Infrastructure information

The request was successful.

Dear Cranfield University,
Under the Freedom of Information Act 2000 may I kindly request the following information about the Universities IT Infrastructure. The information needed is as follows:

IT Compliant Route to purchase
What Frameworks are used for IT Procurement? (ie. SSSNA, NEUPC, Janet, CCS, CPC)?

Is IT purchasing devolved or all controlled by Central IT Services?

Network
Network vendor?
Do you use Smart Collector?
How many switches?
How many routers?
How many wireless controllers / AP’s?
Network speed?
Network contract start date?
Date Network Support ends / is refreshed?
Value of existing Network support contract?
Network virtualisation?

Security
IT Security vendors used?
IT Security Support renewal date?
Do you use 2FA?
What web and email filtering is used?
What DLP is in place?
What SIEM solution is used?
What intrusion prevention is used?
What endpoint security is used?

Data Destruction
Given the new GDPR Laws taking effect next year………
Is there a Data Destruction Policy in place?
Do you destroy HDD onsite or outsource the service?
Current Supplier of HDD destruction services?
Are they CESG / ADISA approved and to what level?
Is the HDD wiped / degaussed before leaving your datacentre?
Approx Number of drives destroyed/wiped per annum?

Thanking You
Yours faithfully,

Francois Charles

foi, Cranfield University

Dear Mr Charles,

Thank you for your request made under the freedom of information Act 2000.

I confirm that this is being considered and we will respond as soon as possible and in any case within 20 working days.

Yours sincerely
 
Mary Betts-Gray, MA (Hons), MCLIP, FHEA, PC.foi
Freedom of Information Officer
Cranfield University
Cranfield
Bedford
MK43 0AL
 
Tel: +44 (0)1234 754331
Fax: +44 (0)1234 751806
E-mail: [Cranfield University request email]
 
http://www.cranfield.ac.uk/legal/foi/ind...
 
This email and any attachments to it may be confidential and are intended only for the named addressee. If you are not the named addressee, please accept our apology, notify the sender immediately and then delete the email. We request that you do not disclose, use, copy or distribute any information within it.
 
Any opinions expressed are not necessarily the corporate view of Cranfield University. This email is not intended to be contractually binding unless specifically stated and the sender is an authorised University signatory.
 
Whilst we have taken steps to ensure that this email and all attachments are free from any virus, we advise that, in keeping with good computing practice, the recipient should ensure they are actually virus free.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

foi, Cranfield University

Dear Mr Charles,

Thank you for your request, dated 29 August, made under the Freedom of Information Act 2000.

You requested information about

"IT infrastructure"

Cranfield University has now completed its search for the information requested and can confirm that we do hold information. Please see our responses below.

IT Compliant Route to purchase
What Frameworks are used for IT Procurement? (ie. SSSNA, NEUPC, Janet, CCS, CPC)? The HE/Government frameworks quoted will be our first consideration for procurement. However we will also use our own procurement framework when we believe we can obtain a better outcome.

Is IT purchasing devolved or all controlled by Central IT Services? The vast majority of IT purchasing is via the central IT team supported by our Procurement team.

Network
Network vendor? We operate a mixed vendor network, including products from HPE/Aruba, Extreme Networks, Fortinet and Juniper

Do you use Smart Collector? No

How many switches? Approximately 600

How many routers? 15

How many wireless controllers / AP’s? 8 wireless controllers, approximately 950 APs

Network speed? Edge network is 1Gbps, Core interlinks 40Gbps

Network contract start date? February 2012

Date Network Support ends / is refreshed? Annual renewal every February

Value of existing Network support contract? £23,000 per annum

Network virtualisation? No

Security
IT Security vendors used? Becrypt, Fortinet, Rapid7, Symantec and Trend

IT Security Support renewal date? Becrypt (January 2018), Clam (Not applicable), Fortinet (February 2020), Rapid7 (September 2019), Symantec (June 2018) and Trend (May 2018)

Do you use 2FA? No

What web and email filtering is used? Web – None. Email – SpamAssassin, Clam and Symantec

What DLP is in place? None

What SIEM solution is used? None

What intrusion prevention is used? Fortinet, Suricata

What endpoint security is used? Symantec

Data Destruction
Given the new GDPR Laws taking effect next year……… Is there a Data Destruction Policy in place? No - There are both a Personal Data Retention Schedule and a Secure IT Disposal Policy in place

Do you destroy HDD onsite or outsource the service? Outsource the service

Current Supplier of HDD destruction services? Secure I.T. Disposals Ltd

Are they CESG / ADISA approved and to what level? Yes: CESG - TOP SECRET and below against Sanitisation Version 2.0 ADISA - Pass with Distinction

Is the HDD wiped / degaussed before leaving your datacentre? No - Secure transport to destruction site

Approx Number of drives destroyed/wiped per annum? 350

Should you have any queries with regard to the information provided please do not hesitate to contact me.

If you are unhappy with the way in which your request has been dealt with please refer to our internal appeals procedure http://www.cranfield.ac.uk/about/governa...

If you remain dissatisfied with the handling of your request or complaint you have a right to appeal to the Information Commissioner at:

The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Telephone: 08456 306060 or 01625 545745.
Website: www.ico.gov.uk

Yours sincerely

Mary Betts-Gray, MA (Hons), MCLIP, FHEA, PC.foi Freedom of Information Officer Cranfield University Cranfield Bedford
MK43 0AL

Tel: +44 (0)1234 754331
Fax: +44 (0)1234 751806
E-mail: [Cranfield University request email]

http://www.cranfield.ac.uk/legal/foi/ind...

This email and any attachments to it may be confidential and are intended only for the named addressee. If you are not the named addressee, please accept our apology, notify the sender immediately and then delete the email. We request that you do not disclose, use, copy or distribute any information within it.

Any opinions expressed are not necessarily the corporate view of Cranfield University. This email is not intended to be contractually binding unless specifically stated and the sender is an authorised University signatory.

Whilst we have taken steps to ensure that this email and all attachments are free from any virus, we advise that, in keeping with good computing practice, the recipient should ensure they are actually virus free.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------