Communications & Telephony Equipment

The request was successful.

Dear Isle of Anglesey Council,

Please can you provide information on the following:

- What is your annual IT Infrastructure Budget for 2019 & 2020?
- Do you operate on a Unified Communications structure?
- Do you use a Shared Services Centre to handle calls and enquiries?
- What telephony vendor(s) and model do you currently use?
- What service provider do you currently use?
- When was the installation date of telephony equipment?
- When is your planned (or estimated) refresh date? (Month/year)
- What date does your service provider support contract end? (Month/year)
- What is the value of your service support contract?
- Do you have video conferencing equipment installed at all?
- If yes, what is the brand of the equipment?
- Do you have a cloud strategy if so what is it?

Yours faithfully,

Daniel Leonard

Thank you for your recent request for information from the Isle of Anglesey County Council.

In accordance with the Freedom of Information Act 2000 and the Environmental Information Regulations 2004, we aim to respond to your request within 20 working days. In some instances we may be unable to achieve this deadline, in which case we will advise you of the likely timescale within which the response will be provided.

Beryl Jones

Swyddog Gwybodaeth Corfforaethol a Chwynion – Cyngor Sir Ynys Môn
Corporate Information and Complaints Officer - Isle of Anglesey County Council

show quoted sections

Lee Evans, Isle of Anglesey County Council

1 Attachment

Dear Daniel Leonard,

I refer to your email dated 20^th August in which you asked for
information under the terms of the Freedom of Information Act 2000
(FoIA).  Please find the Council’s response below;

 

What is your annual IT Infrastructure Budget for 2019 & 2020?

 

2019 - 415,700.00

2020 – Unknown

 

Do you operate on a Unified Communications structure?

 

Yes

 

Do you use a Shared Services Centre to handle calls and enquiries?

 

No

 

What telephony vendor(s) and model do you currently use?

 

I believe this information exempt under Section 31(1)(a) and 31(1)(d) of
FoIA.

The exemptions under Section 31(1)(a) and 31(1)(d) state that;

“[information] is exempt information if its disclosure under this Act
would, or would be likely to, prejudice;
(a) the prevention or detection of crime
(d) the assessment or collection of any tax or duty or of any imposition
of a similar nature”

The Isle of Anglesey County Council is connected to the Public Sector
Network (PSN), a secure computer network which allows the Revenues and
Benefits section to securely exchange sensitive personal data with the
Department and Work and Pensions (DWP). A condition of the Council’s
connection to PSN is that it abides to a stringent set of security control
standards referred to as the Code of Connection, or CoCo.

Under PSN CoCo the Council must comply with the following mandate;
“Measures shall be put in place to minimise the details of the internal
network structure, components and tools and techniques that are passed
outside of the organisation”.

Case law has established that information disclosed under FoIA is
essentially disclosed to the world at large. With this in mind, it is my
view that providing the information you request would be disclosing the
makeup the Council’s ICT Infrastructure to the extent that the Council
would be failing to meet the network obfuscation requirements mandated by
the PSN CoCo.

Failure to comply with the PSN CoCo would result in the Council’s
disconnection from the PSN with the consequence that the Council would no
longer be privy to information held by the DWP. The inability to share
information with the DWP would seriously compromise the authority’s
ability to effectively collect revenue in the form of Council Tax and its
ability to detect and prosecute fraudulent benefit claimants. It is this
which qualifies the non-disclosure of the requested information under the
Section 31 (1)(a) & (1)(d) exemptions.

In addition to the above, it is also my opinion that the disclosure of
information relating to the makeup of the Council’s ICT Infrastructure
into the public domain could aid criminals in mounting an attack on the
Council’s ICT systems – this would undermine the steps which the Council
has taken to protect the security of its systems, information assets and
the personal information of its citizens. Having identified design
elements of the Council’s network, an attacker could use this information
to research potential attack methods.

In undertaking the security assessments required by PSN, the Council
receives regular advice and health checks from third party, impartial
security experts; the disclosure of such information into the public
domain has been confirmed by the Council’s health check provider as bad
practice and something which would pose a real and likely threat to the
security of the ICT infrastructure;

"We always recommend that information disclosure is kept to a minimum in
all aspects of computer systems, as any information available about a
system could aid an attacker in tailoring an attack specifically against
that system…..[knowledge of the software and version installed] means that
any vulnerabilities in that software can be researched, and exploits can
be used that targeted specifically at that version….Access to this sort of
information significantly reduces the amount of time and effort an
attacker needs to put in to compromise the system, and can therefore
significantly increase the chance of success of an attack"

Extract from email received from external security auditors on 8th August
2012

It is for this reason that I believe the information is further qualified
for exemption under Section 31(1)(a) of FoIA “the prevention or detection
of crime” in order to prevent the Council being targeted by criminals who
engage in malicious activity covered by legislation such as the Computer
Misuse Act 1990

 

When was the installation date of telephony equipment?

 

Approx. 2009

 

When is your planned (or estimated) refresh date? (Month/year)

 

Unknown

 

What date does your service provider support contract end?

 

May 2020

 

What service provider do you currently use?

What is the value of your service support contract?

 

I believe this information is exempt from disclosure under Sections 43 (2)
of FoIA

Section 43 (2) of FoIA states that;

"Information is exempt information if its disclosure under this Act would,
or would be likely to, prejudice the commercial interests of any person
(including the public authority holding it)."

It is my belief that releasing details of the amounts spent on IT
contracts could indicate to current, and potential future suppliers a
baseline amount at which to base future tender bids, providing them with a
bargaining tool which would undermine the authority’s ability to maintain
an even handed negotiating position and prevent it fulfilling its Best
Value duty under the Local Government Act 1999.

