Intranet Queries

The request was partially successful.

Dear The Payment Systems Regulator Limited,

I am writing to make a request for all the information to which I am entitled under Freedom of Information Act 2000. My requests are outlined below as specifically as possible to help you retrieve the information required. However, if any of the below is unclear, I would appreciate if you could contact me as I understand that under the act, you are required to assist requesters.

Please could you provide the following information:

1) How many employees are working for your organisation, including full-time, part-time, and contracted staff?
2) What is your annual intranet budget?
3) What is your current intranet solution? (e.g. Invotra, Sharepoint, Kahootz, Umbraco)
4) How long have you been using this solution, and when does your contract expire?
5) Do you work with an external partner to supply your intranet? If not, do you develop your intranet internally?
6) Which team/individual is responsible for managing your intranet internally?
7) Which other organisations have access to your intranet?
8) Do you share IT services with other organisations?
9) Are you using the Office 365 suite? If so, which applications from the suite are in use?
10) Who is responsible for your intranet’s procurement within the organisation?
11) Do you use Microsoft’s Active Directory to manage your people data? If so, is your Active Directory (AD) managed on-premise or in the cloud?
12) Do you use any other Software as a Service (SaaS) applications? (e.g. Atlassian/Jira, Slack, Trello, Xero)

If possible, please could you present the information via a Microsoft Word or Excel document, sent to me via email. I understand that under the act, I should be entitled to a response within 20 days and therefore I would appreciate if you could confirm receipt of my request.

Yours faithfully,

Louis James

Contact Us, The Payment Systems Regulator Limited

3 Attachments

Thank you for your email, we have received and logged it.

 

If it is addressed directly to the Payment Systems Regulator, we will look
into the comments you’ve made and depending on the type of enquiry you
have submitted, will respond to you in no later than 20 working days*

 

Unfortunately, there are occasions where we might not be the appropriate
organisation to review your email  if that is the case, we will let you
know who we think will be able to help.

 

We will not respond to emails where the Payment Systems Regulator is only
copied in.

 

*for Super complaints, government guidelines stipulate a response within
90 calendar days of receipt

 

If you are contacting the Payment Systems Regulator to enquire about
leniency or make a leniency application, you should call the Competition
and Markets Authority (CMA) directly on their leniency number: +44 (0)20
3738 6833. The CMA acts as the single port of call for all leniency
applications in the UK. For further information on the arrangements for
the handling of leniency applications in UK regulated sectors, please see
the [1]CMA’s website.

 

 

Kind regards,

 

Correspondence Handling Team

 

[2]cid:image002.jpg@01D40F94.BEB18B30

 

[3]www.psr.org.uk

 

Follow us: [4]Description: Description: Description: Description:
Description: cid:image002.png@01D0566D.AC493FD0  [5]Description:
Description: Description: Description: Description:
cid:image003.png@01D0566D.AC493FD0

 

This email is PSR Restricted unless marked otherwise – please handle
according to our information handling policy which can be found [6]here.

 

 

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

References

Visible links
1. https://www.gov.uk/guidance/cartels-conf...
3. http://recmgmt.is.fsa.gov.uk/livelink/li...
4. http://www.twitter.com/thepsr
5. http://www.linkedin.com/company/payment-...
6. https://www.psr.org.uk/handling-classifi...

PSRfoi@psr.org.uk, The Payment Systems Regulator Limited

3 Attachments

Our ref: FOI6874

 

Dear Mr James

 

Freedom of Information: Right to know request

 

We refer to your request under the Freedom of Information Act 2000 (“the
Act”) for the following information:

 

