Section 1. Cloud Service Utilisation
1. Please indicate whether your council currently utilizes cloud services for any of the following purposes.
| Purpose | Yes/No | If yes, are these public/private/edge. Please provide details |
| Data Storage | Yes |
Azure Microsoft Office 365 |
| Data Processing | Yes |
Azure Microsoft Office 365 |
| Data Sharing | Yes | Microsoft Office 365 |
| Software Application (SaaS (Software as a Service)) | Yes | Azure |
| Platform Application (PaaS (Platform as a Service)) | Yes | Azure |
2. Additionally, please indicate the departments or equivalent services that use cloud services by ticking the relevant boxes below: Complete the following table with the respective numbers or details
| Department | Number of SaaS Applications | Number of PaaS Applications | Utilized for Data Storage/Processing/Sharing | Number of Locally Hosted Applications |
| Council Tax | Devon County Council is not responsible for Council tax collection. This is a responsibility of each of the district councils in Devon. As such, we do not hold this information. | |||
| Housing | Devon County Council is not a housing authority. This is a responsibility of each of the district councils in Devon. As such, we do not hold this information. | |||
| Social Care | ||||
| Education | ||||
| Electoral Roll | Devon County Council is not responsible for the management of the electoral roll. This is a responsibility of each of the district councils in Devon. As such, we do not hold this information. | |||
| Planning | ||||
| Building Control | Devon County Council is not responsible for the management of building control. This is a responsibility of each of the district councils in Devon. As such, we do not hold this information. | |||
| Waste Management | ||||
| Streets, Roads, Pavements and maintenance parks, museums, and community | ||||
| Library Services | Devon County Council is not responsible for Library Services. This is a responsibility of Libraries Unlimited in Devon. As such, we do not hold this information. | |||
| Parking | ||||
For the service areas Devon County Council has no responsibility for please contact District and Unitary councils in Devon and Libraries Unlimited directly using the information on the links provided.
We can confirm that for the other service areas listed above we hold the information you have requested. However, we can advise that we do not record whether an application is SaaS or PaaS in a central recording system. Therefore to provide the information you have requested would require a review of all our IT contracts to determine whether the application is SaaS or PaaS. We will then need to cross reference this data with information held within services to determine what it’s primary purpose is.
Compliance with this request would exceed the appropriate cost limit under Section 12 of the Freedom of Information Act 2000 which is £450 or 18 hours of officer time. The Council’s IT Department has a record of 264 contracts for IT related services. There are also numerous contracts of this nature held locally within individual service areas. We estimate that to collate the information you have requested for contracts held centrally within our IT department would take approximately 30 minutes per contract. We therefore estimate that it would take approximately 132 hours to collate the information you have requested.
In the interest of providing you with advice and assistance, we can confirm that the Council is aware of SaaS and PaaS services in operation across our Highways, Waste and Parking Services. If you were prepared to narrow the scope of your request to these services, we believe we would be able to comply with your request within the timescales afforded us under the Freedom of Information Act. If you wish to do so, please confirm in writing to accesstoinformation@devon.gov.uk.
Section 2: Cloud Adoption and Management
3. What were the main motivations or driving factors behind your council’s decision to adopt cloud services?
Reduced maintenance requirement and ability to focus on core services.
4. Please specify the key benefits or advantages that cloud services offer your council comparison to traditional IT infrastructure.
Reduced maintenance requirement and ability to focus on core services.
5. How does your council evaluate the reliability of cloud services in terms of system uptime and availability?
It does not; therefore this information is not held.
6. Could you provide insights into the criteria or metrics used to assess the reliability and performance of cloud services?
This information is not held.
7. What measures or mechanisms are in place to monitor and ensure uptime levels meet the council’s requirements or service level agreements (SLAs)?
This is achieved through ongoing contract monitoring.
