The National Archives’ ICT devices and software

FOI request reference: CAS-130013-R0M9J1
Publication date: July 2023

Request

1. Can you please list the number of devices deployed by your organisation for the following?
2. Does your organisation have plans to procure any of the below services. If yes, please provide the estimated/total cost and duration of the following platforms as a Service: Cloud Computing, Software as a service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Anything as a Service (Xaas)
3. Does your organisation have any plans to procure the below services. If yes, please provide the estimated/total cost and duration of the following: a. Network Security, b. Cloud Security, c. Endpoint Security, d. Mobile Security, e. IoT Security and f. Application Security
4. Does your organisation have any plans to procure below services. If yes, please provide the estimated/total cost and duration of the following services: Data and Analytics, AI and Automation, and Digital Transformation

Outcome

Some information provided.

Response

1. Can you please list the number of devices deployed by your organisation for the following?

We have the following number of devices deployed:

Device Type Number of devices
Desktop PCs 132
Laptops 664
Mobile Phones 118
Printers 19
Multi Functional Devices (MFDs) 20
Tablets 208
Physical Servers 162
Storage Devices (for example: NAS, SAN) 31
Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points) 349
Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools) This information is exempt under Section 31(1)(a)(19) of the act.

2. Does your organisation have plans to procure any of the below services?

We do not hold any information for future procurement plans.

3. Does your organisation have any plans to procure the below services?

Plans exist for the replacement of some software applications.
We do not hold information about the cost or duration of future plans.
Disclosing software brands may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.

4. Does your organisation have any plans to procure below services?

We do not hold information about any further plans.

Explanatory Annexe

Exemptions applied

Section 31: Law Enforcement

We are unable to provide you with information regarding software brands because this information is exempt from disclosure under section 31(1) (a) of the FOI Act. Section 31(1) (a) exempts information if its disclosure would or would be likely to prejudice the prevention or detection of crime.

Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.

The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31(1)(a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government cyber security. However, release of this information would make The National Archives more vulnerable to crime. The crime in question here would be a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer system more vulnerable to hacking. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion.

Further guidance on section 31 can be found here:

Law Enforcement (section 31)