IT contracts at The National Archives

FOI request reference: F0049763
Publication date: August 2017

Request

I would like to submit a Freedom of Information Request relating to specific ICT contract(s) for Server Hardware Maintenance, Server Virtualisation Licenses and Maintenance and Storage Area Network (SAN) Maintenance/Support which may include:

A. Server Hardware Maintenance- contracts relating to the support and maintenance of the organisation’s physical servers.
B. Virtualisation Licensing (VMware, Solaris, Unix, Linux, Windows Server)
C. Virtualisation Maintenance/Support (VMware, Solaris, Unix, Linux, Windows Server)
D. Storage Area Network Maintenance/Support (EMC, NetApp etc.)

For each of the types of server ICT contracts above can you please send me the following data types:

1. Contract Title: Please provide me with the contract title.
2. Contract Type: Please can you provide me with one or more contract types the contract relate to: Server Hardware, Virtualisation, SAN (Storage Area Network)
3. Existing/Current Supplier: Please provide me with the supplier name for each contract.
4. Hardware Brand:  Please state the hardware brand of the servers related to the contract with supplier e.g. Hardware Maintenance could be Dell, IBM etc.
5. Operating System / Software (Platform): (Windows, Linux, Unix, Vsphere, AIX, Solaris etc.) *Please state the operating system used by the organisation.
6. Annual Average Spend: Please provide me with the annual average spend for this contract?
7. Contract Duration: (Please can you also include notes if the contract includes any contract extension periods.)
8. Contract Expiry Date: Please can you provide me with the date of when the contract expires.
9. Contract Review Date: (An approximate date of when the organisation is planning to review this particular contract.)
10. Purchase of Servers: Could you please provide me with the month and year in which most/bulk of servers where purchased.
11. Number of Physical Server: Please can you provide me with the number of physical servers.
12. Number of Virtual Servers: Please can you provide me with the number of Virtual servers.
13. Brief Contract Description: I require a brief description of the service provided under this contract. Please don’t just put maintenance I need at least a sentence.
14. Internal Contact: (The person from within the organisation that is responsible for reviewing and renewing this particular contract. Please include their full name, job title, direct contact number and direct email address.)

If there is more than one supplier for these contract can you, please split the contract individually for each supplier. So the information above which I am requesting is for each supplier.

If this service is part of a managed contract please can you send me the contract information for this managed service including Hardware Brand, Number of Users, Operating System, and contact details of the internal contact responsible for this contract?

Outcome

Partially successful

Response

I can confirm that The National Archives holds information relevant to your request. We are pleased to be able to provide you with some of this information in the attached spreadsheet and below.

Unfortunately we are unable to provide you with all of the information you have requested as some information is exempt under sections 31 (1) (a) and 40 (2) of the FOI Act. For detailed information about why these exemptions have been applied, please see the Explanatory Annex at the end of this email.

Q.4 Hardware Brand:  Please state the hardware brand of the servers related to the contract with supplier e.g. Hardware Maintenance could be Dell, IBM etc.

Q.8 Contract Expiry Date: Please can you provide me with the date of when the contract expires.

All information regarding hardware brands and specific expiry dates for contracts is exempt under section 31 (1) (a) of the FOI Act. This exempts information if its disclosure is likely to prejudice the prevention or detection of crime. Release of this information would make The National Archives more vulnerable to crime; namely, a malicious attack on The National Archives’ computer systems. However in order to be as open as possible, we have provided the quarter within the financial year that the contracts expire (see spreadsheet attached).

Q.10 Purchase of Servers: Could you please provide me with the month and year in which most/bulk of servers where purchased.

We do not hold this information.

Q.11 Number of Physical Server: Please can you provide me with the number of physical servers.

Number of physical severs: 141

Q.12 Number of Virtual Servers: Please can you provide me with the number of Virtual servers.

Number of virtual servers: 270

Q.14 Internal Contact: (The person from within the organisation that is responsible for reviewing and renewing this particular contract. Please include their full name, job title, direct contact number and direct email address.)

We are unable to provide you with this information because it would identify a junior member of staff and as such is exempt from release under section 40 (2) (Personal Data) of the FOI Act. However, we have applied the general principle that members of staff at Head of Department level and above are sufficiently senior for their names and/or job titles to already be in the public domain and are therefore not exempt from release.

The Head of IT Operations at The National Archives is Julian Muller, who is responsible for contracts 1 to 5. The Head of Digital Archiving Infrastructure is Diana Newton, who is responsible for the contracts 6 to 9.

The National Archives’ full contact options can be found on our website here: http://apps.nationalarchives.gov.uk/contact/

Explanatory Annex

Exemptions applied

Section 40 (2): Personal Information where the applicant is not the data subject

Section 40 exempts personal information about a ‘third party’ (someone other than the requester), if revealing it would breach the terms of the Data Protection Act (DPA) 1998. The DPA prevents personal information from release if it would be unfair or at odds with the reason why it was collected, or where the subject had officially served notice that releasing it would cause them damage or distress.

Publishing the names and contact details of junior members of staff is considered an unfair use of personal data. Junior members of staff would have no expectation that information about their positions would be made available in the public domain; to do so would be unfair and contravene the first data protection principle of the DPA. As such, the names, positions and contact details of junior officials are withheld under section 40 (2) of the FOI Act.

Further guidance about the publication of junior staff names can be found here: https://ico.org.uk/media/for-organisations/documents/1187/section_40_requests_for_personal_data_about_employees.pdf

Further guidance about the section 40 exemption, please see the following guidance: http://ico.org.uk/for_organisations/guidance_index/~/media/documents/library/Freedom_of_Information/Detailed_specialist_guides/personal-information-section-40-and-regulation-13-foia-and-eir-guidance.pdf

Section 31: Law Enforcement

We are unable to provide you with specific hardware brands and details of expiry dates for these contracts because this information is exempt from disclosure under section 31 (1) (a) of the FOI Act. Section 31 (1) (a) exempts information if its disclosure is likely to prejudice the prevention or detection of crime.

Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.

The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31 (1) (a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government procedure and contracts. However, release of this information would make The National Archives more vulnerable to crime. The crime in question here would be a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer system more vulnerable to hacking at a given time. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion.

Further guidance on section 31 can be found here: https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf

Attachment: http://www.nationalarchives.gov.uk/documents/F0049763-it-contracts-attachment.xls