council has successfully blocked suspected malicious activity. Some of these instances may be classed as false positives which mean they have been incorrectly defined.

Emails categorized as containing malicious software: 9879

  • Emails categorized as phishing emails: 53868
  • Malware detection events: 1597
  • Internet Security threats: 10351714
  • Intruder Detection System (Jun 20 to date): 103051
  • None of the above instances had an impact on the council which required a response beyond day to day management of security incidents.
Reference number
523713
Date request received
05 April 2021
Date of decision
22 April 2021