ICT Contracts

FOI request reference: F0053608
Publication date: September 2018

Request

This is a request for information that relates to the organisation’s contracts around ICT contract(s) for Server Hardware Maintenance, Server Virtualisation Licenses and Maintenance and Storage Area Network (SAN) Maintenance/Support, which may include:
· Server Hardware Maintenance- contracts relating to the support and maintenance of the organisation’s physical servers.
· Virtualisation Maintenance/Support/ Licensing (VMware, Solaris, Unix, Linux, Windows Server)
· Storage Area Network Maintenance/Support (EMC, NetApp etc)

For each of the type of contract described above, please can you provide me with the following data. If there is more than one contract please split the information for each separate supplier this includes annual spend
1. Contract Title: Please provide me with the contract title.
2. Type of Contracts (ABOVE): Please can you provide me with one or more contract types the contract relate to: Server Hardware, Virtualisation, SAN (Storage Area Network)
3. Existing/Current Supplier: Please provide me with the supplier name for each contract.
4. Brand: Please state the brand of hardware or software
5. Operating System / Software (Platform): (Windows, Linux, Unix, Vsphere, AIX, Solaris etc.) Please state the operating system used by the organisation.
6. Annual Average Spend: Please provide me with the most recent annual spend for this contract?
7. Contract Duration: (Please can you also include notes if the contract includes any contract extension periods.)
8. Contract Expiry Date: Please can you provide me with the date of when the contract expires.
9. Contract Review Date: (An approximate date of when the organisation is planning to review this particular contract.)
10. Purchase of Servers: Could you please provide me with the month and year in which most/bulk of servers where purchased.
11. Number of Physical Server: Please can you provide me with the number of physical servers.
12. Number of Virtual Servers: Please can you provide me with the number of Virtual servers’ servers.
13. Brief Contract Description: I require a brief description of the service provided under this contract. Please do not just put maintenance I need at least a sentence.
14. Contract Owner: (The person from within the organisation that is responsible for reviewing and renewing this particular contract. Please include their full name, job title, direct contact number and direct email address.)

If this service is part of a managed contract please can you send me the contract information for this managed service including Hardware Brand, Number of Users, Operating System, and contact details of the internal contact responsible for this contract.

Outcome

Successful

Response

Webpage link for the requested data.

Your request has been handled under the Freedom of Information Act (2000). The Freedom of Information Act (2000) gives you the right to know whether we hold the information you want and to have it communicated to you, subject to any exemptions which may apply.

The information that you have requested has been attached to this email as a spreadsheet. However, some information cannot be provided as it is exempt under certain provisions of the FOI Act. For more information on how these exemptions relate to the information you have requested, please see below.

1) All information regarding hardware and software brands and specific expiry dates for contracts is exempt under section 31 (1) (a) of the FOI Act. This exempts information if its disclosure is likely to prejudice the prevention or detection of crime. Release of this information would make The National Archives more vulnerable to crime; namely, a malicious attack on The National Archives’ computer systems. However in order to be as open as possible, we have provided the quarter within the financial year that the contracts expire (see spreadsheet attached).

2) We are unable to provide you information on contract owners because it would identify a junior member of staff and as such is exempt from release under section 40 (2) (Personal Data) of the FOI Act. However, we have applied the general principle that members of staff at Head of Department level and above are sufficiently senior for their names and/or job titles to already be in the public domain and are therefore not exempt from release. The Head of IT Operations at The National Archives is Julian Muller, who is responsible for contracts 1 to 6. The Head of Digital Archiving Infrastructure is Diana Newton, who is responsible for the contracts 7 to 9.

Explanation of exemptions applied:

Section 31: Law Enforcement

Section 31 (1) (a) exempts information if its disclosure is likely to prejudice the prevention or detection of crime.

Section 31 is a qualified exemption and we are required to conduct a public interest test when applying any qualified exemption. This means that after it has been decided that the exemption is engaged, the public interest in releasing the information must be considered. If the public interest in disclosing the information outweighs the public interest in withholding it then the exemption does not apply and the information must be released. In the FOI Act there is a presumption that information should be released unless there are compelling reasons to withhold it.

The public interest has now been concluded and the balance of the public interest has been found to fall in favour of withholding information covered by the section 31(1) (a) exemption. Considerations in favour of the release of the information included the principle that there is a public interest in transparency and accountability in disclosing information about government procedure and contracts.
However, release of this information would make The National Archives more vulnerable to crime; namely, a malicious attack on The National Archives’ computer systems. As such release of this information would be seen to prejudice the prevention or detection of crime by making The National Archives’ computer systems more vulnerable to hacking therefore facilitating the possibility of a criminal offence being carried out. There is an overwhelming public interest in keeping government computer systems secure which would be served by non-disclosure. This would outweigh any benefits of release. It has therefore been decided that the balance of the public interest lies clearly in favour of withholding the material on this occasion. Please note that this decision in no way implies that you would engage in any criminal or malicious activities. However as the Freedom of Information Act is an open access regime this exemption has been applied to protect our systems.

Further guidance on section 31 can be found here:
https://ico.org.uk/media/for-organisations/documents/1207/law-enforcement-foi-section-31.pdf

Section 40(2): Personal Information where the applicant is not the data subject

Section 40 exempts personal information about a ‘third party’ (someone other than the requester), if revealing it would breach the terms of the Data Protection Act (DPA) 1998.

The DPA prevents personal information from release if it would be unfair or at odds with the reason why it was collected, or where the subject had officially served notice that releasing it would cause them damage or distress. Junior members of staff would have no expectation that information about their positions would be made available in the public domain; to do so would be unfair and contravene the first data protection principle of the DPA 1998.

In this case the exemption applies because this information represents the personal information of a junior member of staff at The National Archives. Publishing the names of junior members of staff is considered an unfair use of personal data. As such, the names and positions of junior officials are withheld under section 40(2) of the FOIA.

More information about the publication of junior staff names.

More general information about the section 40 exemption.