Request for Information Ict Setup
Sent by email –
My Ref: KLG/FOI/450
25August 2011
DearMr Williams
REQUEST FOR INFORMATION – ICT SETUP
Thank you for your request for information under the Freedom of Information Act 2000 received by the Council 10 August 2011.
Request –
You requested the following information:
1) Your current corporate networking provider (E.G HP, Cisco)
2) Your IP telephony and comms provider (E.G Cisco, Mitel)
3) What Security Provider you use (E.G Mcafee, Checkpoint, Juniper)
4) Enterprise performance Management (E.G CA)
5) Your Data Management
6) Your Enterprise Computing (E.G Veglen, Toshiba, SUN boxes)
7) If you have a managed service and if so who provides it and when
it is renewed? (2e2, Cisco)
Response –
I can confirm that the information is held by the Council and is being provided in part.
1) New Forest District Council is a partner authority in the Hampshire Public Service Network. The provider of our corporate network is Virgin Media Business.
2) As above although we are not currently using IP Telephony.
3) Refused – Section 31 and 43
4) We do not use Enterprise Performance Management tools.
5) We understand you term data management to mean storage and archiving for which we use Commvault. We have a corporate EDRMS (Meridio by Autonomy).
6) Refused - Section 31 and 43
7) We have a managed service for the provision of telephone services. It is provided by Virgin Media Business as part of the Hampshire Public Services Network (HPSN) programme.
The information in relation to questions 3 and 6 is not being provided. The exemptions relied upon and the reasons for refusal are as follows:
Section 31(1)(a) – Law Enforcement
Section 31(1)(a) provides that information is exempt from disclosure where it would or would be likely to prejudicethe prevention and detection of crime.
The Council considers that releasing details of our security provider and enterprise computing into the public domain would pose a threat to ICT security, business and personal data held on these systems. If Council systems are logically or physically compromised then this will have an adverse affect on the Council’s business, it’s staff and it’s customers, and would therefore be likely to prejudice the Council’s ability to carry out its functions. It is therefore withholding this information in order to prevent crime under the Computer MisUse Ac 1990.
Section 43(2) –Commercial Interests
Section 43(2) provides that information is exempt form disclosure where it would or would be likely to prejudice the commercial interests of any person (including the public authority holding it).
The Council considers that any breach of ICT Security would impact on the ability of the Council to conduct it’s business by causing potential damage to systems, and additional costs for the Council and ultimately the Council Tax Payers, for rectifying this damage.
Section 31 and 43 are both qualified exemptions and are subject to the public interest test. After careful consideration we have decided that on balance it is not in the public interest to release this information. In coming to this conclusion we considered a number of factors.
Factors for withholding -
Necessity of ensuring security of ICT systems and personal data included on these.
Adverse and prejudicial impact on the Council’s business and its staff and residents if systems are compromised, logically or physically.
In addition such damage to systems would lead to severe commercial prejudice of the Council’s operations and additional costs for residents.
Factors for disclosure -
Accountability for public finances
Reasons why public interest favours withholding information
It has been established by the Council that ICT systems can be vulnerable, logically and physically if sufficient information about the systems is known.
Such attacks on ICT generally have a serious adverse effect on clients and residents, and can lead to theft of personal data, with resultant prejudicial impacts on services and individuals.
They also have commercial implications, in costs to the Council (and residents) to rectify losses or damage to data.
The Information Commissioner has advised all authorities to take security of electronic data seriously and to put in place appropriate safeguards to protect clients and operations.
In response to this, security policies and procedures have been set up to establish what data should be protected or restricted and to withhold this from the public domain.
It is judged that the requested data falls within this definition and consequently a decision has been taken that it will not be released.
While the Council is accountable for its public finances, it is judged that the information requested has no public interest value (it will not increase information on accountability or processes).
The information requested is therefore refused.
If you are not satisfied with the handling of your request, you may wish to appeal against the decision. Please put any appeal in writing to the Chief Executive or the Head of Legal and Democratic Services, who will review the original decision, at:
New Forest District Council
Beaulieu Road
Appletree Court
Lyndhurst
Hants SO43 7PA
If the decision is upheld to refuse disclosure, or your complaint is not resolved to your complete satisfaction, having exhausted the internal appeal procedure, you have a right under section 50 of the Act to apply to the Information Commissioner for review at:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Yours sincerely
Ken Connolly
Head of ICT Services
New Forest District Council
Tel: 023 8028 5712
New Forest District Council in complying with their statutory duty under sections 1 and 11 of the Freedom of Information Act to release the enclosed information, will not breach the Copyright, Designs and Patents Act 1988. However, the rights of the copyright holder of the enclosed information will continue to be protected by the law. If you wish to use this information, you may require approval or licence from the copyright holder, including the Authority itself.