1. Can you also supply me a copy of the following policies :
a) IT Disaster Recovery Plan (e.g. DR plan, backup) This information is Commercially sensitive and we therefore we are not able to provide this under section 43
b) IT Incident Response Plan (e.g. Cyber Attack, DDOS, Ransomeware) This information is Commercially sensitive and we therefore we are not able to provide this under section 43
c) Clean desk policy Please see attached Clean Desk Policy
d) Access control policy (Access to business applications or network resources)

2. Please details:
a) Current measures in place to protect confidential information Access to IT Systems to prevented by default, and only enabled if requested and approved by the Information Asset or System Owner
b) How you monitor staff access to business applications in your Council and ensure staff have a right of access Microsoft Active Directory used to manage accounts and access of those accounts
c) How you implement and carry out checks to ensure staff are adhering to your clean desk policy Visual inspections only are carried out daily as part of the Building Support Officers duties
d) Please forward any communications to staff regarding your Clean Desk policy Please see attached files for a copy of the most recent communications to staff.