FOI request (FOIR-672937129)

Information on Software Systems used for Estates and Facilities Management

Requested Tue 24 December 2024
Responded Thu 09 January 2025

1. What software solutions does the council currently use for Computer-Aided Facilities Management (CAFM) or Integrated Workplace Management Systems(IWMS)?

If there are multiple solutions, please list all of them, including niche or secondary systems.

2. What are the contractual terms for each solution?

Please specify start and end dates. If on an annual/rolling contract, indicate this and provide renewal terms.

3. What are the council’s plans at the end of each contract?

Will you renew, extend, replace, or re-evaluate the software solution?

4. What are the total contract values for each solution?

Please provide annual, monthly, or total lifetime costs, as applicable.

5. Who is responsible for managing the CAFM/IWMS system(s)?

Please provide their name, job title, and department.

6. Which of the following functionalities does the organisation use? Are these integrated into the core system, or managed separately? Please specify.

a. Planned & Reactive Maintenance

b. Asset Management

c. Property Management

d. Lease Agreements

e. Health and Safety

f. Project Management

g. Condition Surveys

7. Are there any known limitations or challenges with the current system(s)?

Please elaborate on any pain points, inefficiencies, or unmet requirements.

8. Are there any upcoming plans for the adoption of new technologies or solutions? This includes both CAFM/IWMS-specific upgrades and broader facility management technologies. Please elaborate on potential timelines and goals.

9. Are there any specific factors or features that would influence the decision to switch or upgrade systems?

For example, cost savings, functionality, ease of use, or integration with other systems.

10. Has the council conducted or planned a review, audit, or tender process for its CAFM/IWMS solutions?

If so, when, and what are the key evaluation criteria?

11. Are there any preferred vendors or frameworks for procurement?

Please specify if the council uses certain frameworks like G-Cloud or regional consortia agreements.

12. What level of integration does your current system(s) have with other council software (for example, finance, HR, procurement)?

Are there gaps or areas for improvement?

13. What data and reporting capabilities are critical for your facilities management needs?

Are these fully supported by the current system(s)?

Response

Notice of Refusal

Disclosure of information relating to ICT systems, infrastructure and security constitutes a security risk as it would leave the Council's computer assets more vulnerable to a malicious hacking attack. This means that disclosure would:

• Make the Council more vulnerable to crime (Section 31)

• Risk harming the systems on which the day-to-day business of the Council relies (Section 43)

Section 31 (Law Enforcement)

Section 31(1)(a) states that information is exempt if its disclosure is likely to prejudice the prevention or detection of crime. ICO guidance states that this can be used to protect information on a public authority's systems which would make it more vulnerable to crime. This exemption can be used by a public authority that has no law enforcement function:

• To protect the work of one that does

• To withhold information that would make anyone, including the public authority itself, more vulnerable to crime

The crime in question would be a malicious attack on the Council's computer systems. Since the disclosure of the withheld information would make the Council's systems more vulnerable to such crime, the exemption is engaged.

The exemption is subject to the public interest test. There is an overwhelming public interest in keeping the Council's computer systems secure which would be served by non-disclosure. This outweighs the public interest in accountability and transparency that would be served by disclosure.

Section 43 (Commercial Interests)

Section 43(2) states that information is exempt if its disclosure would, or would be likely to, prejudice the commercial interests of any person (including the public authority holding it).

Disclosure of information relating to ICT systems, infrastructure and security puts the council at risk of a malicious hacking attack.

This would compromise the Council's ability to provide its services and carry out 'business-as-usual' should our systems be compromised. Were our systems to be compromise, the cost of a system recovery would be detrimental to the Council's commercial interests.

The exemption is subject to the public interest test. There is an overwhelming public interest in keeping the Council's computer systems secure which would be served by non-disclosure. This outweighs the public interest in accountability and transparency that would be served by disclosure.