Please provide detailed information regarding your council’s compliance efforts, data protection measures, and challenges encountered in utilizing cloud services. Specifically, we are interested in the following:
GDPR Compliance
8. Please outline the specific measures and processes implemented by your council to ensure compliance with the General Data Protection Regulation (GDPR), including any procedures for data handling, consent management, and data subject rights.
The measures taken by the Council to ensure compliance with the GDPR are published at DCC – Data Protection and Security.
Data Encryption Practices
9. Please provide insights into the encryption methods and technologies utilized to secure data stored and transmitted through cloud services.
The Council undertakes due diligence in respect of the procurement of new cloud services and requires each solution to have appropriate technical and organisational measures in place to safeguard the confidentiality, integrity, and availability of Devon’s data. The encryption controls provided by cloud services is assessed for each application. In general terms, the Council requires cloud services to adopt industry standard encryption controls (TLS v.1.2 or higher).
Data Residency Requirements
10. How does your council ensure compliance with data residency requirements, particularly concerning the storage and processing of sensitive data within specific geographic locations?
The Council tries to ensure that where possible, cloud hosted data is stored within the UK. If personal data is to be stored in third countries, the Council ensures that Standard Contractual Clauses are in place to ensure compliance with data residency requirements.
Backup and Recovery Policies
11. Please describe the backup and recovery policies implemented by your council to safeguard against data loss and ensure business continuity in the event of disruptions or incidents.
This information is exempt from disclosure under Section 31(1) of the Freedom of Information Act 2000 (Prevention or Detection of Crime).
The Council can confirm that we hold the information you have requested. However, the council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against the Council.
Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure. For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure.
Challenges Related to Data Security
12. What are the primary challenges or concerns your council faces regarding data security in the context of cloud services? This could include issues such as unauthorized access, data breaches, or vulnerabilities in cloud infrastructure.
The risk of a successful cyber attack remains one of the biggest risks to the Council. Given the myriad of services commissioned by the Council, we consider that the risk of a supply chain attack, is one of the biggest challenges we face.
Integration Complexity
13. Are there any complexities or difficulties encountered when integrating cloud services with existing systems or workflows within your council?
The difficulties that may be experienced, will depend upon the nature of the service being commissioned, and the context within which this is being used. The myriad of services commissioned by the Council introduces various complexities into our architecture. We look to mitigate risks from the integration of cloud services through robust security and user testing.
Performance Issues
14. Have there been any performance-related challenges or limitations experienced with the use of cloud services, such as latency issues, resource constraints, or service disruptions?
Where performance issues are noted, these are addressed with the relevant supplier through ongoing contract monitoring arrangements.
Section 3: SLAs and Cloud Service Performance
15. Please provide insights into the council’s experience with Service-Level Agreements (SLAs) within the G-Cloud framework. Specifically, how have SLAs impacted the council’s usage and satisfaction with cloud services procured through G-Cloud? Please include details on adherence to SLA terms and any notable successes or challenges encountered in ensuring reliable and satisfactory cloud service delivery.
This information is not held. This is because the Council have not collated the information you have requested.
Section 4: Cloud Service Models and Management
16. Please provide insights into how cloud services are managed within your council. This could include details on how the services are controlled and customized, maintained and updated, as well as the types of agreements and support they come with. Additionally, can you elaborate on how these services are strategically aligned with the needs and goals of your different departments?
The Council procures a myriad of cloud services which are either controlled centrally by the Council’s IT department, or directly by individual services that commission these services. Each service is recorded on the Council’s applications inventory, alongside the support arrangements for each service being procured. Services have varying support mechanisms that are outlined at the application onboarding phase.
In terms of alignment to strategic needs, the Council does not have a formal approach to this.
17. Please share any notable experiences, challenges, or lessons learned in the process of migrating or managing applications on the identified cloud service models. This may include insights into compatibility issues, integration complexities, or successes achieved in optimizing application performance and resource utilization.
This information is not held. This is because the Council have not collated the information you have requested.