-
FOI request (FOI-72963447)
IT Infrastructure
Requested Mon 16 April 2018
Responded Wed 02 May 2018Under the freedom of information act 2000. I write to obtain the following information about the organisations information technology infrastructure equipment:1. What is your annual IT Budget for 2017, 2018 & 2019?2. Storage:a. What storage vendor(s) and models do you currently use?b. What is the capacity of the storage data in TB & How much of this is utilised?c. What were the installation dates of the above storage vendor(s)? (Month/Year)d. When is your planned (or estimated) storage refresh date? (Month/Year)?e. Do you have any extended warranties, if so, with which supplier?f. What is your estimated budget for the storage refresh?3. Server/Compute:a. What server vendor(s) and models do you currently use?b. What were the installation dates of the above server vendor(s)? (Month/Year)c. When is your planned (or estimated) server refresh date? (Month/Year)d. What is your estimated budget for the server refresh?e. Do you have any extended warranties, if so, with which supplier?f. Which operating systems are used?4. Network & Security:a. What network vendor(s) and models do you currently use?b. What are the quantities of the Edge, Core and MP used in your network?c. What network architecture is currently used?d. What security solutions are being utilised?e. What were the installation dates of the above network vendor(s)? (Month/Year)f. When is your planned (or estimated) Network refresh date? (Month/Year)?g. What is your estimated budget for the Network refresh?h. When did you install your current Wi-Fi environment?5. End User Devices:a. How many desktops/laptops are deployed by the Council?b. How many mobile devices [Phones & tablets etc] are deployed by the council?c. What were the installation dates of the above desktop/laptops?d. When is your planned (or estimated) desktop/laptop refresh date? (Month/Year)6. Backup, DR and BC:a. What device/system do you use for your daily backups (e.g tape or disk)b. What backup software do you use?c. How much data do you backup, in TB?d. Do you use a third party to provide a Business Continuity service (e.g. office workplace recovery or infrastructure ship-to-site solutions)?e. Does your current recovery solution meet your stakeholder's expectations?f. Do you already backup into the cloud?g. Do you have a documented disaster recovery & business continuity plan in place?7. Number of Physical servers?8. Number of virtualised servers? & Which Virtualisation platform do you use?9. Do you have a cloud strategy if so what is it?10. Do you use Azure or Amazon Web Services?11. Do you use or are you planning to use MS O365?12. Please also name all of the IT re-sellers that you work with and buy from, as well as the frameworks utilised.13. Do you have a Software Asset Management Policy? If so what is it?14. Who is responsible for your Software Asset Management?15. How much did you pay in the last financial year for software licenses?16. If applicable, how many people are using Office 365?17. Who are your top three software vendors by revenue?18. What are the contractual renewal dates for those three vendors?19. Have you been audited by those three vendors? If so the date of the audit.20. Do you currently measure software usage versus the number of licenses purchased?21. Do you use a software asset management and/or software inventory tool? If so which one(s)?22. Are you actively moving any applications/infrastructure into a cloud environment? If so who is responsible for this?23. What is the total number of IT staff employed by the organization: Please list and provide contact details for the IT senior management team including CIO, IT Director and Infrastructure Architects if applicable.24. Who is Head of IT? - Please provide contact details25. Who is Head of Procurement? - Please provide contact details26. Do you have a managed/shared service with any other councils?27. Do you normally purchase equipment and services as a capital investment (Capital Expenditure) or ongoing operational charges (Operational Expenditure).
Response
Q1 - Please see https://www.hastings.gov.uk/my_council/transparency/budgets/
2. Storage:
a. Refused (please see below)
b. 72TB, 37TB
c. 09/2017
d. Information not held
e. No
f. Information not held
3. Server/Compute:
a. Refused (please see below)
b. Various
c. Information not held
d. Information not held
e. No
f. Refused (please see below)
4. Network & Security:
a. Refused (please see below)
b. Refused (please see below)
c. Refused (please see below)
d. Refused (please see below)
e. Various
f. Information not held
g. Information not held
h. 2017
5. End User Devices:
a. 95/305
b. 180
c. Various
d. Various
6. Backup, DR and BC:
a. Tape and Disk
b. Refused (please see below)
c. 20
d. No
e. Yes
f. No
g. Yes
7. 15
8. Refused (please see below)
9. Cloud vs On-Premise is considered on a case by case basis
10. Refused (please see below)
11. Do not use
12. Various, GCloud
13. Yes, Usage vs Purchase
14. IT Department
15. Departmental Systems: £855746
16. None
17. Northgate, Firmstep, Idox
18. Rolling Annual Contracts
19. No
20. Yes
21. Snow
22. Cloud vs On-Premise is considered on a case by case basis
23. 12
24. Mark Bourne - 01424 451066
25. No Head of Procurement
26. No
27. Both
Notice of Refusal Disclosure of information relating to ICT infrastructure and security constitutes a security risk as it would leave the Council's computer assets more vulnerable to a malicious hacking attack. This means that disclosure would:
• Make the Council more vulnerable to crime (Section 31)
• Risk harming the systems on which the day-to-day business of the Council relies (Section 43)
Section 31 (Law Enforcement) Section 31(1)(a) states that information is exempt if its disclosure is likely to prejudice the prevention or detection of crime. ICO guidance states that this can be used to protect information on a public authority's systems which would make it more vulnerable to crime.
This exemption can be used by a public authority that has no law enforcement function:
• To protect the work of one that does
• To withhold information that would make anyone, including the public authority itself, more vulnerable to crime
The crime in question would be a malicious attack on the Council's computer systems. Since the disclosure of the withheld information would make the Council's systems more vulnerable to such crime, the exemption is engaged. The exemption is subject to the public interest test. There is an overwhelming public interest in keeping the Council's computer systems secure which would be served by non-disclosure. This outweighs the public interest in accountability and transparency that would be served by disclosure.
Section 43 (Commercial Interests) Section 43(2) states that information is exempt if its disclosure would, or would be likely to, prejudice the commercial interests of any person (including the public authority holding it).
Disclosure of information relating to ICT infrastructure and security puts the council at risk of a malicious hacking attack. This would compromise the Council's ability to provide its services and carry out 'business-as-usual' should our systems be compromised. Were our systems to be compromise, the cost of a system recovery would be detrimental to the Council's commercial interests. The exemption is subject to the public interest test. There is an overwhelming public interest in keeping the Council's computer systems secure which would be served by non-disclosure. This outweighs the public interest in accountability and transparency that would be served by disclosure.
-
Freedom of Information
Contact
Got a question about freedom of information?
Content
The content on this page is the responsibility of our Council's Information Officer.