I confirm that Ordnance Survey does hold the information you have requested. Where the information is exempt from disclosure this is stated. Taking each request in turn, I confirm the following:
Contract 1. Standard Firewall (Network)
Q 1 Who is the existing supplier for this contract?
Please see the response to Q4 below
Q2 What is the annual spend for each contract?
The OS annual spend for this contract is £441,068
Q3 What is the description of the services provided?
Please see the response to Q4 below.
Q4 Primary brand (where applicable)
The information in relation to Q1, Q3 and Q4 above is held by OS, but we consider it exempt under section 31(1)(a) (Law Enforcement) of the FOIA and is therefore withheld, as explained further below, under Contract 2 information.
Q5 What is the start date of the contract?
The start date of the contract is 27/06/2023
Q6 What is the expiry date of the contract?
The expiry date of the contract is 27/06/2026
Q7 What is the total duration of the contract?
The contract duration is 3 Years
Q8 Who is the responsible contract officer? Please include at least their job title, and where possible, name, contact number, and direct email address
The Job title for the responsible officer is the Procurement and Contracts Manager, contact details are available on our website: Contact us | Home | OS
The information relating to the contact name, contact number and direct email address is held by OS but is exempt from disclosure under section 40(2) (personal information) of the FOIA, as the information constitutes personal data. I confirm responsibility for dealing with the contract is via the procurement and contracts manager for technology.
Section 40(2) provides that personal data is exempt information if one of the conditions set out in section 40(3) is satisfied. In our view, disclosure of this information would breach the data protection principles contained in the General Data Protection Regulations and Data Protection Act 2018
In reaching this decision, we have particularly considered:
- the reasonable expectations of the employees: given their positions, OS considered that none of the individuals would have a reasonable expectation that their personal data would be disclosed;
- the consequences of disclosure; and
- any legitimate public interest in disclosure.
Section 40(2) is an absolute exemption and therefore not subject to the public interest test.
Q9 How many licences or users are included (where applicable)
This is an Enterprise Licence – one licence which covers multiple users.
Contract 2. Anti-virus Software Application
The information in relation to our anti-virus software application is held by OS but we consider it exempt under section 31(1)(a) (Law Enforcement) of the FOIA and is therefore withheld, as explained below:
Section 31(1)(a) exempts information if its disclosure would or would be likely to prejudice the prevention and detection of crime; the type of firewall and antivirus software OS uses plays a critical role in our cyber security by detecting, preventing, and removing cyber threats from our systems and networks. Disclosing this information would be likely to aid a threat attacker and make OS more vulnerable to crime.
This is a qualified exemption, and we are required to consider the public interest.
OS recognises the need for transparency; and that there is a public interest in knowing that OS has measures in place to protect information from cyber criminals; however, confirming the type of firewall and antivirus software used by OS would mean that our computers and security systems would be more vulnerable to malicious attacks. The information would be likely to assist someone in determining the effectiveness of the security measures in place and would enable them to identify the weak points and vulnerabilities of each tool used, making OS an immediate target to hostile and increased attacks, and therefore, facilitate the possibility of crime.
Section 31(1)(a) is a prejudice-based exemption, and there is a public interest inherent in avoiding the harm specified. OS considers that the prejudice would be likely to occur. We are not aware of a significant wider public interest in the information requested. As such, we are satisfied there is a greater public interest in protecting our systems by withholding the information under this exemption.
Contract 3. Microsoft Enterprise Agreement
Q1. Who is the existing supplier for this contract?
I confirm that our Microsoft Enterprise Agreement is with Microsoft Limited, with Softcat the current Licensed Support Partner
Q2 What is the annual spend for each contract?
The OS annual spend for this contract is £2,296,457.80
Q3 What is the description of the services provided?
The services provide Licensing for M365, Other Modern Workplace, Dynamics CE, Dynamics FSCM, Additional Products.
Q4 Primary brand (where applicable)
The primary brand is Microsoft
Q5 What is the start date of the contract?
The start date of the contract is 01/12/2024
Q6 What is the expiry date of the contract?
The expiry date of the contract is 30/11/2027
Q7 What is the total duration of the contract?
The Microsoft Services Agreement is an ongoing, evergreen contract.
Q8 Who is the responsible contract officer? Please include at least their job title, and where possible, name, contact number, and direct email address
The Job title for the responsible officer is the Procurement and Contracts Manager, contact details are available on our website: Contact us | Home | OS
The information relating to the contact name, is held by OS but is exempt from disclosure under section 40(2) (personal information) of the FOIA, as the information constitutes personal data
Section 40(2) provides that personal data is exempt information if one of the conditions set out in section 40(3) is satisfied. In our view, disclosure of this information would breach the data protection principles contained in the General Data Protection Regulations and Data Protection Act 2018
In reaching this decision, we have particularly considered:
- the reasonable expectations of the employees: given their positions, OS considered that none of the individuals would have a reasonable expectation that their personal data would be disclosed;
- the consequences of disclosure; and
- any legitimate public interest in disclosure.
Section 40(2) is an absolute exemption and therefore not subject to the public interest test.
Q9 How many licences or users are included (where applicable)
There are 1580 Users
Contract 4. Microsoft Power BI
Q1. Who is the existing supplier for this contract?
I confirm that our Microsoft Power BI contract licensing is incorporated within the Microsoft Enterprise Agreement. Please see our responses to Contract 3 above, regarding Q2-Q9.