Dear The Financial Conduct Authority,

I am writing to make a request for all the information to which I am entitled under Freedom of Information Act 2000. My requests are outlined below as specifically as possible to help you retrieve the information required. However, if any of the below is unclear, I would appreciate if you could contact me as I understand that under the act, you are required to assist requesters.

Please could you provide the following information:

1)How many employees are working for your organisation, including full-time, part-time, and contracted staff?
2)What is your annual intranet budget?
3)What is your current intranet solution? (e.g. Invotra, Sharepoint, Kahootz, Umbraco)
4)How long have you been using this solution, and when does your contract expire?
5)Do you work with an external partner to supply your intranet? If not, do you develop your intranet internally?
6)Which team/individual is responsible for managing your intranet internally?
7)Which other organisations have access to your intranet?
8)Do you share IT services with other organisations?
9) Are you using the Office 365 suite? If so, which applications from the suite are in use?
10)Who is responsible for your intranet’s procurement within the organisation?
11)Do you use Microsoft’s Active Directory to manage your people data? If so, is your Active Directory (AD) managed on-premise or in the cloud?
12)Do you use any other Software as a Service (SaaS) applications? (e.g. Atlassian/Jira, Slack, Trello, Xero)

If possible, please could you present the information via a Microsoft Word or Excel document, sent to me via email. I understand that under the act, I should be entitled to a response within 20 days and therefore I would appreciate if you could confirm receipt of my request.

Yours faithfully,
Deborah Manley

The Financial Conduct Authority

Thank you for e-mailing the Financial Conduct Authority's Information Access Team. This is an automatic acknowledgement to tell you we have received your email safely. Please do not reply to this email. We will be in touch in due course.

This communication and any attachments may contain personal information. For more information about how and why we use personal information and who to contact with any queries about this, please see our privacy notices: FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR Privacy Notice (https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is confidential and may be subject to legal privilege. It is for intended recipients only. If you are not the intended recipient you must not copy, distribute, publish, rely on or otherwise use it without our consent. Some of our communications may contain confidential information which it could be a criminal offence for you to disclose or use without authority. If you have received this email in error please notify [email address] immediately and delete the email from your computer. Further information on the classification and handling of FCA information can be found on the FCA website (http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator Limited, the FCA on behalf of the Payment Systems Regulator Limited / the Payment Systems Regulator Limited) reserves the right to monitor all email communications for compliance with legal, regulatory and professional standards.

This email is not intended to nor should it be taken to create any legal relations or contractual relationships. This email has originated from the Financial Conduct Authority (FCA), or the Payment Systems Regulator Limited.

The Financial Conduct Authority (FCA) is registered as a limited company in England and Wales No. 1920623. Registered office: 25 The North Colonnade, Canary Wharf, London E14 5HS, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company in England and Wales No. 8970864. Registered office: 25 The North Colonnade, Canary Wharf, London E14 5HS, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment Systems Regulator Limited)

Freedom of Information, The Financial Conduct Authority

1 Atodiad

Our ref: FOI6844

 

Dear Ms Manley

 

Freedom of Information: Right to know request

 

We refer to your request under the Freedom of Information Act 2000 (“the
Act”) for the following information:

 

 1. How many employees are working for your organisation, including
full-time, part-time, and contracted staff?
 2. What is your annual intranet budget?
 3. What is your current intranet solution? (e.g. Invotra, Sharepoint,
Kahootz, Umbraco)
 4. How long have you been using this solution, and when does your
contract expire?
 5. Do you work with an external partner to supply your intranet? If not,
do you develop your intranet internally?
 6. Which team/individual is responsible for managing your intranet
internally?
 7. Which other organisations have access to your intranet?
 8. Do you share IT services with other organisations?
 9. Are you using the Office 365 suite? If so, which applications from the
suite are in use?
10. Who is responsible for your intranet’s procurement within the
organisation?
11. Do you use Microsoft’s Active Directory to manage your people data? If
so, is your Active Directory (AD) managed on-premise or in the cloud?
12. Do you use any other Software as a Service (SaaS) applications? (e.g.
Atlassian/Jira, Slack, Trello, Xero)

 

Your request is currently being considered and, in doing so, we are of the
view that the following qualified exemption under the Act may apply:

 

o section 43 (commercial interests)

 

This is because we consider that disclosure would, or would be likely to,
prejudice the commercial interests of any person (including the public
authority holding it).

 

As this is the case, the FCA is required to weigh the public interest in
maintaining the exemption against the public interest in disclosing any
information.

