I am requesting the following information:
1.1) When did you conduct your last IT Health Check?
1.2) When is your next IT Health Check due?
1.3) Do you conduct other cybersecurity penetration testing?
1.4) Are you in a contract for your IT Health Check / other testing? If so, when will this be up for renewal?
1.5) Who is the contact person at the Council for the annual IT Health Check?
2.1) When is the next date to renew compliance validation for PCI DSS?
2.2) Will the Council be requiring consultancy to ensure they adhere to the new PCI DSS 4.0?
2.3) Who is the contact person at the Council looking after PCI DSS compliance?
3.1) Do the Council adhere to other data security standards, such as Cyber Essentials Basic, Cyber Essentials Plus, ISO27001?
3.2) If no, do the Council plan on achieving any of these accreditations?
4.1) Does the Council currently utilise an in-house or outsourced Security Operations Centre for solutions such as EDR, MDR, or XDR?
4.2) Do the Council have Windows Defender for EDR. If so, is this managed in-house or externally?