We don't know whether the most recent response to this request contains information or not – if you are Francois Charles please sign in and let everyone know.

University IT Infrastructure information

We're waiting for Francois Charles to read recent responses and update the status.

Dear University of Leeds,

Under the Freedom of Information Act 2000 may I kindly request the following information about the Universities IT Infrastructure Information. The information needed is as follows:

IT Compliant Route to purchase
What Frameworks are used for IT Procurement? (ie. SSSNA, NEUPC, Janet, CCS, CPC)?

Network
Network vendor?
If you use Cisco, do you use Smart Collector?
How many switches?
How many routers?
How many wireless controllers/ AP’s?
Network speed?
Network contract start date?
Date Network Support ends / is refreshed ?
Value of existing Network support contract ?
Do you use Network virtualisation?
Is the university going out toTender for networking this year?

Security
IT Security vendors used?
IT Security Support renewal date?
Do you use 2FA?
What web and email filtering is used?
What DLP is in place?
What SIEM solution is used?
What intrusion prevention is used?
What endpoint security is used?
Next renewal date for security software/ support?

Cloud
Are you using or are interested in AWS/Google or Azure for cloud services?
Do you use any Cloud File Storage? If so, what?

Data Destruction
Is there a Data Destruction Policy in place?
Do you destroy HDD onsite or outsource the service?
Current Supplier of HDD destruction services?
Is the HDD wiped / degaussed before leaving your datacentre? If, yes, how do you ensure that the data has been completely erased
Approx. Number of drives destroyed/wiped per annum?

Yours faithfully,

Francois Charles

Tracey Crombie,

Dear Francois

I can confirm receipt of the request below, dated 8 January 2018.

Your request is being dealt with under the terms of the Freedom of Information Act 2000 and will be answered within twenty working days. As such, you should expect to hear from the University in response by 5 February 2018, if, in the meantime, you have any queries about the request, please don’t hesitate to contact Jenny Foggin ([email address]).

Kind regards

Tracey Crombie
PA to the Legal Adviser
University of Leeds
LS2 9JT
Tel: 0113 343 4078 (NB 8am-4pm)
Fax: 0113 343 3925

This communication is intended solely for the addressee, is strictly confidential and may also be legally privileged. If you are not the addressee please do not read, print, re-transmit, store or act in reliance on it or any attachments. Instead, please contact Tracey Crombie on the above telephone number.

Any liability (in negligence or otherwise) arising from any third party acting, or refraining from acting, on any information contained in this email is excluded.

It is the responsibility of the receiver of this email to ensure that any onward transmission or use of this email (including attachments) will not adversely affect their systems or data contained on their systems. Receivers are advised to carry out virus checks. The University of Leeds accepts no responsibility with regard to the communication or other use of this email.

show quoted sections

Jenny Foggin,

Dear Mr Charles,

 

We are compiling information in response to this request, however we will
not be able to comment on any issues related to IT security. The
University takes the security of its IT systems very seriously indeed. Not
only do our students and staff rely upon them, they are also of
fundamental importance to our worldwide commercial, charitable, and
educational as well as NHS partners. When responding to an FoI request I
have to consider that I am releasing the information into the public
domain. The kind of information requested would be of direct use to
anybody planning or considering an attack upon the University’s systems
and I cannot provide information that would put the safety of those
systems at risk. The information is therefore exempt under Section 38 of
the FoI Act (information exempt because its release would compromise the
health or safety of the University community or premises). In applying
this exemption I have considered, as I am bound to do, the public interest
test. Whilst there might be a public interest in knowing that the
University is doing all it can to keep its systems secure, that can be
satisfied with reference to our IT policies (available on our website)
rather than through confirming/denying or providing details of specific
incidents or responses, the release of which would undermine our ability
to keep those systems secure. I am also concerned that given the scope and
fundamental importance to our public mission of University IT, the
information might be exempt from release under Section 36 of the FoI Act
(information that, if released, would jeopardise the effective conduct of
public affairs). I have, however, not yet tested this with the
Vice-Chancellor, who is the ‘qualified individual’ required in the Act to
approve the application of that particular amendment, since I am persuaded
that the information is already covered by the Health and Safety
exemption.

