ICT Contracts

FOI request reference: CAS-120279-G7J3R2
Publication date: May 2023

Request

This is a request for information that relates to the organisation’s contracts around ICT contract(s) for Server Hardware Maintenance, Server Virtualisation Licenses and Maintenance and Storage Area Network (SAN) Maintenance/Support, which may include:

  • Server Hardware Maintenance- contracts relating to the support and maintenance of the organisation’s physical servers.
  • Virtualisation Maintenance/Support/ Licensing (VMware, Solaris, Unix, Linux, Windows Server)
  • Storage Area Network Maintenance/Support (EMC, NetApp etc)

For each of the types of contract described above, please can you provide me with the following data. If there is more than one contract please split the information for each separate supplier this includes annual spend

  1. Contract Title: Please provide me with the contract title.
  2. Type of Contracts (ABOVE): Please can you provide me with one or more contract types the contract relates to: Server Hardware, Virtualisation, SAN (Storage Area Network)
  3. Existing/Current Supplier: Please provide me with the supplier name for each contract.
  4. Brand: Please state the brand of hardware or software
  5. Operating System / Software (Platform): (Windows, Linux, Unix, vSphere, AIX, Solaris etc.) Please state the operating system used by the organisation.
  6. Annual Average Spend: Please provide me with the most recent annual spend for this contract?
  7. Contract Duration: (Please can you also include notes if the contract includes any contract Extension periods.)
  8. Contract Expiry Date: Please can you provide me with the date of when the contract expires.
  9. Contract Review Date: (An approximate date of when the organisation is planning to review this particular contract.)
  10. Purchase of Servers: Could you please provide me with the month and year in which most/bulk of servers were purchased.
  11. Number of Physical Server: Please can you provide me with the number of physical servers.
  12. Number of Virtual Servers: Please can you provide me with the number of Virtual servers
  13. Brief Contract Description: I require a brief description of the service provided under this contract. Please do not just put maintenance. I need at least a sentence.
  14. Contract Owner: (The person from within the organisation that is responsible for reviewing and renewing this particular contract. Please include their full name, job title, direct contact number and direct email address.) If this service is part of a managed contract, please can you send me the contract information for this managed service including Hardware Brand, Number of Users, Operating System, and contact details of the internal contact responsible for this contract

Outcome

Some information provided.

Response

1. Contract Title: Please provide me with the contract title.

Please see attached table

2. Type of Contracts (ABOVE): Please can you provide me with one or more contract types the contract relates to: Server Hardware, Virtualisation, SAN (Storage Area Network)

Please see attached table

3. Existing/Current Supplier: Please provide me with the supplier name for each contract.

Please see attached table

4. Brand: Please state the brand of hardware or software

Disclosing hardware and software brands may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.

5. Operating System / Software (Platform): (Windows, Linux, Unix, vSphere, AIX, Solaris etc.) Please state the operating system used by the organisation.

Disclosing details of our software and hardware infrastructure may reveal information that would prejudice the prevention or detection of crime and is exempt under section 31 (1) (a) of the FOI Act.

6. Annual Average Spend: Please provide me with the most recent annual spend for this contract?

Please see attached table

For contracts under £10,000, this information is covered by the exemption at section 43 (2) of the FOI Act.

7. Contract Duration: (Please can you also include notes if the contract includes any contract Extension periods.)

Please see attached table

8. Contract Expiry Date: Please can you provide me with the date of when the contract expires.

Please see attached table

9. Contract Review Date: (An approximate date of when the organisation is planning to review this particular contract.)

We do not hold this information.

10. Purchase of Servers: Could you please provide me with the month and year in which most/bulk of servers were purchased.

Please see attached table

11. Number of Physical Server: Please can you provide me with the number of physical servers.

There are 90 physical servers

12.Number of Virtual Servers: Please can you provide me with the number of Virtual servers

There are 289 virtual servers

13. Brief Contract Description: I require a brief description of the service provided under this contract. Please do not just put maintenance. I need at least a sentence.

Please see attached table

14. Contract Owner: (The person from within the organisation that is responsible for reviewing and renewing this particular contract. Please include their full name, job title, direct contact number and direct email address.) If this service is part of a managed contract, please can you send me the contract information for this managed service including Hardware Brand, Number of Users, Operating System, and contact details of the internal contact responsible for this contract

We are unable to provide you with this information because it would identify a junior member of staff and as such is exempt from release under section 40 (2) of the FOI Act. However, at The National Archives we apply the general principle that members of staff at Head of Department level and above are sufficiently senior for their names and/or job titles to already be in the public domain and are therefore not exempt from release.

The Head of IT Operations at The National Archives is Julian Muller.
The Head of Digital Archiving at The National Archives is Sonia Ranade.
The National Archives’ full contact options can be found on our website here: https://www.nationalarchives.gov.uk/contact-us/

https://cdn.nationalarchives.gov.uk/documents/cas-120279-table-of-results-2023.xlsx

Explanatory Annexe

Exemptions applied:

Section 31: Law Enforcement
We are unable to provide you with information regarding software brands because this information is exempt from disclosure under section 31(1) (a) of the FOI Act. Section 31(1) (a) exempts information if its disclosure would or would be likely to prejudice the prevention or detection of crime.

Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.

The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31(1)(a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government cyber security. However, release of this information would make The National Archives more vulnerable to crime. The crime in question here would be a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer system more vulnerable to hacking. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion.

Further guidance on section 31 can be found here:
https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf

Section 40 (2): Personal Information where the applicant is not the data subject
Data Protection Legislation prevents personal information from release if it would be unfair or at odds with the reason why it was collected, or where the subject had officially served notice that releasing it would cause them damage or distress.

In this case the exemption applies because this information represents the personal information of junior members of staff at The National Archives.

Publishing the names and contact details of junior members of staff is considered an unfair use of personal data. Junior members of staff would have no expectation that information about their positions would be made available in the public domain; to do so would be unfair and contravene Art. 5 of the General Data Protection Regulation. As such, the names, positions and contact details of junior officials are withheld under section 40 (2) of the FOI Act.

Further guidance can be found at:
https://ico.org.uk/media/1209/personal-data-of-both-the-requester-and-others-foi-eir.pdf

Section 43 (2) – Commercial Interests
This section exempts information whose disclosure would be likely to prejudice the commercial interests of any person. In this case, the exemption applies because it would be likely to harm or prejudice the commercial interests of our current and potential future suppliers.

Section 43 (2) is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and must be release. In the FOIA there is a presumption that information should be released unless there are compelling reasons to withhold it.

Considerations in favour of the release of the information included The National Archives’ commitment to openness and transparency in its commercial activities, to allow public scrutiny and to demonstrate that public funds are being used in an efficient and effective way. Furthermore private sector companies engaging in commercial activities with the public sector must expect some information about those activities to be disclosed.

Considerations against disclosure included the recognition that disclosure is likely to provide information to direct competitors within the market that would create an imbalance and a commercial advantage to those competitors. Furthermore disclosure of this information is also likely to affect The National Archives’ ability to negotiate contracts in the future and consequently generate revenue from non-public funds. It is also considered that disclosure would be likely to deter potential bidders for future contracts from competing and sharing commercially sensitive information with us. This would outweigh any benefits of release. It was therefore decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion

Further guidance can be found at:
https://ico.org.uk/for-organisations/guidance-index/freedom-of-information-and-environmental-information-regulations/section-43-commercial-interests/