Reference 2018-689

REF:           2018-689

Subject:       Application Security

 

Request:

  1. How many external (internet) facing applications does your trust have? if not known please state this rather than estimate.
  2. How many internal applications does your trust have? If not know please state this rather than estimate.
  3. Are all applications protected by Web Application Firewalls?
  4. If yes to question 3, which vendors WAF’s are in use?
  5. How often do you commission application security penetration testing (note not the same as network pen testing)?
  6. Which company provides Application Security Testing to your trust?
  7. When was the last time your main patient facing website was penetration tested?
  8. When was the last time your patient record storing application was tested?
  9. What is the annual spend on both application security and cyber security in general.

 

 

Response:

Please find information attached.

2018-689 – FOI Request – Application Security [106 kb] PDF