 

By virtue of section 10(3), where public authorities have to consider the
balance of the public interest in relation to a request, they do not have
to comply with the request until such time as is reasonable in the
circumstances.  The FCA has not yet reached a decision on the balance of
the public interest.  Due to the need to consider, in all the
circumstances of the case, where the balance of the public interest lies
in relation to the information that you have requested, the FCA will not
be able to respond to your request in full within 20 working days.  In
these circumstances, we hope to be in a position to respond to you by 17
December 2019, although should we be in a position to contact you sooner
we will do so.

 

Yours sincerely

 

Information Disclosure Team

[1]cid:image001.png@01D4025A.803ED2A0

12 Endeavour Square

London

E20 1JN

 

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

References

Visible links

Freedom of Information, The Financial Conduct Authority

3 Atodiad

Our ref: FOI6844

 

Dear Ms Manley

 

We write further to our email of 19 November 2019 about your request for
information on about the Financial Conduct Authority’s (FCA) intranet.

 

The FCA is still not in a position to reply to your right to know request,
as a decision has yet to be reached on the balance of public interest in
respect of the information you seek.  It is therefore necessary to extend
the date for responding to you.  We hope to respond to you by 31 December
2019, though should we be in a position to contact you sooner we will do
so.

 

Yours sincerely

 

Information Disclosure Team / Cyber and Information Resilience Department
/ Operations

[1]Description: cid:image001.png@01D2A7C9.64DDD390

12 Endeavour Square

London

E20 1JN

 

[2]www.fca.org.uk

 

Follow us:

 

[3]Description: https://g.twimg.com/Twitter_logo_blue.pn...
image003

 

 

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

References

Visible links
2. http://www.fca.org.uk/
3. https://twitter.com/TheFCA
4. https://www.linkedin.com/company/financi...

Freedom of Information, The Financial Conduct Authority

3 Atodiad

Our ref:         FOI6844

 

Dear Ms Manley

 

Freedom of Information: Right to know request

 

Thank you for your request dated 22 October 2019 and received under the
Freedom of Information Act 2000 (the Act) for information relating to the
Financial Conduct Authority’s (FCA) intranet. Please refer to Annex A for
full details of your request.

 

On 19 November 2019, we advised you that we required more time to balance
the “public interest” arguments for and against disclosure in relation to
the information you are seeking. We have now completed that work and our
response is below.

 

For point 1, the below table sets out the number of employees working at
the FCA as at 28 November 2019:

 

  Full-time Part-time
Employee – Fixed Term Contract 156 85
Employee – Permanent 3522 466
Total 3678 551

 

 

For point 2, we consider that disclosure of the annual spend could
prejudice the commercial interests of the FCA and our supplier were it to
be made public, and therefore the exemption at section 43 (commercial
interests) of the Act applies for the reasons set out in Annex B below. 
Nonetheless, with a view to providing you with as much information as we
can, we can confirm the average annual spend is between £100,000 and
£150,000.

 

For point 3, we are unable to disclose what our current intranet solution
is, as disclosure would, or would be likely to, prejudice the prevention
or detection of crime.  Therefore, we consider that section 31 (law
enforcement) of the Act applies for the reasons set out in Annex B below.

 

For point 4, our intranet solution has no contract expiry as the contract
has an ongoing renewal solution.

 

For point 5, we can confirm that we have engaged an external supplier to
supply the FCA’s intranet.

 

For point 6, our Internal Communications Team is responsible for managing
our intranet internally.

 

For point 7, the Payment Systems Regulator has access to our intranet.

 

For point 8, we can confirm that other organisations do have access to our
IT systems.

 

For point 9, we can confirm we are using the Office 365 suite.  However,
we cannot confirm which suite of applications we use as disclosure would,
or would be likely to, prejudice the prevention or detection of crime.
Therefore, we consider that section 31 (law enforcement) of the Act
applies for the reasons set out in Annex B below.

 

For point 10, the procurement team is responsible for procurement of our
intranet.

 

For point 11, we are unable to disclose this information, as disclosure
would, or would be likely to, prejudice the prevention or detection of
crime.  Therefore, we consider that section 31 (law enforcement) of the
Act applies for the reasons set out in Annex B below.

 

Finally, for point 12 we do use other Software as a Service (SaaS)
applications. However, we are unable to disclose which SaaS applications
we use as disclosure would, or would be likely to, prejudice the
prevention or detection of crime.  Therefore, we consider that section 31
(law enforcement) of the Act applies for the reasons set out in Annex B
below.

