NDIS - Salesforce Security Vulnerability Assurance (Log4j2)

Lesley made this Freedom of Information request to National Disability Insurance Agency

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was partially successful.

Dear National Disability Insurance Agency,

Please provide a copy of the Salesforce cybersecurity assurance that confirms NDIS data, privacy and information has not been compromised, affected or is at risk due to the Log4j2 Security Flaw

Apparently Salesforce's services and systems have been impacted by the Log4j2 Security Flaw:
https://www.salesforceben.com/salesforce...

And Salesforce appears to be a big part of the NDIS's customer relationship services and technology support:
https://www.righttoknow.org.au/request/d...
https://www.righttoknow.org.au/request/n...

Yours faithfully,

Lesley

foi, National Disability Insurance Agency

Hello and thank you for writing to the FOI inbox.

 

Please be advised that during the upcoming holiday period, the NDIA
offices will be closed from Friday 24 December 2021 until Tuesday 4
January 2022.

 

As such, if you make an FOI request that falls due during this period, we
will be unable to process it by the relevant deadline. Our FOI officers
will be in touch to discuss a short extension of time with you to allow
for processing as quickly as possible.

 

If we receive an FOI request from you during the period of shut down,
noted above, our staff will not be able to commence processing the matter
or respond to any queries until Tuesday 4 January 2022.

 

If you are requesting your personal documents only, please consider
submitting your request through [1][email address] or
through our [2]Participant Information Access (PIA) web-form.

 

Kind regards 

 

NDIA FOI Team
Email: [3][email address]

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. mailto:[email address]
2. https://aus01.safelinks.protection.outlo...
3. mailto:[email address]

hide quoted sections

foi, National Disability Insurance Agency

1 Attachment

Dear Lesley

 

Freedom of Information request - Acknowledgement

 

Thank you for your request of 21 December 2021, under the Freedom of
Information Act 1982 (FOI Act) for copies of documents held by the
National Disability Insurance Agency (NDIA).

 

Scope of your request

You have requested access to the following documents about the National
Disability Insurance Scheme (NDIS):

 

“Please provide a copy of the Salesforce cybersecurity assurance that
confirms NDIS data, privacy and information has not been compromised,
affected or is at risk due to the Log4j2 Security Flaw”

 

Unless you advise otherwise, we will take it that you agree to the names
and contact details of NDIA staff being excluded from the scope of your
request (that is, the information will be treated as irrelevant).

 

Processing timeframes

A 30-day statutory period for processing your request commenced from 22
December 2021, in accordance with section 15(2A)(c) of the FOI Act.

 

Due to the NDIA’s reduced activity period between Christmas and New Year
and the impact of the evolving COVID-19 situation affecting our agency
operations, we are seeking your agreement to extend the processing time by
an additional 14 days under section 15AA of the FOI Act. If you agree to
this extension, you can expect to receive a decision from us on or before
9 February 2022.

If you do not agree to the proposed extension of time, or you do not
provide a response to our request, we may need to seek an extension of
time with the Information Commissioner under section 15AB of the FOI Act.
Therefore, we ask that you please provide a response by 10 January 2022.

Charges

We may apply a processing charge to your request and will advise you if a
charge is payable as soon as practicable. We will not apply charges if you
are requesting your own personal information.

 

Disclosure Log

Please note that information released under the FOI Act may be published
on the Agency’s disclosure log located on our website, subject to certain
exceptions.

 

If you wish to raise any concerns about the publication of information
concerning your request, please contact us.

 

Further assistance

Should you have any queries about this matter, please do not hesitate to
contact us via email at [1][NDIA request email]

 

We will contact you using the email address you provided. Please advise if
you would prefer us to use an alternative means of contact.

 

Kind Regards

 

Freedom of Information Officer

Parliamentary, Ministerial & FOI Branch

Government Division

National Disability Insurance Agency

E: [2][NDIA request email]

 

 [3]Title: NDIS delivered by the National Disability Insurance Agency

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging. 

 

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]

hide quoted sections

Dear foi,

Apologies, I was unaware of any artificial modification of FOI timelines such as elective 'down time' chosen by a Commonwealth Agency over the legislative requirements.

I eagerly await a response to my FOI request. I believe the Log4j2 threat has only grown and expanded since I made the FOI request.

Yours sincerely,

Lesley

Shelley Napper,

6 Attachments

Dear Applicant and FOI Contact Officer

 

Please see attached decision regarding the National Disability Insurance
Agency’s application for an extension of time to process FOI request FOI
21/22-0740.

