Outcome
Successful
Request & response
I am currently embarking on a research project around Cyber Security and was hoping you could provide me with some contract information relating to following information:
1. Standard Firewall (Network) – Firewall service protects your corporate Network from unauthorised access and other Internet security threats
2. Anti-virus Software Application – Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
3. Microsoft Enterprise Agreement – is a volume licensing package offered by Microsoft.
The information I require is around the procurement side and we do not require any specifics (serial numbers, models, location) that could bring threat/harm to the organisation.
For each of the different types of cyber security services can you please provide me with:
1. Who is the existing supplier for this contract?
1) Camwey Technology
2) Specialist Computer Centres
3) Insight Direct (UK) Ltd
2. What does the organisation annual spend for each of contract?
This information is covered by the exemption at section 43 (2) of the FOI Act.
3. What is the description of the services provided for each contract? Please do not just state firewall.
1) Firewall licensing, support and maintenance for hardware and software
2) Licensing and Support for Antivirus EP Threat Protection
3) Partner Support
4. Primary Brand (ONLY APPLIES TO CONTRACT 1&2)
Information regarding specific hardware brands and versions’ is exempt under section 31 (1) (a) of the FOI Act.
5. What is the expiry date of each contract?
1) Q4 FY 2021-22 and Q2 FY 2020-21
2) Q4 FY 2020-21
3) Q2 FY 2021-22
6. What is the start date of each contract?
1) Q4 FY 2020-21 and Q2 FY 2019-20
2) Q4 FY 2018-19
3) Q2 FY 2018-19
7. What is the contract duration of contract?
1) 1 year
2) 2 years
3) 3 years
8. The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.
We are unable to provide you with this information because it would identify a junior member of staff and as such is exempt from release under section 40(2) of the FOI Act. However, at The National Archives we apply the general principle that members of staff at Head of Department level and above are sufficiently senior for their names and/or job titles to already be in the public domain and are therefore not exempt from release.
The Head of IT Operations at The National Archives is Julian Muller.
The National Archives’ full contact options can be found on our website here: http://apps.nationalarchives.gov.uk/contact/
9. Number of Licenses (ONLY APPLIES TO CONTRACT 3)
610
EXPLANATORY ANNEX
Exemptions applied
Section 31: Law Enforcement
We are unable to provide you with information regarding hardware brands and specific contract end dates because this information is exempt from disclosure under section 31 (1) (a) of the FOI Act. Section 31 (1) (a) exempts information if its disclosure is likely to prejudice the prevention or detection of crime.
Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.
The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31 (1) (a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government procedure and contracts. However, release of this information would make The National Archives more vulnerable to crime. The crime in question here would be a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer system more vulnerable to hacking. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion.
Further guidance on section 31 can be found here:
https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf
Section 40(2): Personal Information where the applicant is not the data subject
Data Protection Legislation prevents personal information from release if it would be unfair or at odds with the reason why it was collected, or where the subject had officially served notice that releasing it would cause them damage or distress.
In this case the exemption applies because this information represents the personal information of a junior member of staff at The National Archives.
Publishing the names and contact details of junior members of staff is considered an unfair use of personal data. Junior members of staff would have no expectation that information about their positions would be made available in the public domain; to do so would be unfair and contravene Art. 5 of the General Data Protection Regulation. As such, the names, positions and contact details of junior officials are withheld under section 40 (2) of the FOI Act.
Further guidance can be found at:
Section 43(2) – Commercial Interests
This section exempts information whose disclosure would be likely to prejudice the commercial interests of any person. In this case, the exemption applies because it would be likely to harm or prejudice the commercial interests of our current and potential future suppliers.
Section 43(2) is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and must be release. In the FOIA there is a presumption that information should be released unless there are compelling reasons to withhold it.
Considerations in favour of the release of the information included The National Archives’ commitment to openness and transparency in its commercial activities, to allow public scrutiny and to demonstrate that public funds are being used in an efficient and effective way. Furthermore private sector companies engaging in commercial activities with the public sector must expect some information about those activities to be disclosed.
Considerations against disclosure included the recognition that disclosure is likely to provide information to direct competitors within the market that would create an imbalance and a commercial advantage to those competitors. Furthermore disclosure of this information is also likely to affect The National Archives’ ability to negotiate contracts in the future and consequently generate revenue from non-public funds. It is also considered that disclosure would be likely to deter potential bidders for future contracts from competing and sharing commercially sensitive information with us. This would outweigh any benefits of release. It was therefore decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion
Further guidance can be found at: