Please can you provide disclosure of the following council policies and procedures:-
| Policy | Response | Link |
|
Access to Deceased Persons Request Policy
|
This policy can be accessed from the following link | https://inside.devon.gov.uk/document/access-to-a-deceased-persons-records-policy/ |
|
Cyber Security Policy
|
This policy can be accessed from the following link | https://inside.devon.gov.uk/document/cyber-security-policy/ |
|
Data Protection Policy
|
This policy can be accessed from the following link | https://inside.devon.gov.uk/document/data-protection-policy/ |
|
Information Assurance Policy
|
This policy can be accessed from the following link | https://inside.devon.gov.uk/document/information-assurance-policy/ |
|
Information, Media, and Equipment Policy
|
This policy can be accessed from the following link | https://inside.devon.gov.uk/task/dispose-of-information-media-equipment/ |
|
IT Security Policies
|
*Exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.
|
|
|
Personal Information Security Policy
|
This policy can be accessed from the following link | https://inside.devon.gov.uk/document/personal-information-security-policy/ |
|
Records Management Policy
|
This policy can be accessed from the following link | https://inside.devon.gov.uk/task/manage-records/ |
|
Security Incident Management Policy and Procedure
|
This policy can be accessed from the following link | Security Incident Management Policy and Procedure |
| Subject Access Request Handling Policy | This policy can be accessed from the following link | https://inside.devon.gov.uk/document/subject-access-request-handling-policy/ |
*Devon County Council can confirm that we hold information regarding our IT Security Policies. However, we do not consider that we are obliged to disclose these policies on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.
The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.
Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure. Given the current cyber security threat landscape facing local government organisations, we feel that significant weight should be applied to this consideration. For this reason, we believe that the balance of public interest is best served by withholding this information from disclosure at this time.