 

If you are unhappy with this response, you have the right to request an
internal review.  If you wish to exercise this right you should contact
the Information Disclosure Team within 40 working days of the date of this
response.

 

If you are not content with the outcome of the internal review, you also
have a right of appeal to the Information Commissioner at Information
Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9
5AF.  Telephone: 01625 545 700.  Website: [1]www.ico.org.uk

 

 

Yours sincerely

 

 

Information Disclosure Team / Cyber and Information Resilience Department
/ Operations

[2]Description: cid:image001.png@01D2A7C9.64DDD390

12 Endeavour Square

London

E20 1JN

 

[3]www.fca.org.uk

 

Follow us:

 

[4]Description: https://g.twimg.com/Twitter_logo_blue.pn...
image003

 

 

Annex A

 

Request received on 22 October 2019

 

1.      How many employees are working for your organisation, including
full-time, part-time, and contracted staff?

2.      What is your annual intranet budget?

3.      What is your current intranet solution? (e.g. Invotra, Sharepoint,
Kahootz, Umbraco)

4.      How long have you been using this solution, and when does your
contract expire?

5.      Do you work with an external partner to supply your intranet? If
not, do you develop your intranet internally?

6.      Which team/individual is responsible for managing your intranet
internally?

7.      Which other organisations have access to your intranet?

8.      Do you share IT services with other organisations?

9.      Are you using the Office 365 suite? If so, which applications from
the suite are in use?

10.    Who is responsible for your intranet’s procurement within the
organisation?

11.    Do you use Microsoft’s Active Directory to manage your people data?
If so, is your Active Directory (AD) managed on-premise or in the cloud?

12.    Do you use any other Software as a Service (SaaS) applications?
(e.g. Atlassian/Jira, Slack, Trello, Xero)

 

Annex B

 

•       Section 43 (Commercial interests)

 

Section 43(2) of the Act provides that information is exempt if its
disclosure would, or would be likely to prejudice the commercial interests
of any person (including the public authority holding it).

 

In respect of your request, disclosure of the information requested would
be likely to prejudice not only the commercial interests of SharePoint,
but also the commercial interests of the FCA itself.

 

The exemption in Section 43 is qualified and we have balanced the public
interest for and against disclosure as required by the Act.

 

 

For disclosure

 

•       There is a strong public interest in the public being able to see
and potentially scrutinise how much the FCA is spending on services.

 

 

Against disclosure

 

•       Disclosure is likely to undermine the FCA’s commercial interests
as to disclose the information requested could adversely impact our
position in future negotiations with suppliers or procurement exercises
with similar specifications.

 

•       The commercial interests of the supplier involved are likely to be
harmed by such a disclosure as this may affect the supplier’s ability to
negotiate with other potential future customers. Further, disclosure could
potentially provide an unfair advantage to competitors of these suppliers
when bidding for work with both the FCA and other commercial entities.

 

On this occasion we have concluded that, for the reasons set out above,
the balance of the public interest is in favour of not disclosing
information set out above.

 

 

·                  Section 31 (Law enforcement)

 

The qualified exemption in section 31(1)(a) of the Act applies because
disclosure of the information requested would, or would be likely to,
prejudice the prevention or detection of crime.

 

As explained in our letter, this exemption applies to points 3, 9, 11 and
12 of your request in that such information, if disclosed would, or would
be likely to, prejudice the prevention or detection of crime as disclosure
would enable criminals to draw conclusions about our cyber security
capability and in turn, may encourage them to launch cyber-attacks on our
systems.

 

This exemption is qualified and we have balanced the public interest for
and against disclosure as required by the Act.

 

 

For disclosure

 

o There is a strong public interest in favour of transparency and in the
public being reassured that we are taking the necessary precautions to
ensure that our information systems, some of which hold information on
the firms and individuals that we regulate, are secure and safe from
cyber-attacks.

 

o Disclosure of the information would demonstrate how the FCA responds
to the ever-increasing threat of its systems being compromised.

 

Against disclosure

 

o In addition to the arguments set out above, there is a strong public
interest in the FCA being able to keep their systems safe and secure
from cyber-attacks to ensure our role as financial regulator is not
compromised?

 

On this occasion, we have concluded that the balance of the public
interest is in favour of maintaining the exemption under section 31 of the
Act, for the reasons set out above.

 

 

 

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

References

Visible links
1. http://www.ico.org.uk/
3. http://www.fca.org.uk/
4. https://twitter.com/TheFCA
5. https://www.linkedin.com/company/financi...