Information about the organisations information technology team and infrastructure equipment

The request was successful.

Dear House of Commons,

Under the Freedom of Information Act 2000 I seek the following information about the
organisations information technology team and infrastructure equipment:

1. What is your annual IT Infrastructure Budget for 2016, 2017 & 2018?
2. What storage vendor(s) and model do you currently use?
3. When was the installation date of above storage vendor(s)? (Month/year)
4. When is your planned (or estimated) storage refresh date? (Month/year)
5. What is your estimated budget for the refresh?
6. What is the capacity of the storage data in TB?
7. The total number of IT staff employed by the organization:
8. Please list and provide contact details for the IT senior management team including
CIO, IT Director and Infrastructure Architects if applicable:
9. Please confirm if you are utilising desktop virtualisation technologies and if so how
many users do you provide services for?
10. What backup software do you use?
11. How much data do you backup in TB?
12. Number of servers?
13. What operating system(s) do you use?
14. Number of virtualised servers?
15. What percentage of your environment is virtualised?
16. If you outsource your IT works, please provide who it is with and when the contract started and ends.
17. Please also name all of the IT re-sellers that you work with and buy from, as well as the frameworks that you use for the release of any tenders etc.
18. Please also approximate the time spent managing your IT systems, specifically storage, per week in the unit of man hours. Also approximate the amount of time taken carving out LUNs and/or Volumes.
19. Please list any and all pain points that the IT teams, and organisation as a whole, experience with regard to the storage and usage of the virtualised workloads.
20. How is your storage connected, i.e. via Fibre Channel, Ethernet (NFS or ISCSi). If your storage is currently connected via Fibre Channel, do you have access to 10 GB Ethernet, or 1 GB ethernet, and if so, please declare which

Yours faithfully,

Julie Cornish

FOI Commons, House of Commons

1 Attachment

Dear Ms Cornish,

 

Freedom of Information request F17-137

 

Thank you for your two requests for information dated 6 March 2017,
received by us on the same date, which is copied below.

 

We will endeavour to respond to your request promptly but in any case
within 20 working days i.e. on or before 4 April 2017.

 

If you have any queries about your request, please use the request number
quoted above and in the subject line of this email.

 

Yours sincerely,

 

 

Sarah Price

IRIS Support Officer
Information Rights and Information Security (IRIS) Service | House of
Commons

 

[1]cid:image002.jpg@01D02B64.34D76640

Click [2]here for details about Freedom of Information

in the House of Commons and to see what we publish.

 

 

 

 

 

show quoted sections

FOI Commons, House of Commons

1 Attachment

Dear Ms Cornish,

 

 

Freedom of Information request F17-137

 

Thank you for you for providing us with clarification of your request for
information, as copied below. You asked a number of questions relating to
the IT infrastructure and budget of the House of Commons.

 

Whilst the House of Commons and the House of Lords are separate public
authorities in accordance with the Freedom of Information Act 2000 (FOIA),
the Parliamentary Digital Service (PDS) is a joint service providing
information and communications technology services for both Houses of
Parliament. The information below covers both Houses and all users of the
parliamentary network e.g. MPs, Members of the House of Lords, their
staff, staff of the House Administrations and non-parliamentary network
users participating in parliamentary business.

 

 1. What is your annual IT Infrastructure Budget for 2016, 2017 & 2018?

 

This information is held by the House of Commons. Please find below
details of the annual PDS infrastructure budget:

2016/17 - £7,500,000

2017/18 - £7,500,000

2018/19 - £7,500,000

 

 2. What storage vendor(s) and model do you currently use?

and

 3. When was the installation date of above storage vendor(s)?
(Month/year)

 

This information is held by the House of Commons. PDS uses a mixture of
public and private cloud based storage vendors (for example Office 365),
and there have been various installation dates over a number of years.
However, the House has concluded that any further details of the specific
storage vendors and models used, including installation dates, is exempt
from disclosure for the following reasons.