 

Given these limitations, do you still want us to pursue responses to the
other queries that you have raised?

 

Best wishes,

 

Jenny

 

 

*********************************************************************

Jenny Foggin

Senior Governance and Freedom of Information Officer

Secretariat

University of Leeds

 

(0113) 343 1155

*********************************************************************

 

 

 

 

 

show quoted sections

Francois Charles

Dear Jenny Foggin,

Thanks for your reply. Yes, please - I would still like pursue responses to the
other queries that I have raised in my FOI request.

Yours sincerely,
Francois Charles

Jenny Foggin,

Dear Mr Charles,

 

Following our recent correspondence, please find set out below information
in response to your Freedom of Information request.

 

I hope this is helpful in resolving your query. If you have any questions
about this email, however, please don't hesitate to contact me.

 

If you are unhappy with the service you have received in relation to your
request and wish to make a complaint or request a review of our decision,
you should write to or email directly Mr D Wardle, Deputy Secretary, The
University of Leeds, Leeds, LS2 9JT ([email address]). You should
do so within three months of receiving the University’s response to your
request. Further information about how the University manages Freedom of
Information requests and about our complaints procedure is also available
on our website (www.leeds.ac.uk).

 

If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner for a
decision.  Generally, the ICO cannot make a decision unless you have
exhausted the review/complaints procedure provided by the University.  The
Information Commissioner can be contacted at:  Information Commissioner’s
Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

 

Best wishes,

 

Jenny

 

Jenny Foggin

Senior Governance and Freedom of Information Officer

Legal Adviser’s Office

The University of Leeds

0113 3431155

 

 

IT Compliant Route to purchase

What Frameworks are used for IT Procurement? (ie. SSSNA, NEUPC, Janet,
CCS, CPC)?

Janet

NEUPC

SUPC

NDNA

NWUPC

LUPC

CCS

 

 

 

Network Network vendor? Cisco for Switching/Routing

If you use Cisco, do you use Smart Collector? No

How many switches? 1000

How many routers? 6

How many wireless controllers/ AP’s? 3500

Network speed? Lan 1/10/40G Wan 10 migrating to 20G

Network contract start date? July 2016

Date Network Support ends / is refreshed ?July 2019

Value of existing Network support contract ? 90K

Do you use Network virtualisation? Moving to ACI within DC Environment

Is the university going out to Tender for networking this year? No

 

Security

 

As explained in my earlier email, we cannot provide information about IT
security.

 

Cloud

Are you using or are interested in AWS/Google or Azure for cloud services?

-          Yes

Do you use any Cloud File Storage? If so, what?

-          One Drive for Business

 

Data Destruction

Is there a Data Destruction Policy in place?

-          Yes       

Do you destroy HDD onsite or outsource the service?

-          Outsource

Current Supplier of HDD destruction services?

-          Stone Computers, Computer Disposals Limited

Is the HDD wiped / degaussed before leaving your datacentre? If, yes, how
do you ensure that the data has been completely erased Approx. Number of
drives destroyed/wiped per annum?

-          No

 

From: Francois Charles
[[1]mailto:[FOI #455879 email]]

Sent: 20 March 2018 11:58

To: Jenny Foggin <[2][email address]>

Subject: Re: FW: Freedom of Information request - University IT
Infrastructure information

 

Dear Jenny Foggin,

 

Thanks for your reply.  Yes, please - I would still like pursue responses
to the other queries that I have raised in my FOI request.

 

Yours sincerely,

Francois Charles

 

show quoted sections

We don't know whether the most recent response to this request contains information or not – if you are Francois Charles please sign in and let everyone know.

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org