Skip to content

Information Security and Data Centres

This Freedom of Information request asks for details about our risk and assurance processes.

Request for information - Ref No: FOI20947


Thank you for your email of 20 February 2020, requesting information from Ordnance Survey in accordance with the Freedom of Information Act (FOIA) 2000, as set out in the extract below:

“Under the Freedom of Information Act 2000 I seek the following information:

  1. Are the Data Centre's operated by or for the organisation fit for purpose? For example, is there a Business Continuity Plan, is there Disaster Recovery in place or is it a single site?
  2. Is there any capital investment in data centres planned in the next 36 months? For example, Mechanical & Electrical or refresh of equipment within the DC such as network, storage area network?
  3. Is data privacy and or information security compliance a priority for the organisation’s board?
  4. On your Organisation’s risk register, are there any Information Technology related risks?
    i) If time/ cost allows, please list the top three related risks.
  5. Are the cyber security vulnerabilities within the organisation’s existing Information Technology estate increasing?
    i) Has the organisation had a security breach in the past 12 months?
  6. Did the organisation meet its Information Technology savings target in the last Financial Year?
  7. What percentage of Information Technology budget is currently allocated to “on-premises” capability vs “cloud” capability?
  8. Does the organisation have the skills and resource levels necessary for moving to the cloud?
  9. What percentage of the Information Technology department headcount are software developers?
  10. In relation to contracts with Amazon Web Services, Microsoft for Azure and/or Google for Google Cloud, was the monthly expenditure higher than budgeted?
    i) If yes, has the organisation been able to subsequently reduce the cost whilst maintaining service levels for users?

I would prefer to receive this information electronically, preferably as a data set, e.g. in Excel, NOT as a PDF”

Our response

I confirm that Ordnance Survey does hold some of the information you have requested, if the information is not held or not applicable this is stated.

I am pleased to provide you with the attached spreadsheet (.xlsx) with regard to your request.

Internal review

Your enquiry has been processed according to the Freedom of Information Act (FOIA) 2000.  If you are unhappy with our response, you may request an internal review with our Internal Review Officer by contacting them, within two months of receipt of our final response to your Freedom of Information (FOI) request, as follows:

Internal Review Officer
Customer Service Centre
Ordnance Survey
Adanac Drive
SO16 0AS

Contact us via our FoI form

Please include the reference number above. You may request an internal review where you believe Ordnance Survey has:

  • Failed to respond to your request within the time limits (normally 20 working days)
  • Failed to tell you whether or not we hold the information
  • Failed to provide the information you have requested
  • Failed to explain the reasons for refusing a request
  • Failed to correctly apply an exemption or exception

The Internal Review Officer will not have been involved in the original decision. They will conduct an independent internal review and will inform you of the outcome of the review normally within 20 working days, but exceptionally within 40 working days, in line with the Information Commissioner’s guidance.

The Internal Review Officer will either: uphold the original decision, provide an additional explanation of the exemption/s applied or release further information, if it is considered appropriate to do so.

Appeal to Information Commissioner’s Office (ICO)
If, following the outcome of the internal review you remain unhappy with our response, you may raise an appeal, within three months of receiving our response, with the Information Commissioner’s Office.

Further information can be found on the ICO website ( under ‘Report a concern’ or you may wish to call the ICO helpline on 0303 123 1113.