Pay

Freedom of information request response - 05464

FOI request

FOI ID number
05464
Regarding
Annual IT Health Check
Request

In which months of the year do you generally receive the penetration testing requirement of the annual IT Health Check (ITHC)?

In which months of the year do you procure the penetration testing services for the ITHC?

For you last ITHC, how many days were required by the provider to complete the ITHC. Where possible, please break it down by onsite, external and reporting days?

Did you purchase external services to assist with your ITHC remediation actions?

Did you require further penetration testing after your PSN code of compliance submission (due to ITHC failure or major infrastructure changes)?

How was your last ITHC contract awarded, i.e. framework, quotes or public tender?

How many virtual servers do you have on premise?

Do you have any managed security services? Please list.

Do you have any other compliance, i.e ISO27001 or N3?

Do you have any security infrastructure projects in the next 12 months?

What is your IT security training budget?

Do you purchase any security infrastructure training for IT staff and / or red team security training?

Who is responsible for managing security infrastructure? Please provide their contact details

Who is responsible for procuring security infrastructure? Please provide their contact details

Who is responsible for procuring ITHC services? Please provide their contact details

Who is responsible for procuring training for IT staff? Please provide their contact details

What is cost threshold that mandates a public tender?

Our response

Response

In which months of the year do you generally receive the penetration testing requirement of the annual IT Health Check (ITHC)? – Jan-March

In which months of the year do you procure the penetration testing services for the ITHC? – We procure at the end of a 3 year contract term

For you last ITHC, how many days were required by the provider to complete the ITHC. Where possible, please break it down by onsite, external and reporting days?

Did you purchase external services to assist with your ITHC remediation actions? - No

Did you require further penetration testing after your PSN code of compliance submission (due to ITHC failure or major infrastructure changes)? - No

How was your last ITHC contract awarded, i.e. framework, quotes or public tender? - Quotes

How many virtual servers do you have on premise? Do you have any managed security services? Please list. – We do not provide details of the security devices we use

Do you have any other compliance, i.e ISO27001 or N3? Do you have any security infrastructure projects in the next 12 months? - No

What is your IT security training budget? – Not a specific budget for this, it’s mixed in with other spend

Do you purchase any security infrastructure training for IT staff and / or red team security training? - No

Who is responsible for managing security infrastructure? IT Services Manager and Senior Supplier for Digital Innovation

Please provide their contact details Who is responsible for procuring security infrastructure? IT.Manager@eden.gov.uk

Please provide their contact details Who is responsible for procuring ITHC services? IT.Manager@eden.gov.uk

Please provide their contact details Who is responsible for procuring training for IT staff? IT.Manager@eden.gov.uk

Please provide their contact details What is cost threshold that mandates a public tender? £60,000 or more

Response date
31 July 2018