2021023

Request regarding IT security operations.

Published: 3 August 2021

Information requested

  1. Security:
    1. What security solutions are being utilised?
    2. Do you have a SIEM?
    3. Do you have a SOC? If so, is it in house or outsourced?
    4. Is it 24/7?
    5. Name and role for IT Manager(s) / Officer(s) primarily responsible for cybersecurity
    6. Names of all cyber security vendor(s) you use
    7. Cost, duration and end date for the above contract(s)/license(s)
  2. How far are you in your cloud strategy?
    1. Not considering Cloud for the foreseeable future
    2. Interested in Cloud, but have not started looking into it
    3. Research Stage
    4. Meeting with Suppliers
    5. Consultancy
    6. Started to integrate
    7. Fully integrated
  3. Which public cloud provider do you use?
  4. Which IT services do you outsource? When do the contracts end?
  5. Please also name all of the IT re-sellers that you work with and buy from, as well as the frameworks utilised.
  6. Are you actively moving any applications/infrastructure into a cloud environment? If so who is responsible for this?
  7. What is the total number of IT staff employed by the organization: Please list and provide contact details for the IT senior management team including CIO, IT Director and Infrastructure Architects if applicable.

NHSCFA response

  1. Security:
    1. What security solutions are being utilised?

      Firewalls, WAF, Anti Virus, Phishing Protection, SEIM, MFA, Threat Detection and Response.

    2. Do you have a SIEM?

      Yes

    3. Do you have a SOC? If so, is it in house or outsourced?

      No

    4. Is it 24/7?

      Not Applicable.

    5. Name and role for IT Manager(s) / Officer(s) primarily responsible for cybersecurity

      The Information Security Lead has primary responsibility for cybersecurity. The name of the Information Security Lead is being withheld as this information is exempt by virtue of the Section 40(2) of the Freedom of Information Act.

    6. Names of all cyber security vendor(s) you use

      This information is being withheld as it falls within Section 31(1)(a) of the Freedom of Information Act. In applying this exemption, we have had to balance the public interest in withholding the information against the public interest in disclosing the information. The attached annex to this letter sets out the exemption in full, as well as the factors the Authority considered when deciding that in all the circumstances of the case, the public interest in maintaining the exemption outweighs the public interest in disclosing the information.

    7. Cost, duration and end date for the above contract(s)/license(s)

      This information is being withheld as it falls within Section 31(1)(a) of the Freedom of Information Act. In applying this exemption, we have had to balance the public interest in withholding the information against the public interest in disclosing the information. The attached annex to this letter sets out the exemption in full, as well as the factors the Authority considered when deciding that in all the circumstances of the case, the public interest in maintaining the exemption outweighs the public interest in disclosing the information.

  2. How far are you in your cloud strategy?

    F The Authority has started to integrate its cloud strategy.

    1. Not considering Cloud for the foreseeable future
    2. Interested in Cloud, but have not started looking into it
    3. Research Stage
    4. Meeting with Suppliers
    5. Consultancy
    6. Started to integrate
    7. Fully integrated
  3. Which public cloud provider do you use?

    Microsoft and AWS.

  4. Which IT services do you outsource? When do the contracts end?

    The NHS Counter Fraud Authority are included under a Memorandum of Understanding with the NHS Business Services Authority. The NHSCFA does not own the contracts.

    This information is therefore, not held by NHSCFA.

  5. Please also name all of the IT re-sellers that you work with and buy from, as well as the frameworks utilised.

    Boxxe, CCS, Switchshop, STfour, Trustmarque, Bytes.

  6. Are you actively moving any applications/infrastructure into a cloud environment? If so who is responsible for this?

    Yes. This is outsourced under a memorandum of understanding (refer (4)).

  7. What is the total number of IT staff employed by the organization: Please list and provide contact details for the IT senior management team including CIO, IT Director and Infrastructure Architects if applicable.

    The total number of IT staff employed by NHSCFA is 21.

    Any communication with the IT management team should be sent to generalenquries@nhscfa.gov.uk

Help us improve cfa.nhs.uk

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.

Close

Thanks for the feedback!

Close