Skip to content

Cyber security contracts (FOI211003)

This Freedom of Information request asks details about our cyber security and our contracts for our cyber security services.

Request for information - Ref No: FOI211003

Request

Thank you for your email of 13 April 2021, requesting information from Ordnance Survey in accordance with the Freedom of Information Act (FOIA) 2000, as set out in the extract below:

“I am currently embarking on a research project around Cyber Security and was hoping you could provide me with some contract information relating to following information:

  1. Standard Firewall (Network) - Firewall service protects your corporate Network from unauthorised access and other Internet security threats
  2. Anti-virus Software Application - Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
  3. Microsoft Enterprise Agreement - is a volume licensing package offered by Microsoft.

The information I require is around the procurement side and we do not require any specifics (serial numbers, models, location) that could bring threat/harm to the organisation.

For each of the different types of cyber security services can you please provide me with:

  1. Who is the existing supplier for this contract?
  2. What does the organisation annually spend for each of the contracts?
  3. What is the description of the services provided for each contract?
  4. Primary Brand (ONLY APPLIES TO CONTRACT 1&2)
  5. What is the expiry date of each contract?
  6. What is the start date of each contract?
  7. What is the contract duration of contract?
  8. The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.
  9. Number of Licenses (ONLY APPLIES TO CONTRACT 3)”

Our response

I confirm that Ordnance Survey does hold the information you have requested.

The table below sets out our response to each of your questions for each contract, where the information is exempt from disclosure this is stated in the table and explained in further detail below the table:-

  STANDARD FIREWALL (NETWORK) ANTI-VIRUS SOFTWARE APPLICATION MICROSOFT ENTERPRISE AGREEMENT
1. SUPPLIER Computacenter UK Ltd Phoenix Software Microsoft
2. ANNUAL SPEND £181K £12,480 £943.000
3. DESCRIPTION OF SERVICES Support contract Support contract Licensing of Microsoft products
4. PRIMARY BRAND      
5. EXPIRY DATE 31/12/2021 28/09/2022 30/11/2021
6. START DATE 1/1/2018 22/12/2017 1/12/2018
7. CONTRACT DURATION 3 years 3 years 3 years
8.  RESPONSIBLE CONTRACT OFFICER

Supplier Relationship Manager

Full name/direct email/telephone numbers are exempt under s.40(2) of the FOIA (see below)

Supplier Relationship Manager

Full name/direct email/telephone numbers are exempt under s.40(2) of the FOIA (see below)

Supplier Relationship Manager

Full name/direct email/telephone numbers are exempt under s.40(2) of the FOIA (see below)
9. NUMBER OF LICENCES N/A N/A Exempt under s.43(2) of the FOIA (see below)

Exempt Information:

Question 8: Section 40(2) Personal Information

The information relating to the full name and direct email and personal contact numbers are held by Ordnance Survey but exempt from disclosure under section 40(2) (personal information) of the FOI Act, as the information constitutes personal data.
Section 40(2) provides that personal data is exempt information if one of the conditions set out in section 40(3) is satisfied. In our view, disclosure of this information would breach the data protection principles contained in the General Data Protection Regulations and Data Protection Act 2018
In reaching this decision, we have particularly considered:

  • the reasonable expectations of the employees: given their positions, Ordnance Survey considered that none of the individuals would have a reasonable expectation that their personal data would be disclosed;
  • the consequences of disclosure; and
  • any legitimate public interest in disclosure.

Section 40(2) is an absolute exemption and therefore not subject to the public interest test.

However, under the duty to provide information and assistance in accordance with section 16 of FOIA, we can provide the following information which may assist you in this matter.

You can find out information in relation to our procurement process on our website in our ‘Guide to Suppliers’ and also contact us via the contact us form or on Tel: 03456 05 05 05.

Question 9: Section 43(2) (prejudice to the commercial interests of any person)

I confirm we do hold the number of licences for the Microsoft Enterprise Agreement contract however, we are unable to provide this information as we consider it to be exempt from disclosure under section 43(2) (prejudice to the commercial interest of any person).

We consider that the release of the number of licences in combination with the contract value provides information about the pricing of the licences under this contract. This information would be likely to cause commercial prejudice, as it provides an insight into the suppliers commercial pricing which could be used to the disadvantage of our supplier in its negotiations and could be used by the competitors of our supplier. In addition, the disclosure of this information would be likely to have an adverse impact on Ordnance Survey’s ability to negotiate the best price for future services.

Section 43(2) is a qualified exemption, and we are required to consider the public interest. Ordnance Survey recognises the need for transparency; however, this must be balanced against the public interest in allowing the organisation and third parties to protect their commercial information. In this case, we are satisfied that there is greater public interest in withholding the information under this exemption.

Internal review

Your enquiry has been processed according to the Freedom of Information Act (FOIA) 2000. If you are unhappy with our response, you may request an internal review with our Internal Review Officer by contacting them, within two months of receipt of our final response to your Freedom of Information (FOI) request, as follows:

Internal Review Officer
Customer Service Centre
Ordnance Survey
Adanac Drive
Southampton
SO16 0AS

Contact us via our FoI form

Please include the reference number above. You may request an internal review where you believe Ordnance Survey has:

  • Failed to respond to your request within the time limits (normally 20 working days)
  • Failed to tell you whether or not we hold the information
  • Failed to provide the information you have requested
  • Failed to explain the reasons for refusing a request
  • Failed to correctly apply an exemption or exception

The Internal Review Officer will not have been involved in the original decision. They will conduct an independent internal review and will inform you of the outcome of the review normally within 20 working days, but exceptionally within 40 working days, in line with the Information Commissioner’s guidance.

The Internal Review Officer will either: uphold the original decision, provide an additional explanation of the exemption/s applied or release further information, if it is considered appropriate to do so.

Appeal to Information Commissioner’s Office (ICO)
If, following the outcome of the internal review you remain unhappy with our response, you may raise an appeal, within three months of receiving our response, with the Information Commissioner’s Office.

Further information can be found on the ICO website (ico.org.uk) under ‘Report a concern’ or you may wish to call the ICO helpline on 0303 123 1113.