University IT Infrastructure information

The request was successful.

Dear University of Leicester,
Under the Freedom of Information Act 2000 may I kindly request the following information about the Universities IT Infrastructure. The information needed is as follows:

IT Compliant Route to purchase
What Frameworks are used for IT Procurement? (ie. SSSNA, NEUPC, Janet, CCS, CPC)?

Desktop
Number of Desktops?
Do you use VDI?
If so what platform do you use?
Desktop major Refresh date?
Date existing support contract ends?
VDI refresh date (if relevant)?

Datacentre
Servers
Number of Windows Servers?
Number of UNIX/Linux Servers?
Server platform?
Virtualisation platform?
What operating system do you use?
Virtualisation & Licence support refresh dates?
Percentage of infrastructure Virtualised?
Server Refresh Date?
Value of current server support contract?

Storage
Volume of Data in TBs
Storage Vendor?
Storage Virtualisation?
Storage Refresh Date?
Date Storage support contract ends?
Value of storage support contract?

Backup
Tape vendor?
Disk backup?
What backup software do you use?
Backup refresh date?
Date backup support contract ends ?
Value of backup support contract ?
Disaster Recovery contract renewal date?

Network
Network vendor?
If you use Cisco, do you use Smart Collector?
How many switches?
How many routers?
How many wireless controllers/ AP’s?
Network speed?
Network contract start date?
Date Network Support ends / is refreshed
Value of existing Network support contract ?
Network virtualisation?

Security
IT Security vendors used?
IT Security Support renewal date?
Do you use 2FA?
What web and email filtering is used?
What DLP is in place?
What SIEM solution is used?
What intrusion prevention is used?
What endpoint security is used?

Cloud
Are you using or are interested in AWS/Google or Azure for cloud services?
Do you use any Cloud File Storage? If so, what?

Data Destruction
Is there a Data Destruction Policy in place?
Do you destroy HDD onsite or outsource the service?
Current Supplier of HDD destruction services?
Is the HDD wiped / degaussed before leaving your datacentre?
Approx Number of drives destroyed/wiped per annum?

Thanking You
Yours faithfully,

Francois Charles

15th August 2017

Dear Francois,

I write to acknowledge receipt of your request, dated 14th August 2017, made under the provisions of the Freedom of Information Act 2000.

Please note the effective date of the request, i.e. date of receipt of your request by the University of Leicester for processing, is 14th August 2017 and that the latest date by which the University must respond under the terms of the Freedom of Information Act 2000 is 12th September 2017.

I will arrange for the information to which you are entitled under the Freedom of Information Act 2000 to be supplied to you as soon as reasonably possible, and in any event within the period set out by the Act.

Please do not hesitate to contact me if you have any queries regarding your request.

Regards,

Claudia Perdomo-Pelaez
Information Assurance Officer
Information Assurance Services,
University of Leicester, University Road, Leicester, LE1 7RH, UK
t: +44 (0)116 229 7345
e:  [email address
w: www.le.ac.uk

1 Attachment

Dear Francois,

I write on behalf of the University of Leicester in response to your request, dated 14th August 2017, made under the provisions of the Freedom of Information Act 2000. Our response is in excel file attached.

Please note with regards to IT security questions The University of Leicester neither confirms nor denies that it holds the information requested under the following exemption as defined in the Freedom of Information (FOI) Act 2000:
Section 31 - Law enforcement

For this exemption the duty to confirm or deny whether the University holds such information does not arise as the conditions set out in the following sections of the FOI Act 2000 apply:

Section 31(3) …. The duty to confirm or deny does not arise if, or to the extent that, compliance with section 1(1)(a) would, or would be likely to, prejudice any of the matters mentioned in subsection (1)

As Section 31 is a prejudice based exemption there is a requirement to articulate the harm or prejudice that would be caused in confirming or not that the information is held.

If the University were to confirm or deny that it held the information requested, this information in itself could potentially encourage others to target the University.

As Section 31 is also a Qualified Exemption, the FOI Act 2000 requires the University to consider the public interest test:

Under section 1(1)(a) of the FOI Act 2000, an authority is under a duty to “confirm or deny” whether it holds information requested. This duty does not arise where “the public interest in maintaining the exclusion of the duty to confirm or deny outweighs the public interest in disclosing whether the public authority holds the information” (section 2(1)(b)).

Under section 1(1)(b) of the FOI Act 2000, in response to a request, an authority must communicate information it holds. There is no need to comply with that provision where “the public interest in maintaining the exemption outweighs the public interest in disclosing the information” (section 2(2)(b).

Like all other public authorities, universities wish to maintain an ethos of transparency and openness. In confirming or denying the above request, and/or providing information, universities would be encouraging openness, accountability and informed public debate. It is recognised there is a public interest in reassuring the public that University systems are safe from external attack.

However, balanced against the need for transparency are other factors. The prevention and detection of crime must also be considered. Disclosure of information relating to our IT security could pose a threat for our systems. Where any perceived gaps in security may exist, could give advantage to hackers which might potentially target and attack us. (Given that often the most secure organisations might be ones that have previously been targeted).

Given the nature of the information concerned there is a clear argument for considering neither confirming nor denying that the information is held, since any acknowledgement that the information is held would in itself impart relevant information and potentially lead to the negative consequences outlined above. A consistent approach is therefore needed to requests of this nature, which is to neither confirm nor deny whether information is held.

It is for the reasons outlined above that in my opinion it would not be in the public interest for the University of Leicester to even confirm or deny that it holds information relating to these questions.

It should not be inferred from this refusal that the information you have requested does or does not exist.

If you have any concerns or wish to complain or appeal about any aspect of this response then in the first instance please contact the University's Data Protection Officer (Mr Henry Stuart: 0116 229 7945, [email address])

Please be aware that it is also your legal right under Section 50 of the Freedom of Information Act, to apply to the Information Commissioner for a decision whether a request for information made to the University has been dealt with in accordance with the provisions of the Act. It should be noted that there is a requirement that there will be no undue delay in making the application and there is an expectation that the complainant will have exhausted the University's internal complaints procedure.

Complaints to the Information Commissioner should be addressed to:

FoI Compliance Team (Complaints)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

I hope you find this response helpful. Please don't hesitate to contact me if you have any queries regarding the above.

Regards,

Claudia Perdomo-Pelaez
Information Assurance Officer
Information Assurance Services,
University of Leicester, University Road, Leicester, LE1 7RH, UK
t: +44 (0)116 229 7345
e:  [email address
w: www.le.ac.uk

Dear IAS,

Thank you for the information supplied.
Yours sincerely,

Francois Charles

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org