 

Kind regards

 

[1][IMG]   Shelley Napper  |  Assistant
Director

Investigations and Compliance

Freedom of Information
Regulatory Group

Office of the Australian
Information Commissioner

GPO Box 5218 Sydney NSW 2001  |
 [2]oaic.gov.au

+61 2 9284 9721  | 
[3][email address]
[7]Subscribe [8]Subscribe to
[4]Facebook | [5]LinkedIn | [6]Twitter |   icon Information
Matters

 

 

***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************

References

Visible links
1. https://www.oaic.gov.au/
2. http://www.oaic.gov.au/
3. mailto:[email address]
4. http://www.facebook.com/OAICgov
5. https://www.linkedin.com/company/office-...
6. https://twitter.com/OAICgov
8. https://www.oaic.gov.au/updates/sign-up/

hide quoted sections

National Disability Insurance Agency

2 Attachments

  • Attachment

    attachment.delivery status

    0K Download

  • Attachment

    Re FOI 21 22 0740 Communication Acknowledgement Response Required SEC OFFICIAL.txt

    4K Download View as HTML

This is the mail system at host righttoknow.org.au.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<[NDIA request email]>: Host or domain name not found. Name service error for
name=ndis.gov.au type=MX: Host not found, try again

Dear National Disability Insurance Agency,

Thank you for the update and notification of your extended holidays. I look forward to receiving the requested information in the next few days, by 9 Feb 22

Yours faithfully,

Lesley

foi, National Disability Insurance Agency

Hello and thank you for writing to the FOI inbox.

 

Please be advised that during the upcoming holiday period, the NDIA
offices will be closed from Friday 24 December 2021 until Tuesday 4
January 2022.

 

As such, if you make an FOI request that falls due during this period, we
will be unable to process it by the relevant deadline. Our FOI officers
will be in touch to discuss a short extension of time with you to allow
for processing as quickly as possible.

 

If we receive an FOI request from you during the period of shut down,
noted above, our staff will not be able to commence processing the matter
or respond to any queries until Tuesday 4 January 2022.

 

If you are requesting your personal documents only, please consider
submitting your request through [1][email address] or
through our [2]Participant Information Access (PIA) web-form.

 

Kind regards 

 

NDIA FOI Team
Email: [3][email address]

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. mailto:[email address]
2. https://aus01.safelinks.protection.outlo...
3. mailto:[email address]

hide quoted sections

Shelley Napper,

5 Attachments

Our reference: RQ22/00505

Agency reference: FOI 21/22-0740

Lesley

Sent by email: [FOI #8219 email]

Extension of time application by National Disability Insurance Agency

Dear Lesley

I write to advise that on 8 February 2022 the Office of the Australian
Information Commissioner (the OAIC) received an application from National
Disability Insurance Agency (NDIA) for an extension of time, to process
your FOI request of 21 December 2021.

 

NDIA has applied for an extension of time under s 15AB of the Freedom of
Information Act 1982 (Cth) because your request is considered to be
complex.

 

NDIA has advised the OAIC that:

o the NDIA has previously been granted an extension of time of 14 days
until 9 February 2022 (RQ22/00285)
o the processing of the matter was affected by staffing resources due to
COVID and the holiday period shutdown
o the processing of the request has also been impacted by the relevant
officer having to obtain clearance to access a database which is only
accessible within the office (as opposed to remotely). This was
further impacted by the office having been subject to COVID issues.

NDIA has requested an extension to 25 February 2022. The decision maker
will take any comments you may have to make into account when deciding the
application.

 

Please respond to this email by close of business 14 February 2022. If I
do not hear from you by this date, the decision maker will make a decision
on the basis of the information provided to me by the NDIA.

 

You will be notified of the decision once the matter has been finalised.

 

Further information about extension of time requests may be found on our
website at [1]Extensions of time.

Contact

If you have any questions regarding this email please contact me on 02
9284 9721 or via email [email address]. Please quote OAIC
reference: RQ22/00505 in all correspondence.

 

Kind regards

 

[2][IMG]   Shelley Napper  |  Assistant
Director

Investigations and Compliance

Freedom of Information
Regulatory Group

Office of the Australian
Information Commissioner

GPO Box 5218 Sydney NSW 2001  |
 [3]oaic.gov.au

+61 2 9284 9721  | 
[4][email address]
[8]Subscribe [9]Subscribe to
[5]Facebook | [6]LinkedIn | [7]Twitter |   icon Information
Matters

 

 

***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************

References

Visible links
1. https://www.oaic.gov.au/freedom-of-infor...
2. https://www.oaic.gov.au/
3. http://www.oaic.gov.au/
4. mailto:[email address]
5. http://www.facebook.com/OAICgov
6. https://www.linkedin.com/company/office-...
7. https://twitter.com/OAICgov
9. https://www.oaic.gov.au/updates/sign-up/

hide quoted sections

Jasmin Clarke,

6 Attachments

Our reference: RQ22/00505

Agency reference: FOI 21/22-0740

Lesley

By email: [1][FOI #8219 email]

Notification to: [2][NDIA request email]

Extension of time under s 15AB

Dear Applicant and FOI Contact Officer

 

Please see attached a decision regarding the National Disability Insurance
Agency’s application for an extension of time to process FOI request FOI
21/22-0740.

