Skip to content
Contents

Cyber Security Web Filter and Training

Reference: 24-25428

Date response sent: 03/02/2025

Details of enquiry

  1. What current web filter is in place and when this contract is due to expire?
  2. What current security awareness training is in place and when this contract is due to expire?
  3. Lastly, can you please confirm what reseller the trust used to purchase their web filter and security awareness training technologies?

Response sent

  1. What current web filter is in place and when this contract is due to expire?

Sophos, expires in March 2025

  1. What current security awareness training is in place and when this contract is due to expire?

All staff are required to undergo annual cyber security training as part of the Trust’s mandatory training, system supplied by the NHSE as part of ESR. Additional training provided, via Mimecast Training module end date Aug 2025.

Technical Staff within our IT Department under more frequent and more cyclic training, the details of which are withheld under s31a of the Freedom of Information Act 2000 (FOIA

  1. Lastly, can you please confirm what reseller the trust used to purchase their web filter and security awareness training technologies?

Integrity360, Chess Cyber security.

 

Data Withheld under s31a of the Freedom of Information Act 2000 (FOIA)

Where recorded information is held regarding the Trust’s web filter and cyber security training, and we have indicated above that exemption under s.31(a) of the FOIA Law Enforcement: the prevention or detection of crime is engaged  This is explained in further detail as follows.

S.31(a) is a qualified exemption that requires the authority to carry out the public interest test. We have carried out the public interest test and have set out below the public interest arguments which we have considered in relation to those particular questions:

Arguments in favour of disclosure:

  • Promoting accountability and transparency on how public funds are utilised and spent

Arguments in favour of maintaining the exemption:

  • The Trust has a duty to ensure that its information systems and assets are kept secure
  • Disclosure of the requested information under FOIA, ie into the public domain, could facilitate criminal activity, in particular cybercrime, and especially when combined with other information already in the public domain or which could be gleaned from other sources, including any information that the Trust has previously provided or may be forced to disclose in the future.
  • Disclosure of the requested information could, therefore, increase vulnerability to malicious attack, including the corruption, loss or non-availability of data or systems, which would impact on the Trust’s ability to provide essential services

Balance of Weight

  • We have concluded that, on balance, the public interest in maintaining the exemption outweighs the public interest in disclosure.
Back to top