- Your service
- GDPR/Data Protection
- Freedom of Information
- Disclosure Log
- 2026 - FOI Requests
- FOI Request 2278 - Cybe...
Under the Freedom of Information Act 2000, please provide the following information for the period 1 January 2023 - 31 December 2024:
1. The number of occasions on which cyber or information security risks appeared on the agenda of your governing body (or equivalent oversight body).
2. The name(s) of any committee(s) or board(s) with formal responsibility for cyber or information security oversight.
3. Whether documented criterial exist for escalating significant cyber incidents to the governing body or senior leadership (yes/no; if yes, please provide or summarise).
4. The number of governing body members (or equivalent) who completed cyber or information security training during this period, and the total number of members in that body.
5. Whether an independent assessment of your cyber security arrangements (e.g. internal audit, external review, or third-party assessment) was reported to the governing body during this period (yes/no; if yes, please state the type of assessment).
Please note, no technical details, vulnerabilities, or sensitive operational information are requested. If this information is readily available, broken down by year, please provide it; otherwise, an aggregate figure for the period is sufficient.
Please see our response below to your Freedom of Information Request.
1. The number of occasions on which cyber or information security risks appeared on the agenda of your governing body (or equivalent oversight body).
Security and Information Risks are standard items on the Agenda at Information Board.
2. The name(s) of any committee(s) or board(s) with formal responsibility for cyber or information security oversight.
Information Board.
3. Whether documented criterial exist for escalating significant cyber incidents to the governing body or senior leadership (yes/no; if yes, please provide or summarise).
Yes - the Joint Services Security Incident Management Policy documents how security incidents should be managed and escalated if required.
4. The number of governing body members (or equivalent) who completed cyber or information security training during this period, and the total number of members in that body.
Monthly cyber security training was introduced in September 2023. All staff are required to complete the monthly training exercises they are sent. The 6 key attendees of Information Board have completed all of their allocated monthly training courses.
5. Whether an independent assessment of your cyber security arrangements (e.g. internal audit, external review, or third-party assessment) was reported to the governing body during this period (yes/no; if yes, please state the type of assessment).
Yes - an independent IT Health Check is undertaken annually by a CHECK registered company.
Outcome - Information Provided
FOI responded to within timescales: YES
Further action: NO
Last updated: Thursday, 5 February 2026