Dear University of Hull,

Under the Freedom of Information Act 2000, I write to obtain the following information about the organisation’s information technology infrastructure:

1. What is your annual IT Budget for 2021, 2022 & 2023?

2. Storage:

a. What storage vendor(s) and models do you currently use?

b. What is the capacity of the storage data in TB & How much of this is utilised?

c. What were the installation dates of the above storage vendor(s)? (Month/Year)

d. When is your planned (or estimated) storage refresh date? (Month/Year)?

e. Do you have any extended warranties, if so, with which supplier?

f. What is your estimated budget for the storage refresh?

3. Server/Compute:

a. What server vendor(s) and models do you currently use?

b. What were the installation dates of the above server vendor(s)? (Month/Year)

c. When is your planned (or estimated) server refresh date? (Month/Year)

d. What is your estimated budget for the server refresh?

e. Do you have any extended warranties, if so, with which supplier?

f. Which operating systems are used?

4. Backup, DR and BC:

a. What device/system do you use for your daily backups (e.g tape or disk)

b. What backup software do you use?

c. How much data do you backup, in TB?

d. Do you use a third party to provide a Business Continuity service (e.g. office workplace recovery or infrastructure ship-to-site solutions)?

e. Does your current recovery solution meet your stakeholder’s RTO/RPO expectations?

f. Do you already backup into the cloud?

g. Do you have a documented disaster recovery & business continuity plan in place?

5. Number of Physical servers?

6. Number of virtualised servers? & Which Virtualisation platform do you use?

7. Security:

a. What security solutions are being utilised?

b. Do you have a SIEM?

c. Do you have a SOC? If so, is it in house or outsourced?

d. Is it 24/7?

e. Name and role for IT Manager(s) / Officer(s) primarily responsible for cybersecurity

f. Names of all cyber security vendor(s) you us

g. Cost, duration and end date for the above contract(s)/license(s)

8. How far are you in your cloud strategy?

A. Not considering Cloud for the foreseeable future

B. Interested in Cloud, but have not started looking into it

C. Research Stage

D. Meeting with Suppliers

E. Consultancy

F. Started to integrate

G. Fully integrated

9. Which public cloud provider do you use?

10. Which IT services do you outsource? When do the contracts end?

11. Please also name all of the IT re-sellers that you work with and buy from, as well as the frameworks utilised.

12. Are you actively moving any applications/infrastructure into a cloud environment? If so who is responsible for this?

13. Do you normally purchase equipment and services as a capital investment (Cap-Ex) or ongoing operational charges (Opex)?

Yours faithfully,

Emily Blundell

FOI Mailbox, University of Hull

 

Thank you for your Freedom of Information request. Please accept this
email as an acknowledgment of your request. The University of Hull will
endeavour to provide you with a response within 20 working days. Many
thanks

FOI Mailbox, University of Hull

Dear Emily

File reference: Freedom of Information Request 2444

I am writing to acknowledge receipt of your request below.

The University is treating your correspondence as a request for information under the Freedom of Information Act 2000. You should expect to receive a further reply from us within 20 working days from the day when your request was originally received, although please note there may be some delays due to disruption caused by the current pandemic.

If you have any queries about this request do not hesitate to contact [University of Hull request email]. Please remember to quote the reference number above in any future communications.

Kind regards
Information Compliance Team

dangos adrannau a ddyfynnir

FOI Mailbox, University of Hull

4 Atodiad

Dear Emily

 

With reference to your freedom of information request dated 5 August 2021
concerning;

 

1. What is your annual IT Budget for 2021, 2022 & 2023?

 

2. Storage:

a. What storage vendor(s) and models do you currently use?

b. What is the capacity of the storage data in TB & How much of this is
utilised?

c. What were the installation dates of the above storage vendor(s)?
(Month/Year)

d. When is your planned (or estimated) storage refresh date? (Month/Year)?

e. Do you have any extended warranties, if so, with which supplier?

f. What is your estimated budget for the storage refresh?

 

3. Server/Compute:

a. What server vendor(s) and models do you currently use?

b. What were the installation dates of the above server vendor(s)?
(Month/Year)

c. When is your planned (or estimated) server refresh date? (Month/Year)

d. What is your estimated budget for the server refresh?

e. Do you have any extended warranties, if so, with which supplier?

f. Which operating systems are used?

 

4. Backup, DR and BC:

a. What device/system do you use for your daily backups (e.g tape or disk)

b. What backup software do you use?

c. How much data do you backup, in TB?

d. Do you use a third party to provide a Business Continuity service (e.g.
office workplace recovery or infrastructure ship-to-site solutions)?

e. Does your current recovery solution meet your stakeholder’s RTO/RPO
expectations?

f. Do you already backup into the cloud?

g. Do you have a documented disaster recovery & business continuity plan
in place?

