FOI release

FOI2019-12804 Cyber Security and Data Protection

Published 16 December 2019

Dear

I am writing in response to your email dated 8 November 2019 requesting the following information,

  • Name of SIRO (Senior Information Risk Owner) or similar post (Chief Information Governance Officer etc), or responsible person for SIRO duties.
  • Contact email of person named in request No. 1.
  • Name of DPO (Data Protection Officer) or responsible person for DPO duties.
  • Contact email of DPO.
  • Name of person with overall responsibility for Cyber security or equivalent (excluding persons in q1 and q3).
  • Contact email of person in Q5.
  • Name of person with overall responsibility for information security or equivalent (excluding persons in q1, q3 and 5).
  • Contact email of person in Q7.
  • Name of person with overall responsibility for information Governance or equivalent (excluding persons in q1, q3, q5 and q7).
  • Contact email of person in Q9
  • Do you have appointed IAO’s? If so, whom are they, if they have been defined?
  • Are you or have you considered becoming ISO 27001 compliant or certified? If so whom is responsible for maintaining this? (as in, the person)
  • Contact email of person in Q: 11.
  • Are you required to connect to the PSN Code of Connection (CoCo)? If so whom is responsible for complying with its requirements? (as in, the person)
  • Contact email of person in Q:13.
  • What is the annual budget for Cyber Security?
  • What was the annual spend on external assistance for cyber security last financial year? (Excluding products/systems, when I refer to external assistance I mean things like consultancy/training)
  • What is the annual budget for data protection activities?
  • What was the annual spend on external assistance for data protection activities last year? (Excluding products/systems, when I refer to external assistance I mean things like consultancy/training)

I am treating your correspondence as a request for information under the Freedom of Information Act 2000 (FOIA). In response to your queries, I have completed a search for the information within the Defence Electronics & Components Agency, and I can confirm that we do hold information in scope of your request.

The information requested in your questions 1-15 is subject to the following exemptions: Section 40(2) (Data Protection Act) and is therefore withheld. The teams can be contacted however by emailing our general email address, [email protected]

  • What is the annual budget for Cyber Security?

Nil. Cyber Security is provided by MOD

  • What was the annual spend on external assistance for cyber security last financial year? (Excluding products/systems, when I refer to external assistance I mean things like consultancy/training)

Nil

  • What is the annual budget for data protection activities?

Nil. This activity is undertaken as part of an internal process

  • What was the annual spend on external assistance for data protection activities last year? (Excluding products/systems, when I refer to external assistance I mean things like consultancy/training)

Nil

If you are not satisfied with this response or you wish to complain about any aspect of the handling of your request, then you should contact me in the first instance. If informal resolution is not possible and you are still dissatisfied then you may apply for an independent internal review by contacting the Information Rights Compliance team, Ground Floor, MOD Main Building, Whitehall, SW1A 2HB or by e-mailing [email protected]. Please note that any request for an internal review must be made within 40 working days of the date on which the attempt to reach informal resolution has ended.

If you remain dissatisfied following an internal review, you may take your complaint to the Information Commissioner under the provisions of Section 50 of the Freedom of Information Act. Please note that the Information Commissioner will not investigate your case until the MOD internal review process is complete. You can find further details of the role and powers of the Information Commissioner on the Commissioner’s website.

Regards

DECA FOI