ICT software spend on Education Management Information System

The request was partially successful.

Dear Isle of Anglesey Council,

Please provide me with the following information:

1. The name of the supplier of your Education Management Information
Software System (Local authority use for admissions,LAC, SEND, Early Years etc, not the schools system please)

2. The annual support and maintenance cost for this system i.e. the sum paid to the
supplier annually

3. When is the contract due for renewal and notice period?

4. Who is your current adult & child social care case management software
provider?

Thank you for your kind assistance with this.

Yours faithfully,

Marcus Le Brocq

Helen Madoc-Jones,

Thank you for your recent request for information from the Isle of Anglesey County Council.

In accordance with the Freedom of Information Act 2000 and the Environmental Information Regulations 2004, we aim to respond to your request within 20 working days. In some instances we may be unable to achieve this deadline, in which case we will advise you of the likely timescale within which the response will be provided.

Regards

Helen Madoc-Jones
Clerc Teipydd / Clerk Typist
Busnes y Cyngor / Council Business
Adran Gyfreithio / Legal Department

show quoted sections

Helen Madoc-Jones,

Thank you for your recent request for information from the Isle of Anglesey County Council.

In accordance with the Freedom of Information Act 2000 and the Environmental Information Regulations 2004, we aim to respond to your request within 20 working days. In some instances we may be unable to achieve this deadline, in which case we will advise you of the likely timescale within which the response will be provided.

Regards

Helen Madoc-Jones
Clerc Teipydd / Clerk Typist
Busnes y Cyngor / Council Business
Adran Gyfreithio / Legal Department

show quoted sections

1 Attachment

Dear Marcus Le Brocq

I refer to your email dated 11^th January 2019 which asked questions
relating to software under the terms of the Freedom of Information Act
2000 (FoIA).  Please find below your request, along with the Council’s
response.

 

Please provide me with the following information:

 

1.    The name of the supplier of your Education Management Information
Software System (Local authority use for admissions,LAC, SEND, Early Years
etc, not the schools system please)

I believe this information is exempt under Section 31(1)(a) and 31(1)(d)
of FoIA which state that;

“[information] is exempt information if its disclosure under this Act
would, or would be likely to, prejudice;
(a) the prevention or detection of crime
(d) the assessment or collection of any tax or duty or of any imposition
of a similar nature”

The Isle of Anglesey County Council is connected to the Public Sector
Network (PSN), a secure computer network which allows the Revenues and
Benefits section to securely exchange sensitive personal data with the
Department and Work and Pensions (DWP). A condition of the Council’s
connection to PSN is that it abides to a stringent set of security control
standards referred to as the Code of Connection, or CoCo.

Under PSN CoCo the Council must comply with the following mandate;
“Measures shall be put in place to minimise the details of the internal
network structure, components and tools and techniques that are passed
outside of the organisation”.

Case law has established that information disclosed under FoIA is
essentially disclosed to the world at large. With this in mind, it is my
view that providing the information you request would be disclosing the
makeup the Council’s ICT Infrastructure to the extent that the Council
would be failing to meet the network obfuscation requirements mandated by
the PSN CoCo.

Failure to comply with the PSN CoCo would result in the Council’s
disconnection from the PSN with the consequence that the Council would no
longer be privy to information held by the DWP. The inability to share
information with the DWP would seriously compromise the authority’s
ability to effectively collect revenue in the form of Council Tax and its
ability to detect and prosecute fraudulent benefit claimants. It is this
which qualifies the non-disclosure of the requested information under the
Section 31 (1)(a) & (1)(d) exemptions.

In addition to the above, it is also my opinion that the disclosure of
information relating to the makeup of the Council’s ICT Infrastructure
into the public domain could aid criminals in mounting an attack on the
Council’s ICT systems – this would undermine the steps which the Council
has taken to protect the security of its systems, information assets and
the personal information of its citizens. Having identified design
elements of the Council’s network, an attacker could use this information
to research potential attack methods.

In undertaking the security assessments required by PSN, the Council
receives regular advice and health checks from third party, impartial
security experts; the disclosure of such information into the public
domain has been confirmed by the Council’s health check provider as bad
practice and something which would pose a real and likely threat to the
security of the ICT infrastructure;

"We always recommend that information disclosure is kept to a minimum in
all aspects of computer systems, as any information available about a
system could aid an attacker in tailoring an attack specifically against
that system…..[knowledge of the software and version installed] means that
any vulnerabilities in that software can be researched, and exploits can
be used that targeted specifically at that version….Access to this sort of
information significantly reduces the amount of time and effort an
attacker needs to put in to compromise the system, and can therefore
significantly increase the chance of success of an attack"

Extract from email received from external security auditors on 8th August
2012

It is for this reason that I believe the information is further qualified
for exemption under Section 31(1)(a) of FoIA “the prevention or detection
of crime” in order to prevent the Council being targeted by criminals who
engage in malicious activity covered by legislation such as the Computer
Misuse Act 1990.

