CRM systems

FOI request reference: CAS-70174-D4X2F7
Publication date: September 2021

Request

The information I’m requesting is regarding the software contracts that the organisation uses, for the following fields.

Primary Customer Relationship Management Solution (CRM):
For example, Salesforce, Lagan CRM, Microsoft Dynamics; software of this nature.
1. Name of Supplier: Can you please provide me with the software provider for each contract?

2. The brand of the software: Can you please provide me with the actual name of the software. Please do not provide me with the supplier name again please provide me with the actual software name.

3. Description of the contract: Can you please provide me with detailed information about this contract and please state if upgrade, maintenance and support is included.

Please also list the software modules included in these contracts.

4. Number of Users/Licenses: What is the total number of user/licenses for this contract?

5. Annual Spend: What is the annual average spend for each contract?

6. Contract Duration: What is the duration of the contract please include any available extensions within the contract.

7. Contract Start Date: What is the start date of this contract? Please include month and year of the contract. DD-MM-YY or MM-YY.

8. Contract Expiry: What is the expiry date of this contract? Please include month and year of the contract. DD-MM-YY or MM-YY.

9. Contract Review Date: What is the review date of this contract? Please include month and year of the contract. If this cannot be provide please provide me estimates of when the contract is likely to be reviewed. DD-MM-YY or MM-YY.

10. Contact Details: I require the full contact details of the person within the organisation responsible for this particular software contract (name, job title, email, contact number).

Outcome

Some information provided.

Response

I can confirm that The National Archives holds information relevant to your request.

We are pleased to be able to provide some of this information to you.

We are unable to provide you with some of the information you have requested because it is covered by the exemption at section 31(1) (a) of the FOI Act, which exempts information if its disclosure would prejudice the prevention or detection of crime. For further information about why this exemption has been applied, please see the explanatory annex at the end of this letter.

Some of the information is also covered by the exemption at section 40 (2) of the Act. This exempts the release of personal information about a ‘third party’ (someone other than the requester), if revealing it would break the terms of Data Protection Legislation. For further information about why these exemptions have been applied, please see the explanatory annex at the end of this letter.

1. Name of Supplier: Can you please provide me with the software provider for each contract?

Microsoft.

2. The brand of the software: Can you please provide me with the actual name of the software. Please do not provide me with the supplier name again please provide me with the actual software name.

Disclosing software systems, product names, vendors and versions may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.

3. Description of the contract: Can you please provide me with detailed information about this contract and please state if upgrade, maintenance and support is included. Please also list the software modules included in these contracts.

Microsoft licence only agreement.

4. Number of Users/Licenses: What is the total number of user/licenses for this contract?

140.

5. Annual Spend: What is the annual average spend for each contract?

Average annual spend: £44,000.

6. Contract Duration: What is the duration of the contract please include any available extensions within the contract.

Three years.

7. Contract Start Date: What is the start date of this contract? Please include month and year of the contract. DD-MM-YY or MM-YY.

The contract start date is in Q3 FY 2021-2022.

Information regarding specific start and end dates is exempt under section 31(1) (a) of the FOI Act.

8. Contract Expiry: What is the expiry date of this contract? Please include month and year of the contract. DD-MM-YY or MM-YY.

The contract expiry date is in Q2 FY 2024-2025.

Information regarding specific start and end dates is exempt under section 31 (1) (a) of the FOI Act.

9. Contract Review Date: What is the review date of this contract? Please include month and year of the contract. If this cannot be provide please provide me estimates of when the contract is likely to be reviewed. DD-MM-YY or MM-YY.

We do not hold this information.

10. Contact Details: I require the full contact details of the person within the organisation responsible for this particular software contract (name, job title, email, contact number).

We are unable to provide you with this information because it would identify a junior member of staff and as such is exempt from release under section 40 (2) of the FOI Act. However, at The National Archives we apply the general principle that members of staff at Head of Department level and above are sufficiently senior for their names and/or job titles to already be in the public domain and are therefore not exempt from release.

The Head of IT Operations at The National Archives is Julian Muller.
The National Archives’ full contact options can be found on our website here:
https://www.nationalarchives.gov.uk/contact-us/

Explanatory Annex

Exemptions applied

Section 31: Law Enforcement 
We are unable to provide you with information regarding software brands and specific contract start/end dates because this information is exempt from disclosure under section 31 (1) (a) of the FOI Act. Section 31 (1) (a) exempts information if its disclosure is likely to prejudice the prevention or detection of crime.

Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.

The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31 (1) (a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government procedure and contracts. However, release of this information would make The National Archives more vulnerable to crime. The crime in question here would be a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer system more vulnerable to hacking. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion.
Further guidance on section 31 can be found here:
https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf

Section 40 (2): Personal Information where the applicant is not the data subject
Section 40 exempts personal information about a ‘third party’ (someone other than the requester), if revealing it would breach the terms of Data Protection Legislation. Data Protection Legislation prevents personal information from release if it would be unfair or at odds with the reason why it was collected, or where the subject had officially served notice that releasing it would cause them damage or distress. Personal information must be processed lawfully, fairly and in a transparent manner as set out by Art. 5 of the General Data Protection Regulation (GDPR).

In this case the exemption applies because the requested material contains information which would identify junior members of staff.

Publishing the names and contact details of junior members of staff is considered an unfair use of personal data. Junior members of staff would have no expectation that information about their positions would be made available in the public domain; to do so would be unfair and contravene the first data protection principle of the Data Protection Act. As such, the names, positions and contact details of junior officials are withheld under section 40 (2) of the FOI Act.

Further guidance about the publication of junior staff names can be found here:
https://ico.org.uk/media/fororganisations/documents/1187/section_40_requests_for_personal_data_about_employees.pdf