We don't know whether the most recent response to this request contains information or not – if you are Francois Charles please sign in and let everyone know.

University IT Infrastructure information

We're waiting for Francois Charles to read a recent response and update the status.

Dear University of Warwick,

Under the Freedom of Information Act 2000 may I kindly request the following information about the Universities IT Infrastructure Information. The information needed is as follows:

IT Compliant Route to purchase
What Frameworks are used for IT Procurement? (ie. SSSNA, NEUPC, Janet, CCS, CPC)?

Network
Network vendor?
If you use Cisco, do you use Smart Collector?
How many switches?
How many routers?
How many wireless controllers/ AP’s?
Network speed?
Network contract start date?
Date Network Support ends / is refreshed ?
Value of existing Network support contract ?
Do you use Network virtualisation?
Is the university going out toTender for networking this year?

Security
IT Security vendors used?
IT Security Support renewal date?
Do you use 2FA?
What web and email filtering is used?
What DLP is in place?
What SIEM solution is used?
What intrusion prevention is used?
What endpoint security is used?
Next renewal date for security software/ support?

Cloud
Are you using or are interested in AWS/Google or Azure for cloud services?
Do you use any Cloud File Storage? If so, what?

Data Destruction
Is there a Data Destruction Policy in place?
Do you destroy HDD onsite or outsource the service?
Current Supplier of HDD destruction services?
Is the HDD wiped / degaussed before leaving your datacentre? If, yes, how do you ensure that the data has been completely erased
Approx. Number of drives destroyed/wiped per annum?

Yours faithfully,

Francois Charles

infocompliance, Resource, University of Warwick

Thank you for your email which has been received by the University's
Information and Data Compliance Team. 

The University undertakes to respond to Freedom of Information requests
within 20 working days and to Subject Access Requests within 40 calendar
days.

Information and Data Compliance Team.

infocompliance, Resource, University of Warwick

Dear Mr Charles,

 

Thank you for your email dated 8^th of January 2018 requesting information
about the University of Warwick. Your request is being considered under
the Freedom of Information Act 2000. Please find below your original
request and our response.

IT Compliant Route to purchase

1.       What Frameworks are used for IT Procurement? (ie. SSSNA, NEUPC,
Janet, CCS, CPC)?

All frameworks above plus SUPC.

Network

2.       Network vendor?

Cisco

3.       If you use Cisco, do you use Smart Collector?

No

4.       How many switches?

1,100

5.       How many routers?

2

6.       How many wireless controllers/ AP’s?

8

7.       Network speed?

10/100/1000/10G/40G

8.       Network contract start date?

1^st  August 2017

9.       Date Network Support ends / is refreshed ?

31^st  July 2018

10.   Value of existing Network support contract?

Please note that the University has not provided information in relation
to the value of the requested contract as it considers that the release of
this information would prejudice the University and the suppliers
commercial interests. This information is withheld under the exemption at
section 43(2) of the Freedom of Information Act 2000. Section 43(2) states
that “information is exempt information if its disclosure under this Act
would, or would be likely to, prejudice the commercial interests of any
person (including the public authority holding it)”. The University
considers that the release of the specific information would prejudice the
University and the supplier’s commercial interests by revealing such
information to competitors as these are regularly renewed contracts and
therefore disclosing such information would provide competitors with an
advantage when the contract is retendered or new quotes are sought.

The University considers that the commercial aspects of a successful
contract are specific to those parties to the contract. Should such
information be made available to the public at large, even if from a
successful bid, this would result in the University losing credibility
with its supply base, provide a disincentive to suppliers to bid for
future University contracts and ultimately have a detrimental impact on
competition and the ability of the University to achieve value for money.
The disclosure of the value of contracts could seriously affect the
competitiveness of the market and to distort any future tender process
which is not in the public interest. As well as potentially prejudicing
the University’s commercial interests, releasing the information requested
would be likely to prejudice the supplier’s commercial interests by
weakening its position in a competitive environment and by revealing
information of potential usefulness to its competitors. The disclosure of
contract values would provide a significant advantage to competitors and
damage the supplier’s ability to compete effectively in future tender
processes.

The exemption at section 43(2) is a qualified exemption which means that
the University must consider whether the public interest in maintaining
the exemption outweighs the public interest in disclosure. The University
considers there is no overriding public interest in the circumstances that
would warrant prejudicing the University’s or the supplier’s commercial
interests. It is important to note that disclosure under the Freedom of
Information Act is effectively disclosure to the general public, not
solely the person who has made the request. Therefore, the University is
of the opinion that the public interest lies in favour of withholding the
requested information.

11.   Do you use Network virtualisation?

Yes

12.   Is the university going out toTender for networking this year?

Yes

Security

 Please see response below for questions 13 – 21.

13.   IT Security vendors used?

 

14.   IT Security Support renewal date?

15.   Do you use 2FA?

16.   What web and email filtering is used?

17.   What DLP is in place?

18.   What SIEM solution is used?

19.   What intrusion prevention is used?

20.   What endpoint security is used?

21.   Next renewal date for security software/ support?

The University confirms that it holds the requested information in
relation to questions 13 – 21 but declines to provide the information as
it believes it is exempt from disclosure under section 31(1)(a) of the
Freedom of Information Act.

We are not obliged to provide information if its release would prejudice
the prevention or detection of crime. In this case, the University
believes that releasing detailed information regarding the security
questions above creates a security risk and is likely to prejudice the
prevention or detection of crime under section 31(1)(a). Disclosure would
make the University more vulnerable to crime, including cyber-attacks, phi
from an external hacker. By divulging the requested information the
University would be likely to unnecessarily expose itself to the risk of
harm and potentially huge financial cost.

The exemption at section 31(1)(a) is a qualified exemption which means
that the University must consider whether the public interest in
maintaining the exemption outweighs the public interest in disclosure. The
University recognises that there is legitimate public interest in proving
information as this encourages openness, accountability and informed
public debate. However, the University also believe that there is a strong
public interest in maintaining the exemption if disclosure would be likely
to prejudice the University’s ability to perform its functions effectively
in that the University would be diverted from its day to day work in order
to deal with the consequences of a cyber-attack. In addition to the delay
and disruption to the University, the consequences of such an attack would
incur a huge financial cost in repairing infected devices and/or
purchasing and installing new equipment.

Therefore, the University is of the opinion that the public interest lies
in favour of withholding the requested information.

Cloud

22.   Are you using or are interested in AWS/Google or Azure for cloud
services?

Yes

23.   Do you use any Cloud File Storage? If so, what?

OneDrive for Business

 

Data Destruction

24.   Is there a Data Destruction Policy in place?

Yes

25.   Do you destroy HDD onsite or outsource the service?

Either, depending on the specific requirement.

26.   Current Supplier of HDD destruction services?

The University is currently using RDC.

27.   Is the HDD wiped / degaussed before leaving your datacentre? If,
yes, how do you ensure that the data has been completely erased Approx.
Number of drives destroyed/wiped per annum?

If onsite, the University would normally employ specialist software to
securely erase all data to a recognised standard, or if the data storage
medium cannot be written to then the University would use a NATO-approved
security degausser. In excess of 3,000 drives per annum are securely
erased or destroyed, across a range of devices.

If you are unhappy with the way in which your request has been handled by
the University of Warwick, you can request an internal review and in the
first instance you are advised to follow the procedure outlined here:
[1]http://www2.warwick.ac.uk/services/legal...

If you remain dissatisfied with the handling of your request or complaint,
you have a right to appeal to the Information Commissioner at:

The Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Phone: 0303 123 1113

Website:

[2]https://ico.org.uk/

There is no charge for making an appeal.

Yours sincerely,

Ian Rowley

Ian Rowley | Director of Development, Comms & External Affairs| External
Affairs
University House | University of Warwick | Coventry | CV4 8UW

References

Visible links
1. http://www2.warwick.ac.uk/services/legal...
2. https://ico.org.uk/

Francois Charles

Dear infocompliance, Resource,

Thank you for your reply and the information provided.

Yours sincerely,

Francois Charles

infocompliance, Resource, University of Warwick

Thank you for your email which has been received by the University's
Information and Data Compliance Team. 

The University undertakes to respond to Freedom of Information requests
within 20 working days and to Subject Access Requests within 40 calendar
days.

Information and Data Compliance Team.

We don't know whether the most recent response to this request contains information or not – if you are Francois Charles please sign in and let everyone know.

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org