 

Section 24(1) – National security

 

Information relating to the specific storage models and vendors used by
the House, including details of installation dates, is withheld under
section 24(1) of the FOIA, as the House considers that disclosing this
information would be likely to undermine the safeguarding of national
security. This is a qualified or non-absolute exemption and the public
interest test applies.

In favour of disclosure is the argument of transparency and openness
through providing details relating to the spending of public money and to
demonstrate that funding is used effectively. It is in the public interest
to ensure transparency in the way the House of Commons ensures its IT
systems and processes are adequately robust and secure, and help to
enhance public knowledge of how the House of Commons operates.

The countervailing argument is that information on the specific storage
vendors and models used, if disclosed, would provide a significant
indication of the level and quality of the Parliament’s IT systems and
processes and therefore potentially highlight vulnerabilities in our
networks. In addition, the details of installation dates could allow
attackers to identify the vendors and models used. Groups planning attacks
are known to conduct extensive research into the opposition they might
face, and to disclose this information could potentially provide those
groups or individuals with an indication of where to focus their efforts
when targeting our systems, and therefore significantly impact on national
security. Additionally, revealing details of the IT storage systems used
by the House, could potentially be exploited by individuals seeking to
gain access to House of Commons information. As understanding of cyber
security becomes more sophisticated, details of the House’s storage
processes could be used to hack and subsequently obtain or compromise the
integrity of information within these systems. Whilst there may be a
public interest in access to this information, it is considered that in
this case it is not in the wider public interest to disclose as there is a
risk of national security being compromised.

 

Section 31(1)(a) – Law enforcement

 

As stated above, details of the specific storage vendors and models used
by the House is piece of information which, if disclosed, would provide a
significant indication of the level and quality of our IT systems and
processes. The release of this information would also be likely to
prejudice the prevention or detection of crime and is therefore exempt by
virtue of s.31(1)(a) FOIA. This is a qualified or non-absolute exemption
and the public interest test applies.

In favour of disclosure is the argument of transparency and openness
through providing details relating to the spending of public money and to
demonstrate that funding is used effectively. It is in the public interest
to ensure transparency in the way the House of Commons ensures its IT
systems and processes are adequately robust and secure, and help to
enhance public knowledge of how the House of Commons operates.

However, this is outweighed by the risks of criminal activity being
undertaken if the information was disclosed. Whilst there may be a public
interest in access to this information, the disclosure of these details
could potentially assist those parties planning to launch a criminal
attack on Parliament to more accurately target our networks and would
reveal details on the sophistication of Parliament’s IT systems and
processes. This could potentially highlight vulnerabilities in our
networks and provide individuals with an indication of where to focus
their efforts when targeting our systems. Additionally, revealing details
of the IT storage systems used by the House, could potentially be
exploited by individuals seeking to gain access to House of Commons
information. As understanding of cyber security becomes more
sophisticated, details of the House’s storage processes could be used to
hack and subsequently obtain or compromise the integrity of information
within these systems. In these circumstances it is our view that the
public interest in maintaining the exemption outweighs the public interest
in disclosing the information.

 

 

 4. When is your planned (or estimated) storage refresh date? (Month/year)

 

This information is not held by the House of Commons. However, it may be
helpful to know that we continually assess storage through constant
monitoring and alerts indicating the available capacity.  This is
undertaken by monitoring systems which alert the responsible teams, but we
hold no records of a specific or estimated refresh date.

 

 5. What is your estimated budget for the refresh?

 

This information is held by the House of Commons. The estimated budget for
the refresh is £300,000.

 

 6. What is the capacity of the storage data in TB?

 

The exact information is not held by the House of Commons. However, it may
be helpful to know that the approximate capacity of the storage data is
227 TB. We are unable to be more specific at this time is due to an
ongoing programme of work, and therefore this figure represents a moving
picture.

 

 7. The total number of IT staff employed by the organization:

 

This information is held by the House of Commons. As of the 7 March 2017,
there are 448 members of staff within PDS.

 

 8. Please list and provide contact details for the IT senior management
team including CIO, IT Director and Infrastructure Architects if
applicable:

 

This information is held by the House of Commons.

