Request
1. Telephony and UC/ Collaboration
a. Please confirm the manufacturer of your telephony system(s) that are currently in place
b. When is your contract renewal date?
c. Who maintains your telephony system(s)?
d. Do you use Unified Communications or Collaboration tools , if so which ones?
2. Microsoft
a) What Microsoft 365 licence do you have across the business e.g. E3, E5
b) Which partner looks after your Microsoft tenant?
c) Where do you host your applications? Do you have on-premise infrastructure or do you host your applications in public or private cloud? Which?
3. Storage
a. Does your organisation use on-premise or cloud storage or both?
b. Please confirm the on-premise hardware manufacturer
c. Please confirm your cloud storage provider
d. What is your annual spend on cloud storage?
e. How do you back up your data and with who e.g. Backup as a Service
Outcome
Some information provided.
Response
1. Telephony and UC/Collaboration
a. Please confirm the manufacturer of your telephony system(s) that are currently in place
Disclosing software and hardware brands and suppliers may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.
b. When is your contract renewal date?
Qtr 4 FY 2023-2024.
Information regarding specific start and end dates is exempt under section 31 (1) (a) of the FOI Act.
c. Who maintains your telephony system(s)?
Avoira Limited.
d. Do you use Unified Communications or Collaboration tools, if so which ones?
Disclosing software and hardware brands, suppliers and details of our infrastructure may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.
2. Microsoft
a) What Microsoft 365 licence do you have across the business e.g. E3, E5
Disclosing software and hardware brands and suppliers may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.
b) Which partner looks after your Microsoft tenant?
Disclosing software and hardware brands and suppliers may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.
c) Where do you host your applications? Do you have on-premise infrastructure or do you host your applications in public or private cloud? Which?
Disclosing software, hardware, suppliers and details of our infrastructure may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.
3. Storage
a. Does your organisation use on-premise or cloud storage or both?
Both.
b. Please confirm the on-premise hardware manufacturer
Disclosing software and hardware brands and suppliers may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.
c. Please confirm your cloud storage provider
Disclosing software and hardware brands and suppliers may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.
d. What is your annual spend on cloud storage?
Approximately £300,000.
e. How do you back up your data and with who e.g. Backup as a Service
Disclosing software, hardware, suppliers and details of our infrastructure may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.
Explanatory annex
Exemptions applied
Section 31: Law Enforcement
We are unable to provide you with information regarding contract dates, software/hardware brands, suppliers and details of our infrastructure because this information is exempt from disclosure under section 31(1) (a) of the FOI Act. Section 31(1) (a) exempts information if its disclosure would or would be likely to prejudice the prevention or detection of crime.
Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.
The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31(1)(a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government cyber security. However, release of this information would make The National Archives more vulnerable to crime. The crime in question here would be a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer system more vulnerable to hacking. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion.
Further guidance on section 31 can be found here: https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf