We acknowledge receipt of your request to Manchester City Council,
concerning:

Communications Systems and Technology

If your request comes under the Freedom of Information Act 2000 (FOIA) or
the Environmental Information Regulations 2004 (EIR), we will aim to
respond as promptly as we can and by no later than 20 working days.
Sometimes an extension to that timescale will apply and we will let you
know if that is the case.

If some or all of your request needs to be considered under processes
other than those provided by FOIA or EIR, different timescales may apply.
In particular, any part of your request that concerns your own personal
information will be considered in line with your rights under data
protection legislation (including the right of access) and we will aim to
provide you with a response in respect of that part of your request
without undue delay and by no later than one calendar month, unless an
extension to that timescale applies (we will let you know if that is the
case).

 

The reference number for your request is FOI/14151.

 

Should you have any further inquiries concerning your request, please
reply to this email leaving the subject line unchanged.

Yours sincerely
Manchester City Council

Your personal data is very important to us. Please refer to our privacy
notice at [1]www.manchester.gov.uk/privacy for further information.

References

Visible links
1. http://www.manchester.gov.uk/privacy

Dear Philip Mansfield,

Re: Request for Information Communications Systems and Technology FOI/00014151

Thank you for your request for information, which was received by
Manchester City Council on 21 October 2024 and has been considered under
the provisions of the Freedom of Information Act 2000 (“the 2000 Act”).

In response to your request, I have summarised the information as follows.
The response from Manchester City Council follows your questions and are
highlighted in bold.

 

Your questions:

 

Connectivity and Network Services:

a. Who provides your WAN and internet connectivity and the annual spend on
each
WAN provider is TNP. Annual spend is £460k. Internet Connectivity provider
is Gamma. Annual spend is £34k.

b. Who provides your SIP trunks and what is the annual spend
Not applicable as SIP trunks are not in use.

c. Who provides your WAN services, is this MPLS, SD WAN or Internet, and
what is the annual spend
MCC is currently migrating to SD-WAN. Please see WAN provider details in
response (a.).

d. Who provides your LAN infrastructure and what is your annual spend
MCC's LAN infrastructure is currently being upgraded. The contract details
of which can be found here:
[1]https://procontract.due-north.com/Contra....
Upon delivery of this upgrade work MCC's LAN will continue to be
maintained in-house.

e. Who provides your WIFI infrastructure and what is your annual spend
MCC's Wi-Fi infrastructure is currently being upgraded. The contract
details of which can be found here:
[2]https://procontract.due-north.com/Contra....
Upon delivery of this upgrade work MCC's Wi-Fi will continue to be
maintained in-house.

f. Please confirm the manufacturer(s) of your wired network core and edge
switching?
Please see Manchester City Council response after your questions.

g. When was your core network installed?
2020.

h. Has it been updated subsequently?
MCC's core network is currently being upgraded.

i. Who maintains your core network?
MCC.

j. When is the contract renewal date?
Not applicable.

k. Please confirm value of the initial project?
Data Centre Facility and Migration Project costs totalled £932k.

l. Please confirm the value of annual support/maintenance services (in £)?
Not applicable. MCC maintain the core network.

 

Telephony and storage:

1. Telephony and UC/ Collaboration

a. Please confirm the manufacturer of your telephony system(s) that are
currently in place
8x8.

b. When is your contract renewal date?
March 2025 with an option to extend up to 3 years.

c. Who maintains your telephony system(s)?
MCC.

d. Do you use Unified Communications or Collaboration tools , if so which
ones?
Microsoft 365 and 8x8.

 

2. Microsoft

a) What Microsoft 365 licence do you have across the business e.g. E3, E5
We have different types of Office365 licences including E1, E3 and E5.

b) Which partner looks after your Microsoft tenant?
Trustmarque Limited.

c) Where do you host your applications? Do you have on-premise
infrastructure or do you host your applications in public or private
cloud? Which?
Both.

 

3. Storage

a. Does your organisation use on-premise or cloud storage or both?
Both.

b. Please confirm the on-premise hardware manufacturer
Dell.

c. Please confirm your cloud storage provider
Microsoft.

d. What is your annual spend on cloud storage?
To date this financial year £40,226.

e. How do you back up your data and with who e.g. Backup as a Service
Please see Manchester City Council response after your questions.

 

Contact Centre, CRM, and AI & Automation:

1. Contact Centre – target to organisations we know have a CC

a. Do you have a customer/ citizen facing contact centre? If not please
skip these questions.
Yes.

b. Do you employ and manage your own agents, or do you outsource to a
third party? If you outsource who to?
Agents are MCC employees.

c. How many contact centre agents do you have?
Circa 140.

d. Do agents work from home? Or just your offices?
Both.

e. Please confirm the manufacturer of your contact centre system(s) that
are currently in place?
8x8.

f. When is your contract renewal date?
March 2025 with an option to extend up to 3 years.

g. Who maintains your contact centre system(s)?
8x8.

 

2. CRM

a. Do you use a CRM in the contact centre? What platform is used?
Yes. Verint.

b. Do you use the same CRM for the rest of the organisation? What platform
is used?
Yes.

c. Do you use a knowledge base / knowledge management platform? What
platform is used?
No.

 

3. AI & Automation

a. Does your organisation have a customer or citizen facing chatbot? If
so, who provides this chatbot technology?
No.

b. Does your organisation utilise RPA technology? If so which RPA
technology provider do you use?
We currently do not use any RPA technology.

 

The Manchester City Council response for Connectivity and Network Services
(f) and Storage (e):

I confirm that the Council does hold the information that you have
requested. However, having carefully considered the information, the
Council has determined that it is unable to comply with all of your
request. This is because some of the requested information is exempt from
disclosure under the following qualified exemption:

Section 31: Law enforcement

This exemption applies because the release of this information is likely
to prejudice the law enforcement or other regulatory activity carried out
by the Council. The full wording of section 31 can be found
here: [3]http://www.legislation.gov.uk/ukpga/2000...

 

This exemption is a 'qualified' exemption, which means that it is subject
to the public interest test set out in section 2(2)(b) of the 2000 Act.
The Council has applied the public interest test and has determined that,
on balance, it is more beneficial to the public to withhold the
information than to release it. In reaching this decision the Council has
considered the relevant factors in favour of and against disclosure, in
particular the following:

 

Factors in favour of releasing the information  

 

The Council considers that to confirm the requested information would
indicate the prevalence of malicious cyber activity against the Council’s
ICT infrastructure and would reveal details about the Council’s
information security systems. The Council recognises that answering the
request would promote openness and transparency with regards to the
Council’s ICT security.  

 

Factors in favour of withholding the information  

 

Cyber-attacks, which may amount to criminal offences for example under the
Computer Misuse Act 1990 or the Data Protection Act 2018, are rated as a
Tier 1 threat by the UK Government. The Council like any organisation may
be subject to cyber-attacks, and since it holds large amounts of
sensitive, personal, and confidential information, maintaining the
security of this information is extremely important.   

  

In this context, the Council considers that confirming the requested
information would provide information about the Council’s information
security systems and its resilience to cyber-attacks. There is a very
strong public interest in preventing the Council’s information systems
from being subject to cyber-attacks. Confirming the type of information
requested would be likely to prejudice the prevention of cybercrime, and
this is not in the public interest.    

 

Balancing the public interest factors  

 

The Council has considered that if it were to confirm the requested
information, it would enable potential cyber attackers to ascertain how
and to what extend the Council is able to detect and deal with ICT
security attacks. The Council’s position is that complying with the duty
to confirm the information would be likely to prejudice the prevention or
detection of crime, as the information would assist those who want to
attack the Council’s ICT systems. Disclosure of the information would
assist a hacker in gaining valuable information as to the nature of the
Council’s systems, defences and possible vulnerabilities. This information
would enter the public domain and set a precedent for other similar
requests which would, in principle, result in the Council being a position
where it would be more difficult to refuse information in similar
requests.

 

To confirm the information is likely to enable hackers to obtain
information in mosaic form combined with other information to enable
hackers to gain greater insight than they would ordinarily have, which
would facilitate the commissioning of crime such as hacking itself and
fraud. This would impact on the Council’s operations including its
front-line services.  The prejudice in complying with section 1(1)(a) FOIA
is real and significant as to confirm or deny would allow valuable insight
into the perceived strengths and weaknesses of the Council’s ICT systems.

 

The Council acknowledges that transparency and accountability are
important public interest considerations regarding the Council’s approach
to cyber security, to this effect the Council has published its ICT and
Digital Strategy which can be found via the following link: 

 

[4]https://www.manchester.gov.uk/news/artic...

 

[5]https://democracy.manchester.gov.uk/ieLi...

  

The Council determines that the balance of the public interest test lies
in withholding the information. 

 

ICT Information Governance and Information Strategy   

  

Manchester City Council’s ICT and Digital Strategy has been designed to
align to the Directorates’ Business Plans. Its vision is to have a
strategy that has the customer at its heart, with a vision: to be the most
business-aligned Information and ICT Service in Local Government leading
the way in technical innovation, data analytics and intelligence to
support the Council in achieving its goals. 

 

This will provide for a stable and reliable ICT Infrastructure that is
secure, robust, and fit for the ambition for the Council and the
communities that it serves furthermore, managing data and information as a
valuable asset, with appropriate governance to control information risk. 

  

The considerations around data security and standards are governed through
the Corporate Information Assurance and Risk Group (CIARG) chaired by the
Council’s Strategic Information Risk Owner (SIRO), City Solicitor. It is
also an integral part of the annual Public Services Network (PSN)
compliance activity managed through ICT governance. The current focus of
CIARG is an action plan in response to the Information Commissioner’s
audit report 2014/5. Future governance for information will need to be
reviewed to ensure strategic alignment with ICT and the wider business
requirements for intelligence.  

 

  

Re-use of information

Information about [6]the re-use of council information [url:
https://www.manchester.gov.uk/info/10000...
is available on the Council’s website. If you wish to re-use this
information, please follow the application process described. Your request
will be considered in accordance with the Re-use of Public Sector
Information Regulations 2015.

Please note if you are not satisfied with this response, you may ask for
an internal review. If you wish an internal review to be undertaken you
should contact the Democratic Services Legal Team, whose address is, PO
Box 532, Town Hall, Manchester, M60 2LA, email:
[7][MCC request email] in the first instance.

A copy of the Council’s [8]Information Rights Complaint Procedure [url:
https://www.manchester.gov.uk/downloads/...
is available on the Council’s website. If you do not have internet access
and require a paper copy, please let me know.

If you are not content with the outcome of the internal review process,
you have the right to apply directly to the Information Commissioner for a
decision.

You should primarily contact the Information Commissioner on the following
link: [9]www.ico.org.uk/foicomplaints

Alternatively, the Information Commissioner can also be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113
Fax: 01625 524510
[10]www.ico.org.uk

If you have any queries about this letter, please contact me.  Please
remember to quote the reference number above in any future communications.

Yours sincerely

 

Craig Watts

Programme Lead
ICT Programme Office and Governance
Manchester City Council
7th Floor
Town Hall Extension
PO Box 532
Manchester
M60 2LA

Section 31 only applies to information that does not fall into the
categories in section 30. For this reason sections 30 and 31 are sometimes
referred to as being mutually exclusive. Section 31 applies where
complying with the request would prejudice or would be likely to prejudice
various law enforcement purposes (listed in the Act) including preventing
crime, administering justice, and collecting tax. It also protects certain
other regulatory functions, for example those relating to health and
safety and charity administration. Note: Section 31(1)(a)  can protect
information on a public authority’s systems which would make it more
vulnerable to crime . Can also be used by a public authority with no law
enforcement function to protect the work of another.

Both exemptions are qualified by the public interest test.

https://ico.org.uk/media/for-organisatio...

Disclosure would prejudice one of the following:

(a) the prevention or detection of crime,

(b) the apprehension or prosecution of offenders,

(c) the administration of justice,

(d) the assessment or collection of any tax or duty or of

any imposition of a similar nature,

(e) the operation of immigration controls,

(f) the maintenance of security and good order in prisons or in other
institutions where persons are lawfully detained,

(g) the exercise by any public authority of its functions for any of the
purposes specified in subsection (2) [the purposes are establishing
failure to comply with the law, improper conduct, what regulatory action
to take, a person’s fitness or competence, the cause of an
accident/protecting charities/securing health and safety at work],

(h) any civil proceedings which are brought by or on behalf of a public
authority and arise out of an investigation conducted, for any purposes
specified in subsection (2) [see above], by or on behalf of the authority
by virtue of Her Majesty’s prerogative or by virtue of powers conferred by
or under an enactment, 

Insert Public Interest Test wording

References

Visible links
1. https://procontract.due-north.com/Contra...
2. https://procontract.due-north.com/Contra...
3. http://www.legislation.gov.uk/ukpga/2000...
4. https://www.manchester.gov.uk/news/artic...
5. https://democracy.manchester.gov.uk/ieLi...
6. https://www.manchester.gov.uk/info/10000...
7. mailto:[MCC request email]
8. https://www.manchester.gov.uk/downloads/...
9. http://www.ico.org.uk/foicomplaints
10. http://www.ico.org.uk/