1. Does your organisation adhere to the Network Security guidance outlined by the National Cyber Security Centre, within its ’10 Steps to Cyber Security’?

The Trust does hold this information; however we are withholding it under Section 31 (3) of The Freedom of Information Act as the disclosure could prejudice the prevention or detection of (cyber) crime. There is therefore significant public interest in not providing this information.

2. Do you ensure that security patches for critical vulnerabilities are routinely patched within 14 days, as recommended by the National Cyber Security Centre?

o Yes

3. Have you suffered from any service outages on your network in the last two years, however small?

o Yes

4. Did any of these outages cause a loss, reduction or impairment to your organisation’s delivery of essential services?

o Yes

5. Was the root cause of the service outage identified and confirmed – at the time or afterwards?

o Yes

6. Is it possible that any service outages you have suffered in the last two years was caused by a cyber attack – such as ransomware, DDoS attack, or malware?

o Yes

7. Are you aware that Distributed Denial of Service (DDoS) attacks are a significant contribution to service interruptions, outages and downtime?

o Yes