1. How often do you scan your websites and web applications for vulnerabilities?
2. Please could you share details on the number and type of vulnerabilities discovered in your last 10 scans?
3. Have you remediated all the identified vulnerabilities?
4. Have you remediated the vulnerabilities in apps that manage personal identifiable information or healthcare records?
5. Please could you specify how long it took you to remediate each of the vulnerabilities listed in question 2?
The Royal Surrey County Hospital NHS Foundation Trust is withholding the requested information under exemption Section 24 (1) – National Security of the Freedom of Information Act. Section 24 is a qualified exemption and the Trust is required to assess as objectively as possible whether the balance of public interest favours disclosing or withholding the information. The Trust acknowledges that there is a general public interest in disclosure. However, the view of the Trust that Section 24 exemption pertains to the above questions is based on the judgement that by providing the specific information requested would not only highlight the Trust’s policy relating to website security scanning but would also provide information which could be used to exploit any vulnerabilities which could potentially endanger national security.