 

A list of the senior management team of PDS is already publicly available
on our website here:
[1]https://www.publications.parliament.uk/p.... As the
information you request is reasonably accessible to you otherwise than
under the Freedom of Information Act 2000 (FOIA), your request is refused.
In refusing your request the House is applying the exemption set out in
section 21 (1) and (2) (a) of the FOIA. This is an absolute exemption and
the public interest test does not apply.

 

These staff members can be contacted at: Parliamentary Digital Service, 7
Millbank, London, SW1P 3JA

 

 9. Please confirm if you are utilising desktop virtualisation
technologies and if so how many users do you provide services for?

 

This information is held by the House of Commons. We can confirm that PDS
is utilising desktop virtualisation technologies and there are 350
concurrent users.

 

10. What backup software do you use?

 

This information is held by the House of Commons. However, the House has
concluded that details of backup software is exempt from disclosure for
the following reasons.

 

Section 24(1) – National security

 

Information relating to the specific backup software used by the House, is
withheld under section 24(1) of the FOIA, as the House considers that
disclosing this information would be likely to undermine the safeguarding
of national security. This is a qualified or non-absolute exemption and
the public interest test applies.

In favour of disclosure is the argument of transparency and openness
through providing details relating to the spending of public money and to
demonstrate that funding is used effectively. It is in the public interest
to ensure transparency in the way the House of Commons ensures its IT
systems and processes are adequately robust and secure, and help to
enhance public knowledge of how the House of Commons operates.

The countervailing argument is that information on the backup software
used, if disclosed, would provide a significant indication of the level
and quality of the Parliament’s IT systems and processes and therefore
potentially highlight vulnerabilities in our networks. Groups planning
attacks are known to conduct extensive research into the opposition they
might face, and to disclose this information could potentially provide
those groups or individuals with an indication of where to focus their
efforts when targeting our systems, and therefore significantly impact on
national security. Additionally, revealing details of the software we use
to perform backups would provide details of the methods undertaken by the
House, and could be used to attack our IT systems, leaving the House
unable to access parliamentary information, or lead to the loss of data.
As understanding of cyber security becomes more sophisticated, details of
the House’s backup and storage processes could be used to hack and
subsequently obtain highly confidential and sensitive information within
these systems. Whilst there may be a public interest in access to this
information, it is considered that in this case it is not in the wider
public interest to disclose as there is a risk of national security being
compromised.

 

Section 31(1)(a) – Law enforcement

 

As stated above, details of the specific backup software used by the House
is piece of information which, if disclosed, would provide a significant
indication of the level and quality of our IT systems and processes. The
release of this information would also be likely to prejudice the
prevention or detection of crime and is therefore exempt by virtue of
s.31(1)(a) FOIA. This is a qualified or non-absolute exemption and the
public interest test applies.

In favour of disclosure is the argument of transparency and openness
through providing details relating to the spending of public money and to
demonstrate that funding is used effectively. It is in the public interest
to ensure transparency in the way the House of Commons ensures its IT
systems and processes are adequately robust and secure, and help to
enhance public knowledge of how the House of Commons operates.

However, this is outweighed by the risks of criminal activity being
undertaken if the information was disclosed. Whilst there may be a public
interest in access to this information, the disclosure of these details
could potentially assist those parties planning to launch a criminal
attack on Parliament to more accurately target our networks and would
reveal details on the sophistication of Parliament’s IT systems and
processes. This could potentially highlight vulnerabilities in our
networks and provide individuals with an indication of where to focus
their efforts when targeting our systems. As understanding of cyber
security becomes more sophisticated, details of the House’s storage
processes could be used by those with criminal intent to hack, and
subsequently obtain information, of a highly confidential and sensitive
nature. Revealing details of the software we use to perform backups would
potentially provide details of the methodologies the House uses and could
lead to the House being unable to access parliamentary information, or
lead to the loss of data. In these circumstances it is our view that the
public interest in maintaining the exemption outweighs the public interest
in disclosing the information

 

11. How much data do you backup in TB?

 

The exact information is not held by the House of Commons. However, it may
be helpful to know that approximately 88 TB of data is backed up. We are
unable to be more specific at this time is due to an ongoing programme of
work, and therefore this figure represents a moving picture.