 

Sincerely

 

[3][IMG]   Jasmin Clarke  |  Assistant
Review and Investigation
Advisor

Investigations and Compliance

Freedom of information
Regulatory Group

Office of the Australian
Information Commissioner

GPO Box 5218 Sydney NSW 2001  |
 [4]oaic.gov.au

+61 2 9284 9847  | 
[5][email address]
[9]Subscribe [10]Subscribe to
[6]Facebook | [7]LinkedIn | [8]Twitter |   icon Information
Matters

 

 

***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************

References

Visible links
1. mailto:[FOI #8219 email]
2. mailto:[NDIA request email]
3. https://www.oaic.gov.au/
4. http://www.oaic.gov.au/
5. mailto:[email address]
6. http://www.facebook.com/OAICgov
7. https://www.linkedin.com/company/office-...
8. https://twitter.com/OAICgov
10. https://www.oaic.gov.au/media-and-speech...

hide quoted sections

foi, National Disability Insurance Agency

2 Attachments

Dear Lesley

 

Thank you for your request for information.

 

Please find attached correspondence in relation to your request.  If you
require this in a different format, please let us know.

 

Please contact us at [1][NDIA request email] if you have any questions or
require help.

 

Thank you.

 

Kind regards

 

Freedom of Information Officer
Parliamentary, Ministerial & FOI Branch

Government Division

National Disability Insurance Agency

E [2][NDIA request email]
[3]Title: NDIS delivered by the National Disability Insurance Agency

 

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging. 

 

 

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]

hide quoted sections

Dear foi,

Just recapping, my request from 21 Dec 21 has now been extended from the 30 days specified in the Freedom of Information Act 1982 (FOI Act), to 27 Mar 22? A full 4 months since the request was lodged?

I consent to the disclosure of my name with the relevant person or organisation, even though they may have not obligations or constraints to protect my privacy, such as required by a Commonwealth Government Entity such as the NDIA. Especially as they may not even be and Australian Citizen or Australian business.

What if I'm a participant within the NDIS?

Yours sincerely,

Lesley

foi, National Disability Insurance Agency

Thank you for your email to the National Disability Insurance Agency
(NDIA) Freedom of Information (FOI) team.  

 

If your email relates to an FOI application made under the Commonwealth
Freedom of Information Act 1982 (FOI Act), the Agency will respond to you
as soon as practicable. 

 

This email address is for applications under the FOI Act only. The Agency
is unable to respond to non-FOI related enquiries sent to this email
address. Any correspondence received that is not an information access
request will not be responded to or forwarded.  

 

If you are seeking to access your personal documents, please consider
submitting your request through our [1]Participant Information Access
(PIA) web-form, which will allow the matter to be processed
administratively. 

 

Should you have a query unrelated to FOI, please contact us by emailing at
[2][email address] or via webchat at [3]NDIA Web Chat (ndis.gov.au).
Alternatively you can also contact us by phoning 1800 800 110. 

 

If you have any questions about making an FOI request, or to enquire about
a current FOI request, please email us with your phone number and a
preferred time for us to call you, and an FOI Decision Maker will call you
back. 

 

Kind regards 

 

Freedom of Information team 

Parliamentary, Ministerial & FOI Branch  

Government  

National Disability Insurance Agency 

Email: [4][NDIA request email]  

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. https://aus01.safelinks.protection.outlo...
2. mailto:[email address]
3. https://aus01.safelinks.protection.outlo...
4. mailto:[NDIA request email]

hide quoted sections

foi, National Disability Insurance Agency

3 Attachments

Dear Lesley

 

Thank you for your request for information.

 

Please find attached correspondence and document in relation to your
request.  If you require these in a different format, please let us know.

 

Please contact us at [1][NDIA request email] if you have any questions or
require help.

 

Thank you

 

Kind regards

 

Freedom of Information Officer
Parliamentary, Ministerial & FOI Branch

Government Division

National Disability Insurance Agency

E [2][NDIA request email]
[3]Title: NDIS delivered by the National Disability Insurance Agency

 

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging. 

 

 

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]

hide quoted sections