 1. How many employees are working for your organisation, including
full-time, part-time, and contracted staff?
 2. What is your annual intranet budget?
 3. What is your current intranet solution? (e.g. Invotra, Sharepoint,
Kahootz, Umbraco)
 4. How long have you been using this solution, and when does your
contract expire?
 5. Do you work with an external partner to supply your intranet? If not,
do you develop your intranet internally?
 6. Which team/individual is responsible for managing your intranet
internally?
 7. Which other organisations have access to your intranet?
 8. Do you share IT services with other organisations?
 9. Are you using the Office 365 suite? If so, which applications from the
suite are in use?
10. Who is responsible for your intranet’s procurement within the
organisation?
11. Do you use Microsoft’s Active Directory to manage your people data? If
so, is your Active Directory (AD) managed on-premise or in the cloud?
12. Do you use any other Software as a Service (SaaS) applications? (e.g.
Atlassian/Jira, Slack, Trello, Xero)

 

Your request is currently being considered and, in doing so, we are of the
view that the following qualified exemption under the Act may apply:

 

o section 43 (commercial interests)

 

This is because we consider that disclosure would, or would be likely to,
prejudice the commercial interests of any person (including the public
authority holding it).

 

As this is the case, the FCA is required to weigh the public interest in
maintaining the exemption against the public interest in disclosing any
information.

 

By virtue of section 10(3), where public authorities have to consider the
balance of the public interest in relation to a request, they do not have
to comply with the request until such time as is reasonable in the
circumstances.  The FCA has not yet reached a decision on the balance of
the public interest.  Due to the need to consider, in all the
circumstances of the case, where the balance of the public interest lies
in relation to the information that you have requested, the FCA will not
be able to respond to your request in full within 20 working days.  In
these circumstances, we hope to be in a position to respond to you by 23
December 2019, although should we be in a position to contact you sooner
we will do so.

 

Yours sincerely

 

Information Disclosure Team

 

[1]cid:image002.jpg@01D3C5D1.32015060

Payment Systems Regulator

12 Endeavour Square

London

E20 1JN

 

[2]www.psr.org.uk

 

Follow us: [3]Description: Description: Description: Description:
Description: cid:image002.png@01D0566D.AC493FD0  [4]Description:
Description: Description: Description: Description:
cid:image003.png@01D0566D.AC493FD0

 

 

 

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

References

Visible links
2. http://recmgmt.is.fsa.gov.uk/livelink/li...
3. http://www.twitter.com/thepsr
4. http://www.linkedin.com/company/payment-...

PSRfoi@psr.org.uk, The Payment Systems Regulator Limited

3 Attachments

Our ref: FOI6874

 

Dear Mr James

 

Freedom of Information: Right to know request

 

We write further to our email of 25 November 2019.

 

The FCA is still not in a position to reply to your "right to know"
request, as a decision has yet to be reached on the balance of public
interest in respect of some of the information you seek. It is therefore
necessary to extend the date for responding to you further. We hope to be
in a position to respond to you by 23 January 2020; however, should we be
in a position to contact you sooner, we will do so.

Yours sincerely

 

Information Disclosure Team

 

[1]cid:image002.jpg@01D3C5D1.32015060

Payment Systems Regulator

12 Endeavour Square

London

E20 1JN

 

[2]www.psr.org.uk

 

Follow us: [3]Description: Description: Description: Description:
Description: cid:image002.png@01D0566D.AC493FD0  [4]Description:
Description: Description: Description: Description:
cid:image003.png@01D0566D.AC493FD0

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

References

Visible links
2. http://recmgmt.is.fsa.gov.uk/livelink/li...
3. http://www.twitter.com/thepsr
4. http://www.linkedin.com/company/payment-...

Freedom of Information,

3 Attachments

Our ref:         FOI6874

 

Dear Mr James

 

Freedom of Information: Right to know request

 

Thank you for your request dated 28 October 2019 and received under the
Freedom of Information Act 2000 (the Act) for information relating to the
Payment Services Regulator’s (PSR) intranet. Please refer to Annex A for
full details of your request.

 

On 25 November 2019, we advised you that we required more time to balance
the “public interest” arguments for and against disclosure in relation to
the information you are seeking. We have now completed that work and our
response is below.

 

For point 1, the below table sets out the number of employees working at
the PSR as at 5 December 2019:

 

Full-time Part-time
Employee – Fixed Term Contract 5 7
Employee – Permanent 86 8
Total 91 15

 

For point 2, we consider that disclosure of the annual spend could
prejudice the commercial interests of the PSR and our supplier were it to
be made public, and therefore the exemption at section 43 (commercial
interests) of the Act applies for the reasons set out in Annex B below.
Nonetheless, with a view to providing you with as much information as we
can, we can confirm the average annual spend is between £10,000 and
£50,000.

 

For point 3, we are unable to disclose what our current intranet solution
is, as disclosure would, or would be likely to, prejudice the prevention
or detection of crime. Therefore, we consider that section 31 (law
enforcement) of the Act applies for the reasons set out in Annex B below.

 

For point 4, our intranet solution has no contract expiry as the contract
has an ongoing renewal solution.

 

For point 5, we can confirm that we have engaged an external supplier to
supply the FCA’s intranet.

 

For point 6, our Internal Communications Team is responsible for managing
our intranet internally.

 

For point 7, the Financial Conduct Authority has access to our intranet.

 

For point 8, we can confirm that other organisations do have access to our
IT systems.

 

For point 9, we can confirm we are using the Office 365 suite. However, we
cannot confirm which suite of applications we use as disclosure would, or
would be likely to, prejudice the prevention or detection of crime.
Therefore, we consider that section 31 (law enforcement) of the Act
applies for the reasons set out in Annex B below.

 

For point 10, the procurement team is responsible for procurement of our
intranet.

 

For point 11, we are unable to disclose this information, as disclosure
would, or would be likely to, prejudice the prevention or detection of
crime. Therefore, we consider that section 31 (law enforcement) of the Act
applies for the reasons set out in Annex B below.

 

Finally, for point 12 we do use other Software as a Service (SaaS)
applications. However, we are unable to disclose which SaaS applications
we use as disclosure would, or would be likely to, prejudice the
prevention or detection of crime. Therefore, we consider that section 31
(law enforcement) of the Act applies for the reasons set out in Annex B
below.

 

If you are unhappy with this response, you have the right to request an
internal review. If you wish to exercise this right you should contact the
Information Disclosure Team within 60 working days of the date of this
response.

 

If you are not content with the outcome of the internal review, you also
have a right of appeal to the Information Commissioner at Information
Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9
5AF. Telephone: 01625 545 700. Website: [1]www.ico.org.uk

 

 

Yours sincerely

 

Information Disclosure Team / Cyber and Information Resilience Department
/ Operations

[2]Description: cid:image001.png@01D2A7C9.64DDD390

12 Endeavour Square

London

E20 1JN

 

[3]www.fca.org.uk

 

Follow us:

 

[4]Description: https://g.twimg.com/Twitter_logo_blue.pn...
image003

 

Annex A

 

Request received on 22 October 2019

 

 1. How many employees are working for your organisation, including
full-time, part-time, and contracted staff?
 2. What is your annual intranet budget?
 3. What is your current intranet solution? (e.g. Invotra, Sharepoint,
Kahootz, Umbraco)
 4. How long have you been using this solution, and when does your
contract expire?
 5. Do you work with an external partner to supply your intranet? If not,
do you develop your intranet internally?
 6. Which team/individual is responsible for managing your intranet
internally?
 7. Which other organisations have access to your intranet?
 8. Do you share IT services with other organisations?
 9. Are you using the Office 365 suite? If so, which applications from the
suite are in use?
10. Who is responsible for your intranet’s procurement within the
organisation?
11. Do you use Microsoft’s Active Directory to manage your people data? If
so, is your Active Directory (AD) managed on-premise or in the cloud?
12. Do you use any other Software as a Service (SaaS) applications? (e.g.
Atlassian/Jira, Slack, Trello, Xero)

 

Annex B

 

•       Section 43 (Commercial interests)

 

Section 43(2) of the Act provides that information is exempt if its
disclosure would, or would be likely to prejudice the commercial interests
of any person (including the public authority holding it).

 

In respect of your request, disclosure of the information requested in
point two would be likely to prejudice not only the commercial interests
of SharePoint, but also the commercial interests of the PSR itself.

 

The exemption in Section 43 is qualified and we have balanced the public
interest for and against disclosure as required by the Act.

 

For disclosure

 

•       There is a strong public interest in the public being able to see
and potentially scrutinise how much the PSR is spending on services.

 

Against disclosure

 

•       Disclosure is likely to undermine the PSR’s commercial interests
as to disclose the information requested could adversely impact our
position in future negotiations with suppliers or procurement exercises
with similar specifications.

 

•       The commercial interests of the supplier involved are likely to be
harmed by such a disclosure as this may affect the supplier’s ability to
negotiate with other potential future customers. Further, disclosure could
potentially provide an unfair advantage to competitors of these suppliers
when bidding for work with both the PSR and other commercial entities.

 

On this occasion we have concluded that, for the reasons set out above,
the balance of the public interest is in favour of not disclosing
information set out above.

 

 

·                  Section 31 (Law enforcement)

 

The qualified exemption in section 31(1)(a) of the Act applies because
disclosure of the information requested would, or would be likely to,
prejudice the prevention or detection of crime.

 

As explained in our letter, this exemption applies to points 3, 9 11 and
12 of your request in that such information, if disclosed would, or would
be likely to, prejudice the prevention or detection of crime as disclosure
would enable criminals to draw conclusions about our cyber security
capability and in turn, may encourage them to launch cyber-attacks on our
systems.

 

This exemption is qualified and we have balanced the public interest for
and against disclosure as required by the Act.

 

 

For disclosure

 

o There is a strong public interest in favour of transparency and in the
public being reassured that we are taking the necessary precautions to
ensure that our information systems, some of which hold information on
the firms and individuals that we regulate, are secure and safe from
cyber-attacks.

 

o Disclosure of the information would demonstrate how the PSR responds
to the ever-increasing threat of its systems being compromised.

 

Against disclosure

 

o In addition to the arguments set out above, there is a strong public
interest in the PSR being able to keep their systems safe and secure
from cyber-attacks to ensure our role as financial regulator is not
compromised?

 

On this occasion, we have concluded that the balance of the public
interest is in favour of maintaining the exemption under section 31 of the
Act, for the reasons set out above.

 

 

 

 

 

This communication and any attachments may contain personal information.
For more information about how and why we use personal information and who
to contact with any queries about this, please see our privacy notices:
FCA Privacy Notice (https://www.fca.org.uk/data-protection) and PSR
Privacy Notice
(https://www.psr.org.uk/cookies-privacy-a...).

This communication and any attachments contain information which is
confidential and may be subject to legal privilege. It is for intended
recipients only. If you are not the intended recipient you must not copy,
distribute, publish, rely on or otherwise use it without our consent. Some
of our communications may contain confidential information which it could
be a criminal offence for you to disclose or use without authority. If you
have received this email in error please notify [email address]
immediately and delete the email from your computer. Further information
on the classification and handling of FCA information can be found on the
FCA website
(http://www.fca.org.uk/site-info/legal/fc...).

The FCA (or, if this email originates from the Payment Systems Regulator
Limited, the FCA on behalf of the Payment Systems Regulator Limited / the
Payment Systems Regulator Limited) reserves the right to monitor all email
communications for compliance with legal, regulatory and professional
standards.

This email is not intended to nor should it be taken to create any legal
relations or contractual relationships. This email has originated from the
Financial Conduct Authority (FCA), or the Payment Systems Regulator
Limited.

The Financial Conduct Authority (FCA) is registered as a limited company
in England and Wales No. 1920623. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

The Payment Systems Regulator Limited is registered as a limited company
in England and Wales No. 8970864. Registered office: 12 Endeavour Square,
Stratford, London, E20 1JN, United Kingdom

Switchboard 020 7066 1000

Web Site http://www.fca.org.uk (FCA); http://www.psr.org.uk (the Payment
Systems Regulator Limited)

References

Visible links
1. http://www.ico.org.uk/
3. http://www.fca.org.uk/
4. https://twitter.com/TheFCA
5. https://www.linkedin.com/company/financi...