ICT documentation

FOI request reference: CAS-84257-D7Y1L3
Publication date: March 2022

Request

The ICT documents I require are the most recent update (2021 onwards documents). I wish to obtain the following documents:

1. ICT/IM&T/IS Strategy – The IT department strategy or plans, highlights their current and future objectives.
2. ICT Org Chart – A visual document that presents the structure of the IT department, please include name and job titles. If this cannot be sent, please work towards a structure with job titles.
3. ICT Annual or Business Plan – Like the ICT strategy but is more annually focused.
4. ICT Capital Programme/budget – A document that shows financials budget on current and future projects.

If some of these documents are not valid, please state when the 2021 ICT documents are planned to be published.

Outcome

Some information provided.

Response

1. ICT/IM&T/IS Strategy – The IT department strategy or plans, highlights their current and future objectives.

Please see attachment A, which contains the current IT Strategic Plan and annual business objectives.
Disclosing details about our systems and plans may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act and, therefore, some information contained in the IT Strategy document has been redacted.

2. ICT Org Chart – A visual document that presents the structure of the IT department, please include name and job titles. If this cannot be sent, please work towards a structure with job titles.

We are unable to provide you with this information because it would identify junior members of staff and as such is exempt from release under section 40(2) of the FOI Act.
It is standard practice to withhold the names of officials below Senior Civil Service level. However, to aid transparency of how our organisation is structured and run, TNA publishes the names of senior staff members (down to the level of Heads of Department) on our website. TNA’s organisational chart can be found here on our website
We do not hold a document of the current IT organisation with only job titles.

3. ICT Annual or Business Plan – Like the ICT strategy but is more annually focused.

Annual objectives and plans are contained in the attached Strategic Plan (attachment A).

4. ICT Capital Programme/budget – A document that shows financials budget on current and future projects.

Attachment B is an extract of the current IT Operations capital IT projects budget for 2021-2022. Future IT capital budgets are not yet available.
Disclosing details about our systems and services may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act and, therefore, some information contained in the IT capital projects extract document has been redacted.

EXPLANATORY ANNEX

Exemptions applied.
Section 40(2): Personal information where the applicant is not the data subject
Data Protection Legislation prevents personal information from release if it would be unfair or at odds with the reason why it was collected, or where the subject had officially served notice that releasing it would cause them damage or distress.
In this case the exemption applies because this information represents the personal information of a junior member of staff at The National Archives.
Publishing the names and contact details of junior members of staff is considered an unfair use of personal data. Junior members of staff would have no expectation that information about their positions would be made available in the public domain; to do so would be unfair and contravene Art. 5 of the General Data Protection Regulation. As such, the names, positions and contact details of junior officials are withheld under section 40 (2) of the FOI Act.

Further guidance can be found at:
s40 Personal_information_(section_40_and_regulation_13)_version2.3 (ico.org.uk).

Section 31: Law enforcement
We are unable to provide you with information regarding software brands and specific contract start/end dates because this information is exempt from disclosure under section 31(1)(a) of the FOI Act. Section 31(1)(a) exempts information if its disclosure would or would be likely to prejudice the prevention or detection of crime.

Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.

The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31(1)(a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government cyber security. However, release of this information would make The National Archives more vulnerable to crime. The crime in question here would be a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer system more vulnerable to hacking. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion.
Further guidance on section 31 can be found here:
https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf.