Jump to the following:

We use cookies to improve this website. Read about cookies

IT contracts and security

Request for information – FOI14468

Request

Thank you for your email of 10 June 2014, requesting information in accordance with the Freedom of Information Act (FOIA) 2000.

1. Full details of your organisational structure for your ICT Department, including ICT security, infrastructure, risk, governance and compliance – in addition please include names, job titles and email addresses.

2. Full details of your top 20 suppliers of ICT services and a brief description of the nature and values of the contracts held by them – in addition please include top 10 suppliers who deal with security of your back office and infrastructure.

Our response

Ordnance Survey does hold some of the information you have requested, however some of the information Ordnance Survey holds and which falls within the scope of your request is exempt from disclosure. Where applicable this is detailed.

We respond to each point, as follows:

1. Full details of your organisational structure for your ICT Department, including ICT security, infrastructure, risk, governance and compliance – in addition please include names, job titles and email addresses.

Please see attached, three organisational structures held by Ordnance Survey for the following areas of the business:

IS development structure
IS service delivery
Risk and Assurance*

*Please note, that risk and assurance does not form part of our IS (Information Systems) department, although this information has been provided in accordance with Section 16 of the FOIA ‘the duty to provide advice and assistance’

Within the provided structure diagrams, job titles are detailed but individuals names, email addresses and employee photographs are not detailed or have been reacted under Section 40 (2) of the FOIA Personal Information.

Section 40 (2) (a) and (b), together with the condition under section 40 (3) (a) (i) of the FOIA, provides an absolute exemption, where the disclosure of information would contravene any of the data protection principles under the Data Protection Act (DPA) 1998. In this case, we have exempt information constituting the personal data of living individuals, the release of which would be in breach of the Data Protection Principles.

In applying this exemption, we have considered whether disclosure of the personal data in question would be 'fair' (as described in Schedule 1 of the Data Protection Act). We have given particular consideration to the likely expectations of the data subjects, and their grades, regarding the disclosure of their personal information in this manner in reaching our decision to withhold this information.

Under Section 16 of the FOIA ‘the duty to provide advice and assistance’ we advise that additional information relating to our general organisational structure can be found on our FOI publication scheme.

2. Full details of your top 20 suppliers of ICT services and a brief description of the nature and values of the contracts held by them – in addition please include top 10 suppliers who deal with security of your back office and infrastructure.

Please see the attached spreadsheet (xxxxxx-xxxxxx-xxxxxx), containing the information you are seeking in relation to our top 20 suppliers of ICT services.

Please note that the suppliers detailed in the worksheet are ranked as the ‘top 20’ by spend.

Some of the ICT services are supplied under Framework or other agreements, and it has therefore been necessary for us to estimate annual spend in order to rank the supplier, which we have undertaken in accordance with Section 16 of the FOIA ‘the duty to provide advice and assistance’. These agreements are identified by an asterisk (*) in the attached spreadsheet.

The information relating to the top 10 suppliers who deal with security of our back office functions is exempt from disclosure under Section 31 (1) (a) of the FOIA ‘Law Enforcement’.

We consider this exemption applies, because the release of this information may assist an adversary in carrying out a cyber-attack against the department. Section 31 is a qualified exemption, and we are therefore required to consider the public interest test.

Whilst we acknowledge that public interest in transparency, we are also mindful that there is greater public interest in allowing organisations to operate without threat of attack through the release of information in this manner. Any attack on Ordnance Survey would affect our ability to maintain our services, the output of which is relied upon by a range of public services, including those in the emergency services, health services and other key groups.

As such we are satisfied that there is greater public interest in withholding this information in this instance.

Internal review

Your enquiry has been processed according to the Freedom of Information Act (FOIA) 2000. If you are unhappy with our response, you may request an internal review with our FOI Internal Review Officer, by contacting them as follows:

FOI Internal Review Officer
Customer Service Centre
Ordnance Survey
Adanac Drive
Southampton
SO16 0AS

Email: foi@os.uk

Please include the reference number above. You may request an internal review where you believe Ordnance Survey has:

  • Failed to respond to your request within the time limits (normally 20 working days)
  • Failed to tell you whether or not we hold the information
  • Failed to provide the information you have requested
  • Failed to explain the reasons for refusing a request
  • Failed to correctly apply an exemption or exception

The FOI Internal Review Officer will not have been involved in the original decision. They will conduct an independent internal review and will inform you of the outcome of the review normally within 20 working days, but exceptionally within 40 working days, in line with the Information Commissioner’s guidance.

The FOI Internal Review Officer will either: uphold the original decision, provide an additional explanation of the exemption/s applied or release further information, if it is considered appropriate to do so.

Appeal to Information Commissioner's Office (ICO)
If, following the outcome of the internal review you remain unhappy with our response, you may raise an appeal with the Information Commissioner’s Office at:

The Case Reception Unit
Customer Service Team
The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Email: mail@ico.gsi.gov.uk

Telephone helpline: 0303 123 1113 or 01625 545745 for advice, Monday to Friday.

Search Freedom of Information requests

Back to top
© Ordnance Survey 2016
Be sure to take a look at our Terms of Use and Privacy Policy