Last updated:
30th December 2024
See answers to previous information requests
How to search
- Select a year and/or a month from the drop down list
- Type a subject into the 'Subject keyword(s):' search (Optional)
- Click 'Search' button
Alternatively click 'View' to browse through all received requests.
This search is for our information requests from September 2020 onward.
Citizen-facing online services
See notes
This request is made under the Freedom of Information Act 2000 and relates only to citizen-facing online services (for example, housing portals, council tax accounts, or benefits portals). It does not concern internal staff systems or administrative tools. The research does involve information on detailed technical configurations for public-facing web portals. Please provide the following information/documents:
1. A copy of (or extract from) your current policy that governs user authentication for citizen-facing online services.
Wokingham Borough Council does not hold a standalone policy specifically governing user authentication for citizen facing online services.
Authentication requirements for public facing systems are managed through contractual arrangements with system suppliers, platform specific configurations, and internal IT security standards, but there is no single overarching policy document that meets the description in your request.
2. The specific password rules that apply when citizens create an account or perform a password reset. Fore example, password character minimum and maximum limits, special character enforcement.
This information is exempt under Section 31 exemption https://www.legislation.gov.uk/ukpga/2000/36/section/31
3. Whether MFA is offered or required for citizen-facing services, and, if so, what types are supported (e.g. SMS, email, or authenticator app).
MFA is used. Types supported: Section 31 exemption to the question. https://www.legislation.gov.uk/ukpga/2000/36/section/31
4. A brief description or document outlining how password resets or account recovery are handled for public users (e.g. email verification, security questions, or other processes).
Combination of system administration resets and email verification resets
5. The date these policies were last reviewed or updated, and whether the policies align with any national or international guidance (e.g. NCSC, NIST SP 800-63, or ISO 27001).
IT Policies were last reviewed and updated in July 2025, and the next review/update is scheduled to be completed by end of Feb, 2026