 

12. Number of servers?

 

Some information is held by the House of Commons. There are currently 950
servers. Please note, this number represents virtual servers (in cloud
environments). We do not hold information on the physical server count
supporting the virtual servers.

 

 

13. What operating system(s) do you use?

 

This information is held by the House of Commons. The following operating
systems are used:

·         Microsoft

·         Apple

·         Linux

·         Google

 

14. Number of virtualised servers?

 

This information is held by the House of Commons. There are 950
virtualised servers.

 

15. What percentage of your environment is virtualised?

 

The exact information is not held by the House of Commons. It may be
helpful to know that approximately 85% of the environment is virtualised.
Please note, services are added and removed frequently and therefore this
figure will often change.

 

16. If you outsource your IT works, please provide who it is with and when
the contract started and ends.

 

This information is held by the House of Commons. Our Network Managed
Service contract is with Telent Technology Services Limited. The
contracted started in August 2013 and expires with effect on 30 April
2018.

 

17. Please also name all of the IT re-sellers that you work with and buy
from, as well as the frameworks that you use for the release of any
tenders etc.

 

This information is held by the House of Commons. We have awarded
contracts using the following frameworks:

o ESPO, GCloud (RM1557)
o Digital Outcomes and Specialists (RM1043)
o Network Services (RM1045)
o Technology Products (RM3733) and the Sprintii framework– now expired
o Digital Service HR use the NMNC (Non Medical Non Clinical) framework
(RM971) for the provision of Temporary / Interim Staffing.

 

18. Please also approximate the time spent managing your IT systems,
specifically storage, per week in the unit of man hours. Also
approximate the amount of time taken carving out LUNs and/or Volumes.

 

The House of Commons does not already hold information recording an
approximation of this information. Please note that, while we endeavour to
be as helpful as possible, the Freedom of Information Act provides the
requester with an access right to recorded information held, but does not
oblige the House of Commons to answer questions if this would mean
creating new information, providing analysis or giving an opinion or
judgment that is not already recorded. Further guidance for requesters
about accessing information is available here:
[2]http://ico.org.uk/for_the_public/officia...

 

19. Please list any and all pain points that the IT teams, and
organisation as a whole, experience with regard to the storage and
usage of the virtualised workloads.

 

This information is not held by the House of Commons. We do not record
pain points experienced by PDS, or the organisation as a whole, with
regards to storage and usage of the virtualised workloads.

 

20. How is your storage connected, i.e. via Fibre Channel, Ethernet (NFS
or ISCSi). If your storage is currently connected via Fibre Channel,
do you have access to 10 GB Ethernet, or 1 GB ethernet, and if so,
please declare which

 

This information is held by the House of Commons. The storage is connected
via NFS and has access to 10GB Ethernet.

 

 

You may, if dissatisfied with the handling of your request, complain to
the House of Commons. Alternatively, if you are dissatisfied with the
outcome of your request you may ask the House of Commons to conduct an
internal review of any decision regarding your request. Complaints or
requests for internal review should be addressed to: Information Rights
and Information Security Service, Research and Information Team, House of
Commons, London SW1A 0AA or [3][House of Commons request email]. Please ensure
that you specify the full reasons for your complaint or internal review
along with any arguments or points that you wish to make.

If you remain dissatisfied, you may appeal to the Information Commissioner
at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF,
[4]www.ico.gov.uk.

 

Kindest regards,

 

Lauren

 

 

Lauren Puckey | IRIS Officer
Information Rights and Information Security (IRIS) Service | House of
Commons

Tel: 0207 219 4025 | Text Relay: 18001 219 4025 | Fifth Floor, 14 Tothill
St, London SW1H 9NB

 

[5]cid:image002.jpg@01D02B64.34D76640

Click [6]here for information about FOI in the House of Commons,

or to see what we publish.

 

 

 

 

--------------------------------------------------------------------------

 

show quoted sections