 

2. The annual support and maintenance cost for this system i.e. the sum
paid to the supplier annually

 

£42,000

 

3. When is the contract due for renewal and notice period?

 

2021

 

 

4. Who is your current adult & child social care case management software
provider?

 

I believe this information is exempt, please see response to 1.

 

Public Interest Test

The exemptions considered above are not absolute and are subject to a
Public Interest Test (PIT) which considers the balance of public interest
in favour of disclosure against the interest in maintaining the exemptions
from disclosure. I have summarised below the factors considered in
deciding upon where the public interest lies with regard to this request.

For Disclosure

o There is great public interest in allowing scrutiny of how public
money has spent, particularly at a time where public spending is under
constant review and debate..

Against Disclosure

o A cyber-attack aided by the disclosure of this information could
seriously disrupt the Council’s ability to provide core services which
the public rely upon.
o The Council has a duty to protect the sensitive personal data of its
citizens and it is in the public interest that the authority does all
it can to maintain the integrity and security of the infrastructure on
which that data sits. A breach in the security of this data could
result in a hefty fine being levied on the Council; something I do not
believe is in interest of Anglesey ratepayers.
o The public has a great interest in the local authority being able to
effectively collect revenue and detect fraud. Failure to comply with
PSN CoCo and disclosing details of the Council’s ICT network would
result in disconnection from the PSN and would undermine its ability
to do this.

Having considered the public interest both for, and against disclosure of
the information you have requested I have concluded that the overall
public interest lies in maintaining the exemptions outlined above and
non-disclosure of the information.

If you are dissatisfied with any aspect of this response to your request
for information, and / or the decision made to withhold information, you
may ask for an internal review. Please address your correspondence to the
Customer Care Officer, Legal Services, Council Offices, Llangefni, Ynys
Môn LL77 7TW (E-mail: [1][email address])

If you are not content with the outcome of any internal review you have
the right to apply directly to the Information Commissioner, Wycliffe
House, Water Lane, Wilmslow SK9 5AF. Please note that the Information
Commissioner is likely to expect internal review procedures to have been
exhausted before beginning his investigation.

Yours sincerely

 

Lee Evans

Rheolwr Gwasanaeth TG a Rheoli Perfformiad  |  IT Service and Performance
Management Manager

Adain TG  |  IT Division

(01248) 752526  |  [2][email address]

 

[3]cid:image002.png@01D48CA7.528B1260

 

 

 

[4]Dilynwch ni ar Twitter / [5]Darganfyddwch ni ar Facebook

[6]Follow us on Twitter / [7]Find us on Facebook

Mae'r neges e-bost hon a'r ffeiliau a drosglwyddyd ynghlwm gyda hi yn
gyfrinachol ac efallai bod breintiau cyfreithiol ynghlwm wrthynt. Yr unig
berson sydd 'r hawl i'w darllen, eu copio a'u defnyddio yw'r person y
bwriadwyd eu gyrru nhw ato. Petaech wedi derbyn y neges e-bost hon mewn
camgymeriad yna, os gwelwch yn dda, rhowch wybod i'r Rheolwr Systemau yn
syth gan ddefnyddio'r manylion isod, a pheidiwch datgelu na chopio'r
cynnwys i neb arall.

Mae cynnwys y neges e-bost hon yn cynrychioli sylwadau'r gyrrwr yn unig ac
nid o angenrheidrwydd yn cynrychioli sylwadau Cyngor Sir Ynys Mon. Mae
Cyngor Sir Ynys Mon yn cadw a diogelu ei hawliau i fonitro yr holl
negeseuon e-bost trwy ei rwydweithiau mewnol ac allanol.

Croeso i chi ddelio gyda’r Cyngor yn Gymraeg neu’n Saesneg. Cewch yr un
safon o wasanaeth yn y ddwy iaith.

This email and any files transmitted with it are confidential and may be
legally privileged. They may be read copied and used only by the intended
recipient. If you have received this email in error please immediately
notify the system manager using the details below, and do not disclose or
copy its contents to any other person.

The contents of this email represent the views of the sender only and do
not necessarily represent the views of Isle of Anglesey County Council.
Isle of Anglesey County Council reserves the right to monitor all email
communications through its internal and external networks.

You are welcome to deal with the Council in Welsh or English. You will
receive the same standard of service in both languages.

References

Visible links
1. mailto:[email address]
2. mailto:[email address]
4. https://twitter.com/cyngormon
5. http://www.facebook.com/cyngormon
6. https://twitter.com/angleseycouncil
7. http://www.facebook.com/ioacc

Dear Lee Evans,

Thank you for providing some of the information that i requested.

Yours sincerely,

marcus le brocq

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org