 

5. Number of Physical servers?

 

6. Number of virtualised servers? & Which Virtualisation platform do you
use?

 

7. Security:

a. What security solutions are being utilised?

b. Do you have a SIEM?

c. Do you have a SOC? If so, is it in house or outsourced?

d. Is it 24/7?

e. Name and role for IT Manager(s) / Officer(s) primarily responsible for
cybersecurity

f. Names of all cyber security vendor(s) you us

g. Cost, duration and end date for the above contract(s)/license(s)

 

8. How far are you in your cloud strategy?

A. Not considering Cloud for the foreseeable future

B. Interested in Cloud, but have not started looking into it

C. Research Stage

D. Meeting with Suppliers

E. Consultancy

F. Started to integrate

G. Fully integrated

 

9. Which public cloud provider do you use? 

 

10. Which IT services do you outsource? When do the contracts end?

 

11. Please also name all of the IT re-sellers that you work with and buy
from, as well as the frameworks utilised.

 

12. Are you actively moving any applications/infrastructure into a cloud
environment? If so who is responsible for this?

 

13. Do you normally purchase equipment and services as a capital
investment (Cap-Ex) or ongoing operational charges (Opex)?

 

Your request has been considered and our response is as below.

 

Response

 

Having completed enquiries within the University in respect of Section
1(1)(a), the University does hold information relating to your request,
UoH can confirm in respect of Section 1(1)(b) the following data

 

1.        FY 21/22 £5.3M 22/23 £4M 23/24 £4.5M Capital Investment

2(a).   Netapp, Dell, Tintri and StorSimple (MS) onsite.  Box and Azure
offsite

2(b).  Approx. 400 TB onsite (250 TB used approx) and 500 TB+ offsite (400
TB used approx)

2(c).   Netapp (2012 and 2016), Dell (2015 – ongoing), Tintri (2016) and 
StorSimple (2017)

2(d).  As demand requires

2(e).   Proact, Phoenix, Tintri and CDS.

2(f).    As demand requires

3(a).   Dell

3(b).  Various (2015 – ongoing)

3(c).   As demand requires

3(d).  As demand requires

3(e).   Dell, Solid Systems Global and Park Place Technologies

3(f).    Windows Server 2016 and above

4(a).   A mixture of tape, disk and cloud storage is used to backup data

4(b).  Arcserve Appliances with UDP&Backup Barracuda Office 365 Cloud
Backup

4(c).   Approximately 150tb

4(d).  No

4(e).   Currently under development/review

4(f).    Yes

4(g).   Currently under development/review

5         80

6.        19 and VMware

7.        CISO and IT Director -  Graeme Murphy, Associate Director – ICT,
[1][email address]

           This information has not been provided as it is considered
exempt under s31 Law enforcement.

8.        Interested in Cloud, but have not started looking into it

9.        AWS and AZURE

10.     None

11.     Resellers and Frameworks are reviewed every time a procurement
decision is

           required.  We do not limit ourselves to a pre-defined list.

12.     Dependent on the development of our Cloud Strategy

13.     Depends on the nature of the equipment/service.  We will
capitalise wherever

           feasible.

 

We are unable to provide you with all the information you have requested.
The University feel that to disclose the security solutions utilised and
the release of any security related IT architecture may in itself present
an  unacceptable security risk to our systems in the current climate.
Therefore this information is covered by the exemption at section 31(1)(a)
of the FOIA.            

Section 31(1)(a) exempts information if its disclosure is likely to
prejudice the prevention or detection of crime.

 

This is a qualified exemption and as such, when it applies, we are
required to conduct a Public Interest Test to see whether the information
it covers can be released. 

The public interest has now been concluded and the balance of the public
interest has been found to fall in favour of withholding information
covered by the section 31(1)(a) exemption on this occasion. 
Considerations in favour of the release of the information included the
principle that there is a public interest in transparency and
accountability through disclosure of information relating to public
authority security issues.

However, release of this information would make the University more
vulnerable to crime; namely, a malicious attack on University of Hulls
computer systems.  As such release of this information would prejudice the
prevention or detection of crime by making the Universities computer
system more vulnerable to hacking.  There is an overwhelming public
interest in keeping personal data and computer systems secure which would
be served by non-disclosure.  This would outweigh any benefits of release.
It was therefore decided that the balance of the public interest lies
clearly in favour of withholding the material on this occasion.

This represents a refusal notice for this part of your request.

Your request is now closed.  Should any further information be required a
separate request will need to be submitted.

 

Yours sincerely

 

 

Miss A Clement | Data Protection Officer

University of Hull

Hull, HU6 7RX, UK

[2]www.hull.ac.uk

working from home [3]@UniOfHull [4]/UniversityOfHull
[5]universityofhull

If you are unhappy with this response or the way your request has been
handled you have the right to ask for an internal review. To request a
review, please email [6][email address]. The review will be
conducted by the University Secretary and Chief Operating Officer.

Should you remain dissatisfied following an internal review you may then
appeal to the Information Commissioners Office. [7]www.ico.org.uk Tel 0303
123 1113

 

 

References

Visible links
1. mailto:[email address]
2. https://linkprotect.cudasvc.com/url?a=ht...
3. https://twitter.com/UniOfHull
4. https://www.facebook.com/UniversityOfHull/
5. https://www.instagram.com/universityofhu...
6. mailto:[email address]
7. https://linkprotect.cudasvc.com/url?a=ht...