Cyber security contracts (FOI211003)

This Freedom of Information request asks details about our cyber security and our contracts for our cyber security services

Request for information - Ref no: FOI211003

October 6, 2021

Information request

Thank you for your email of 13 April 2021, requesting information from Ordnance Survey in accordance with the Freedom of Information Act (FOIA) 2000, as set out in the extract below:

“I am currently embarking on a research project around Cyber Security and was hoping you could provide me with some contract information relating to following information:

  1. Standard Firewall (Network) - Firewall service protects your corporate Network from unauthorised access and other Internet security threats
  2. Anti-virus Software Application - Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
  3. Microsoft Enterprise Agreement - is a volume licensing package offered by Microsoft.

The information I require is around the procurement side and we do not require any specifics (serial numbers, models, location) that could bring threat/harm to the organisation.

For each of the different types of cyber security services can you please provide me with:

  1. Who is the existing supplier for this contract?
  2. What does the organisation annually spend for each of the contracts?
  3. What is the description of the services provided for each contract?
  4. Primary Brand (ONLY APPLIES TO CONTRACT 1&2)
  5. What is the expiry date of each contract?
  6. What is the start date of each contract?
  7. What is the contract duration of contract?
  8. The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.
  9. Number of Licenses (ONLY APPLIES TO CONTRACT 3)”

Our response

I confirm that Ordnance Survey does hold the information you have requested.

The table below sets out our response to each of your questions for each contract, where the information is exempt from disclosure this is stated in the table and explained in further detail below the table:-

 STANDARD FIREWALL (NETWORK)ANTI-VIRUS SOFTWARE APPLICATIONMICROSOFT ENTERPRISE AGREEMENT
1. SUPPLIERComputacenter UK LtdPhoenix SoftwareMicrosoft
2. ANNUAL SPEND£181K£12,480£943.000
3. DESCRIPTION OF SERVICESSupport contractSupport contractLicensing of Microsoft products
4. PRIMARY BRAND   
5. EXPIRY DATE31/12/202128/09/202230/11/2021
6. START DATE1/1/201822/12/20171/12/2018
7. CONTRACT DURATION3 years3 years3 years
8.  RESPONSIBLE CONTRACT OFFICER

Supplier Relationship Manager

Full name/direct email/telephone numbers are exempt under s.40(2) of the FOIA (see below)

Supplier Relationship Manager

Full name/direct email/telephone numbers are exempt under s.40(2) of the FOIA (see below)

Supplier Relationship Manager

Full name/direct email/telephone numbers are exempt under s.40(2) of the FOIA (see below)

9. NUMBER OF LICENCESN/AN/AExempt under s.43(2) of the FOIA (see below)

Exempt Information:

Question 8: Section 40(2) Personal Information

The information relating to the full name and direct email and personal contact numbers are held by Ordnance Survey but exempt from disclosure under section 40(2) (personal information) of the FOI Act, as the information constitutes personal data.
Section 40(2) provides that personal data is exempt information if one of the conditions set out in section 40(3) is satisfied. In our view, disclosure of this information would breach the data protection principles contained in the General Data Protection Regulations and Data Protection Act 2018
In reaching this decision, we have particularly considered:

  • the reasonable expectations of the employees: given their positions, Ordnance Survey considered that none of the individuals would have a reasonable expectation that their personal data would be disclosed;
  • the consequences of disclosure; and
  • any legitimate public interest in disclosure.

Section 40(2) is an absolute exemption and therefore not subject to the public interest test.

However, under the duty to provide information and assistance in accordance with section 16 of FOIA, we can provide the following information which may assist you in this matter.

You can find out information in relation to our procurement process on our website in our ‘Guide to Suppliers’ and also contact us via the contact us form or on Tel: 03456 05 05 05.

Question 9: Section 43(2) (prejudice to the commercial interests of any person)

I confirm we do hold the number of licences for the Microsoft Enterprise Agreement contract however, we are unable to provide this information as we consider it to be exempt from disclosure under section 43(2) (prejudice to the commercial interest of any person).

We consider that the release of the number of licences in combination with the contract value provides information about the pricing of the licences under this contract. This information would be likely to cause commercial prejudice, as it provides an insight into the suppliers commercial pricing which could be used to the disadvantage of our supplier in its negotiations and could be used by the competitors of our supplier. In addition, the disclosure of this information would be likely to have an adverse impact on Ordnance Survey’s ability to negotiate the best price for future services.

Section 43(2) is a qualified exemption, and we are required to consider the public interest. Ordnance Survey recognises the need for transparency; however, this must be balanced against the public interest in allowing the organisation and third parties to protect their commercial information. In this case, we are satisfied that there is greater public interest in withholding the information under this exemption.

All information requests

See our previous responses to Freedom of Information (FOI) requests.

Can't find what you need?

Contact us directly to speak to our friendly customer service team.