Cofnod Datgeliadau

Defnyddiwch y rhan hon o'r wefan i weld Bas Data cofnod datgeliadau'r Awdurdod.

Cwestiwn

1. During which month do you receive your annual IT Health Check (ITHC)? 2. Other than your ITHC, do you purchase any other Penetration services; if so, during which month? 3. As a local authority, you should use providers of ITHC who are CREST of Tiger Programme accredited; Do you enforce stricter requirements than this, i.e. Check Team accredited? 4. How do you award your penetration/ITHC contracts, i.e. framework, quotations or tender? 5. What is the cost threshold mandated before you go to a public tender? 6. Do you have any other compliance requirements, e.g. N3 or ISO 27001? 7. Do you have any IT security infrastructure projects planned within the next 12 months; if so, what and when? 8. Do you have any managed IT security services; if so, what? 9. Do you have a specific budget for IT security; if so, how much? 10. Who is responsible for managing IT security infrastructure? Please provide their contact details. 11. Who is responsible for IT security infrastructure procurement? Please provide their contact details. 12. Are you currently reviewing IT security controls or goods through any IT transformation processes?

Ateb

1. April-June 2. No 3. Yes 4. Quotations 5. The Welsh Procurement Policy Statement requires the public sector to advertise requirements over £25K Our procurement rules refers to this and states that requirements ‘should’ be advertised. Our tender threshold is £75K – meaning that only requirements over £75K are treated as formal tenders, below this are quotes. Our rules also indicate that the use of frameworks is to be encouraged, to reduce resource implications and to take advantage of economies of scale etc. A large proportion of our requirements are satisfied through the use of frameworks, from an ICT perspective this includes, telephony, mobiles, desktop ICT, infrastructure, consumables, software etc. Frameworks are advertised by the lead organisation and we either call off or carry out mini competitions (neither of which are advertised) in accordance with the framework provisions. 6. Cyber Essentials, ISO 27001 & PCIDSS. 7. No 8. No 9. No 10. Information Security Officer – information.security@merthyr.gov.uk 01685 725000 11. Information Security Officer – information.security@merthyr.gov.uk 01685 725000 12. No.