Gov Data security

[spanna]

http://www.manxradio.com/news/isle-of-man-news/government-aims-to-be-fully-compliant/

So the Gov claims they will be fully compliant with the Data security regulations coming in yet last year happily dumped off the only two Island-based computer service providers with ISO27001 (Information security management) for two companies who not only don't have any data security policy/procedures but don't even have ISO9001 (Quality management).

Basically the government thought the public's data and personal information is not worth the same as saving them a bit of money on the Computer service tenders.  Lovely.

 

[woolley]

I find it's generally the way with govt. Whatever they tell you in meetings, whatever they promise in policy releases, when it comes to the crunch they will just say that the gold standard is certainly aspirational, but this time we'll go with the lowest bidder, thanks. Of course, it doesn't always end well.

[craggy_steve]

2 hours ago, spanna said:

http://www.manxradio.com/news/isle-of-man-news/government-aims-to-be-fully-compliant/

So the Gov claims they will be fully compliant with the Data security regulations coming in yet last year happily dumped off the only two Island-based computer service providers with ISO27001 (Information security management) for two companies who not only don't have any data security policy/procedures but don't even have ISO9001 (Quality management).

Basically the government thought the public's data and personal information is not worth the same as saving them a bit of money on the Computer service tenders.  Lovely.

 

There are far more than two IoM computer service providers with 27001 so which two are you referring to as being dumped, and which two have replaced them? I'm assuming you mean for a specific type of service?

[P.K.]

5 hours ago, woolley said:

I find it's generally the way with govt. Whatever they tell you in meetings, whatever they promise in policy releases, when it comes to the crunch they will just say that the gold standard is certainly aspirational, but this time we'll go with the lowest bidder, thanks. Of course, it doesn't always end well.

Unfortunately they go with the lowest bidder whether it represents value for money or not. But then who would know....?

[gettafa]

• If there is a data leak then the Department Head will lose their job and so will the Minister.

Will work nicely.

Instead, do it the 'manx' way, a bit wishy-washy, more laissez-faire, rather clueless but of course very swaggery and superficially robust:

• If there is a data leak then the Department Head will lose their job and so will the Minister  lessons will be learned.

[Non-Believer]

31 minutes ago, gettafa said:

• If there is a data leak then the Department Head will lose their job and so will the Minister.

Will work nicely.

Instead, do it the 'manx' way, a bit wishy-washy, more laissez-faire, rather clueless but of course very swaggery and superficially robust:

• If there is a data leak then the Department Head will lose their job and so will the Minister  lessons will be learned.

Completely sums up the spineless, back-covering, self-preservation attitude that exists throughout both central and local Govt on IoM. Believe me, I see it on a daily basis.

"Lessons will be learned". No, they're not, because the real mantra is, "We always look forward and never look back". And we've even heard that in Tynwald (Eddie L.).

Which conveniently forgets and deliberately overlooks what's gone wrong before. Regardless of total incompetence and lack of qualification. Regardless of total lack of management ability. Regardless of being in post because of being a "mate" or politically convenient.

And it doesn't matter because the tax/ratepayer is paying through the nose for it every time. And those tax/ratepayers have little redress.

Because it's not the elected being discussed in this post. It's the unelected CS career empire at all levels. Central and LA. The money supply (Joe Public) is being taken for a ride. And knows nothing about it except being continually asked for more money to pay for it.

[CharlieBrown]

Hey these guys provide employment for the mentally ill, they are the good guys leave them alone!

 

[Neil Down]

9 hours ago, CharlieBrown said:

Hey these guys provide employment for the mentally ill, they are the good guys leave them alone!

 

They employ you then...

[spanna]

22 hours ago, craggy_steve said:

There are far more than two IoM computer service providers with 27001 so which two are you referring to as being dumped, and which two have replaced them? I'm assuming you mean for a specific type of service?

Typhoon house and Skanco business systems.  They did the printers and desktop support.  The government went with Argon and It works.   Neither had any ISO standards.  Yet both 9001 and 27001 was a requirement for the gov tender. 

It seems if you quote low enough the Gov will ditch off any requirement especially any that are in place to protect the publics information and data.  

[craggy_steve]

@spanna Agreed, it seems pointless to specify requirements in a tender and then go to suppliers who don't appear to meet the specs. The problem, from past experience, is that most Gov't tender scoring is heavily weighted to favour price so if a factor is scored instead of being a mandatory go/no qualifier then lowest price will almost always trump quality.

[Albert Tatlock]

Security. Shocking.

[mannin]

On 27/03/2018 at 5:02 PM, spanna said:

http://www.manxradio.com/news/isle-of-man-news/government-aims-to-be-fully-compliant/

So the Gov claims they will be fully compliant with the Data security regulations coming in yet last year happily dumped off the only two Island-based computer service providers with ISO27001 (Information security management) 

I'm not sure that statement is correct. 

I think that other computer service providers have 27001 and 9001 a quick bit of Googleing tells me that Manx technology group and wimanx (not sure if wimanx qualify as computer service company even with their current radio ads) have 27001 and 9001. I think that synapse have some iso certs. 

I could poke at Google for longer to check on other companies but it's getting pretty late. 

Are you sure about argon and IT works?

[Yin & Yang]

On 27/03/2018 at 5:13 PM, woolley said:

I find it's generally the way with govt. Whatever they tell you in meetings, whatever they promise in policy releases, when it comes to the crunch they will just say that the gold standard is certainly aspirational, but this time we'll go with the lowest bidder, thanks. Of course, it doesn't always end well.

Unfortunately this is so true! Unfortunately the cheapest at something important is better than an approved company. 

[spanna]

On 29/03/2018 at 12:39 AM, mannin said:

I'm not sure that statement is correct. 

I think that other computer service providers have 27001 and 9001 a quick bit of Googleing tells me that Manx technology group and wimanx (not sure if wimanx qualify as computer service company even with their current radio ads) have 27001 and 9001. I think that synapse have some iso certs. 

I could poke at Google for longer to check on other companies but it's getting pretty late. 

Are you sure about argon and IT works?

Ah yes just seen MTG got it in Nov last year.    They provide server support for the Manx gov so at least that's something for Publics data security.

As for Argon and IT works, they definitely dont and from hearing things on the grapevine they haven't got a hope in hell of getting anywhere near them.

 

[Albert Tatlock]

Like a corporate piece of paper will make a huge difference. One bad apple even in a secured barrel can still turn things sour.

Just look at the release of the latest leak, the paradise papers.