Disclosing details of IT contracts currently in place into the public
domain could have a direct impact on the ability of the current suppliers
to compete on a "level playing field" when the current contracts come to
be re-tendered. Disclosure of such information by this authority and
others could allow competitors to work out the pricing methodology used
and to gain an unfair advantage in tendering situations. It is my view
that disclosing the values of contracts held by each supplier could
prejudice the supplier’s commercial interests to the point where they
could be discouraged fromentering into future tender processes with the
Council, threatening the ability of the Council to obtain the best price
from the market.

Do you have video conferencing equipment installed at all?

 

No dedicated video conferencing appliances

 

If yes, what is the brand of the equipment?

 

N/A

 

Do you have a cloud strategy if so what is it?

 

No dedicated Cloud strategy, the Council’s Digital IT Strategy is
available online at www.anglesey.gov.uk

 

Public Interest Test

The exemptions considered above are not absolute and are subject to a
Public Interest Test (PIT) which considers the balance of public interest
in favour of disclosure against the interest in maintaining the exemptions
from disclosure. I have summarised below the factors considered in
deciding upon where the public interest lies with regard to this request.

For Disclosure

• There is great public interest in allowing scrutiny of how public
money has spent, particularly at a time where public spending is under
constant review and debate..
• There is public interest in providing transparency in decision making
in how the authority has followed procurement and tendering
procedures.

Against Disclosure

• A cyber-attack aided by the disclosure of this information could
seriously disrupt the Council’s ability to provide core services which
the public rely upon.
• The Council has a duty to protect the sensitive personal data of its
citizens and it is in the public interest that the authority does all
it can to maintain the integrity and security of the infrastructure on
which that data sits. A breach in the security of this data could
result in a hefty fine being levied on the Council; something I do not
believe is in interest of Anglesey ratepayers.
• The public has a great interest in the local authority being able to
effectively collect revenue and detect fraud. Failure to comply with
PSN CoCo and disclosing details of the Council’s ICT network would
result in disconnection from the PSN and would undermine its ability
to do this.
• It is in the public interest that the commercial activities of private
contractors are not caused prejudice, particularly when some suppliers
may be active in the local economy and employ local people.
• The public has an interest in the Council achieving value for money
when tendering for contracts and services. It is important that
potential suppliers are not discouraged from tendering for Council
contracts because the details of their successful bid will potentially
be disclosed to competitors.

Having considered the public interest both for, and against disclosure of
the information you have requested I have concluded that the overall
public interest lies in maintaining the exemptions outlined above and
non-disclosure of the information.

If you are dissatisfied with any aspect of this response to your request
for information, and / or the decision made to withhold information, you
may ask for an internal review. Please address your correspondence to the
Customer Care Officer, Legal Services, Council Offices, Llangefni, Ynys
Môn LL77 7TW (E-mail: [email address])

If you are not content with the outcome of any internal review you have
the right to apply directly to the Information Commissioner, Wycliffe
House, Water Lane, Wilmslow SK9 5AF. Please note that the Information
Commissioner is likely to expect internal review procedures to have been
exhausted before beginning his investigation.

Yours sincerely,

 

Lee Evans

Rheolwr Gwasanaeth TG a Rheoli Perfformiad  |  IT Service and Performance
Management Manager

Adain TG, Trawsnewid Corfforaethol  |  IT Division, Corporate
Transformation

 

[1]cid:image002.png@01D48CA7.528B1260

 

[2]Dilynwch ni ar Twitter / [3]Darganfyddwch ni ar Facebook

[4]Follow us on Twitter / [5]Find us on Facebook

Mae'r neges e-bost hon a'r ffeiliau a drosglwyddyd ynghlwm gyda hi yn
gyfrinachol ac efallai bod breintiau cyfreithiol ynghlwm wrthynt. Yr unig
berson sydd 'r hawl i'w darllen, eu copio a'u defnyddio yw'r person y
bwriadwyd eu gyrru nhw ato. Petaech wedi derbyn y neges e-bost hon mewn
camgymeriad yna, os gwelwch yn dda, rhowch wybod i'r Rheolwr Systemau yn
syth gan ddefnyddio'r manylion isod, a pheidiwch datgelu na chopio'r
cynnwys i neb arall.

Mae cynnwys y neges e-bost hon yn cynrychioli sylwadau'r gyrrwr yn unig ac
nid o angenrheidrwydd yn cynrychioli sylwadau Cyngor Sir Ynys Mon. Mae
Cyngor Sir Ynys Mon yn cadw a diogelu ei hawliau i fonitro yr holl
negeseuon e-bost trwy ei rwydweithiau mewnol ac allanol.

Croeso i chi ddelio gyda’r Cyngor yn Gymraeg neu’n Saesneg. Cewch yr un
safon o wasanaeth yn y ddwy iaith.

This email and any files transmitted with it are confidential and may be
legally privileged. They may be read copied and used only by the intended
recipient. If you have received this email in error please immediately
notify the system manager using the details below, and do not disclose or
copy its contents to any other person.

The contents of this email represent the views of the sender only and do
not necessarily represent the views of Isle of Anglesey County Council.
Isle of Anglesey County Council reserves the right to monitor all email
communications through its internal and external networks.

You are welcome to deal with the Council in Welsh or English. You will
receive the same standard of service in both languages.

References

Visible links
2. https://twitter.com/cyngormon
3. http://www.facebook.com/cyngormon
4. https://twitter.com/angleseycouncil
5. http://www.facebook.com/ioacc