I would like to request the following information relating to the council’s Information Technology (IT) infrastructure, services, procurement, and digital strategies:
1. IT Infrastructure and Hardware:
a. Details of the council’s current IT infrastructure (including server environments, networking equipment, storage solutions).
Server Environment:
Whether the council operates on physical servers, virtual servers (e.g., VMware, Hyper-V), or cloud-based infrastructure
VMware.
Approximate number of physical and virtual servers in use.
30 physical, 400 virtual.
Primary operating systems used (e.g., Windows Server 2019, Linux etc.).
Windows Server and Linux.
Networking Equipment:
Key networking vendors currently in use (e.g., Cisco, HPE Aruba, Ubiquiti).
Cisco and Extreme.
Whether the council uses managed or unmanaged switches.
Managed.
Details of Wi-Fi infrastructure vendors (if applicable).
Meraki.
Storage Solutions:
Primary storage vendors or technologies used (e.g., Dell EMC, NetApp, Synology, etc.).
DELL EMC Compellent.
Whether storage is on-premises, cloud-based, or hybrid.
Mostly On premise – some in Public Cloud.
Backup and disaster recovery solutions in use.
Rubrik, VMware, Dell
b. Suppliers and manufacturers of major IT hardware currently in use (e.g., Dell, HP, Lenovo, Cisco, etc.).
Dell, Cisco, Extreme kit
c. Contract start and end dates for hardware supply and maintenance agreements.
Please refer to this link for information: Supplying the South West Portal
d. Renewal dates for current IT hardware and infrastructure contracts.
Please refer to this link for information: Supplying the South West Portal
2. IT Software and Cloud Services:
a. List of primary software platforms used (e.g., Microsoft 365, Oracle, SAP, ServiceNow, etc.).
Microsoft 365
Oracle
Avanti
iTrent
Unit 4
Egress
b. Details of cloud service providers engaged (e.g., Azure, AWS, Google Cloud) and the nature of services used.
Microsoft Azure – Various services.
c. Information on any licenses or enterprise agreements currently active.
Microsoft 365.
3. IT Managed Services and Outsourcing:
a. Names of any managed service providers (MSPs) or external IT support providers currently used.
This information is exempt from disclosure under Section 31(1) of the Freedom of Information Act 2000 (Prevention or Detection of Crime).
Devon County Council can confirm the requested information is held; however, this information constitutes valuable intelligence, that could be leveraged by a motivated cyber threat actor to inform a successful attack against Council infrastructure. Releasing this information would therefore increase the chances of the Council becoming the victim of a cyber-attack.
The Council has considered the public interest in releasing this information and recognises there is a public interest in openness and transparency. However, there is a stronger public interest in the Council maintaining the security and integrity of its IT systems. Significant weight should be applied to this public interest consideration given the current elevated cyber threat landscape facing public sector organisations.
Therefore, the balance of public interest weighs in favour of withholding this information from disclosure.
b. Scope of outsourced services (e.g., helpdesk support, cybersecurity monitoring, network management).
See response above for question 3a
c. Start and end dates of current managed service contracts, including any extension options.
See response above for question 3a
4. Cybersecurity:
a. Details of the council’s cybersecurity solutions (e.g., endpoint protection, firewalls, SIEM solutions).
This information is exempt from disclosure under Section 31(1) of the Freedom of Information Act 2000 (Prevention or Detection of Crime).
Devon County Council can confirm the requested information is held; however, this information constitutes valuable intelligence, that could be leveraged by a motivated cyber threat actor to inform a successful attack against Council infrastructure. Releasing this information would therefore increase the chances of the Council becoming the victim of a cyber-attack.
The Council has considered the public interest in releasing this information and recognises there is a public interest in openness and transparency. However, there is a stronger public interest in the Council maintaining the security and integrity of its IT systems. Significant weight should be applied to this public interest consideration given the current elevated cyber threat landscape facing public sector organisations.
Therefore, the balance of public interest weighs in favour of withholding this information from disclosure.
b. Providers currently supporting cybersecurity and network security initiatives.
See response above for question 4a
5. Procurement and Frameworks:
a. Which procurement frameworks the council uses for IT purchasing (e.g., Crown Commercial Service RM6098, RM6116, RM1557.14 G-Cloud 14, etc.).
No specific frameworks are used; the most appropriate framework is used.
b. Details of any upcoming IT procurement projects, tenders, or initiatives scheduled within the next 12-24 months.
Please refer to this link for information: Search results – Find a Tender
6. Digital Strategy and IT Roadmap:
a. A copy (or public link) to the council’s current or most recent Digital Transformation Strategy or IT Strategy document, if available.
Information about DCC’s Strategic Plan, with priorities and the most recent Digital & Technology Strategy is available on our website at How we will work – Strategic Plan.
A strategy for 2026 onwards is currently in development.
b. Any publicly available documentation around future IT plans, cloud adoption, digital service delivery, or cybersecurity priorities.
Information about DCC’s Strategic Plan, with priorities and the most recent Digital & Technology Strategy is available on our website at How we will work – Strategic Plan
7. Key Contacts:
a. Names and job titles of senior personnel responsible for IT strategy, IT infrastructure, cybersecurity, and IT procurement within the council.
The job titles for these positions are Infrastructure manager and End User Computing manager
Information on Senior members of staff at Devon County Council can be found on our webpage: Strategic Leadership Team – Devon County Council
Names of officers not listed on the above webpage are exempt from publication under Section 40(2) of the Freedom of Information Act 2000 as they constitute personal information.
Devon County Council can confirm the requested information is held; however, the Council cannot disclose personal information if releasing it would contravene any of the provisions in the UK General Data Protection Regulation. In this instance release of this information would contravene the first data protection principle and therefore the information is withheld.