FOI Disclosure Log

Customer Request Details

01 September 2021

I am writing to you under the Freedom of Information Act 2000 to request the following information from East Hertfordshire. Please can you answer the following questions:

1.       In the past three years has your organisation:

a.       Had any ransomware incidents? (An incident where an attacker attempted to, or successfully, encrypted a computing device within your organisation with the aim of extorting a payment or action in order to decrypt the device? )

                                                               i.      If yes, how many?

b.       Had any data rendered permanently inaccessible by a ransomware incident (i.e. some data was not able to be restored from back up.)

c.       Had any data rendered permanently inaccessible by a systems or equipment failure (i.e. some data was not able to be restored from back up.)

d.       Paid a ransom due to a ransomware incident / to obtain a decryption key or tool?

                                                               i.      If yes was the decryption successful, with all files recovered?

e.       Used a free decryption key or tool (e.g. from https://www.nomoreransom.org/)?

                                                               i.      If yes was the decryption successful, with all files recovered?

f.        Had a formal policy on ransomware payment?

                                                               i.      If yes please provide, or link, to all versions relevant to the 3 year period.

g.       Held meetings where policy on paying ransomware was discussed?

h.       Paid consultancy fees for malware, ransomware, or system intrusion investigation

                                                               i.      If yes at what cost in each year?

i.         Used existing support contracts for malware, ransomware, or system intrusion investigation?

j.         Requested central government support for malware, ransomware, or system intrusion investigation?

k.       Paid for data recovery services?

                                                               i.      If yes at what cost in each year?

l.         Used existing contracts for data recovery services?

m.     Replaced IT infrastructure such as servers that have been compromised by malware?

                                                               i.      If yes at what cost in each year?

n.       Replaced IT endpoints such as PCs, Laptops, Mobile devices that have been compromised by malware?

                                                               i.      If yes at what cost in each year?

o.       Lost data due to portable electronic devices being mislaid, lost or destroyed?

                                                               i.      If yes how many incidents in each year?

 

2.       Does your organisation use a cloud based office suite system such as Google Workspace (Formerly G Suite) or Microsoft’s Office 365?

a.       If yes is this system’s data independently backed up, separately from that platform’s own tools?

 

3.       Is an offsite data back-up a system in place for the following? (Offsite backup is the replication of the data to a server which is separated geographically from the system’s normal operating location site.)

a.       Mobile devices such as phones and tablet computers

b.       Desktop and laptop computers

c.       Virtual desktops

d.       Servers on premise

e.       Co-located or hosted servers

f.        Cloud hosted servers

g.       Virtual machines

h.       Data in SaaS applications

i.         ERP / finance system

j.         We do not use any offsite back-up systems

 

4.       Are the services in question 3 backed up by a single system or are multiple systems used?

 

5.       Do you have a cloud migration strategy? If so is there specific budget allocated to this?

 

6.       How many Software as a Services (SaaS) applications are in place within your organisation?

a.       How many have been adopted since January 2020?

 



East Herts Council Response

02 September 2021

Freedom of Information Act –  Information Request –

Further to your Freedom of Information request regarding: Information Technology

This is a function carried out by Stevenage Borough Council as part of a shared services agreement therefore your request should be sent to [email protected]

 Further contact details are: https://eforms.stevenage.gov.uk/ufs/ufsmain?formid=FREEDOM_OF_INFO_REQUEST

Or in writing to:

Legal Services
Stevenage Borough Council,
Daneshill House
Danestrete
Stevenage
Herts
SG1 1HN

If you have any queries or complaint about the processing of your request please do not hesitate to contact me.

Alternatively for more information on the Freedom of Information Act contact the Information Commissioner at:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

Telephone 0303 123 1113 

https://ico.org.uk/

It is important that you include the above FOI reference number on all correspondence related to this request.

I apologise that your request cannot be met and should you have any further queries or information needs in the future then please contact me.

 

It is important that you include the above FOI reference number on all correspondence related to this request.

Thank you for your request.