FOI request (FOIR-388099512)

IT Software

Requested Fri 24 December 2021
Responded  Thu 13 January 2022

1. What applications and versions are you running and what was the value of the contracts for:

a. Finance?

b. HR?

c. Payroll?

d. Projects?

e. Business Intelligence software tools?

2. Are you planning a IT system upgrade in the next 12 to 18 months?

3. How many full time employees do you have (excluding employees at schools)?

4. Which Enterprise Resource Planning or Finance system do you currently use?

a. What is the value and expiry date of your current contract/licence? What are the extension options?

5. How many finance system users do you have?

6. How many purchasing system users do you have?

7. Which Supply Chain Management system do you currently use?

a. What is the value and expiry date of your current contract/licence? What are the extension options?

8. Which Enterprise Performance Management, Scenario Planning or Strategic Modelling system do you currently use?

a. What is the value and expiry date of your current contract/licence? What are the extension options?

9. Which Human Capital Management (HCM) or HR system do you currently use?

a. What is the value and expiry date of your current contract/licence? What are the extension options?

10. How many HR system users do you have?

11. Do you have a Digital Transformation Strategy?

12. What parts of your Digital Transformation Strategy are you looking to implement in the next 12-18 months?

13. Do you have any plans to migrate to a fully integrated, fully cloud based back-office system in the next two years?

14. Do you have an Oracle support partner for applications? If so who?

What kind of support is included in the contract (functional, technical, and so on)?

When does it expire?

15. Are you running any Oracle Databases?

If so, what versions are you currently running?

What applications are being run on these Databases?

Are you planning another Database upgrade in the next 12 to 18 months?

16. Do you have an Oracle support partner for Databases? If so who?

What is the per annum value of the database support contract?

When does it expire?

Where are the databases held? Hosted, onsite or offsite?

If not, how many in-house DBAs do you have?

17. Where do you advertise any Oracle procurement opportunities?

Who is responsible for looking after the contract for the Oracle estate?

Who is responsible for looking after the licenses for the Oracle estate?

When does this contract renew?

Do you work with off-shore partners?

18. Have you considered using a Software As A Service solution and not yet moved to one? Do you currently work with any partners in this space?

19. At what level are decisions are made around procuring software and services such as video conferencing?

20. We request for you to provide contact details of all chief decision makers regarding your technology through your organisation.

Response

Notice of Refusal

Disclosure of information relating to ICT systems, infrastructure and security constitutes a security risk as it would leave the Council's computer assets more vulnerable to a malicious hacking attack.

This means that disclosure would:

• Make the Council more vulnerable to crime (Section 31)

• Risk harming the systems on which the day-to-day business of the Council relies (Section 43)

Section 31 (Law Enforcement)

Section 31(1)(a) states that information is exempt if its disclosure is likely to prejudice the prevention or detection of crime. ICO guidance states that this can be used to protect information on a public authority's systems which would make it more vulnerable to crime. This exemption can be used by a public authority that has no law enforcement function:

• To protect the work of one that does.

• To withhold information that would make anyone, including the public authority itself, more vulnerable to crime.

The crime in question would be a malicious attack on the Council's computer systems. Since the disclosure of the withheld information would make the Council's systems more vulnerable to such crime, the exemption is engaged.

The exemption is subject to the public interest test. There is an overwhelming public interest in keeping the Council's computer systems secure which would be served by non-disclosure. This outweighs the public interest in accountability and transparency that would be served by disclosure.

Section 43 (Commercial Interests)

Section 43(2) states that information is exempt if its disclosure would, or would be likely to, prejudice the commercial interests of any person (including the public authority holding it).

Disclosure of information relating to ICT systems, infrastructure and security puts the council at risk of a malicious hacking attack. This would compromise the Council's ability to provide its services and carry out 'business-as-usual' should our systems be compromised. Were our systems to be compromised, the cost of a system recovery would be detrimental to the Council's commercial interests.

The exemption is subject to the public interest test. There is an overwhelming public interest in keeping the Council's computer systems secure which would be served by non-disclosure. This outweighs the public interest in accountability and transparency that would be served by disclosure.