ICT Roadmap, Service Catalogue and Data Protection Surveys

“Can you please send me a copy of the following documents :

1. ICT Roadmap  The ICT Roadmap is publicly available on our website and can be accessed via the link provided.

2. ICT Service Catalogue We are unable to disclose this information under Section 43(2) of the Freedom of Information Act 2000 – ‘Commercial Interests’ and under Section 31(3) of the Freedom of Information Act 2000 – ‘Law Enforcement’.  The reasons for this are outlined below:-

Section 43(2) – ‘Commercial Interests’:

The ICT Service catalogue contains financial and other information which, if released, could prejudice the commercial interests of both Devon County Council (DCC) and its internal ICT trading unit, Scomis.

Scomis operates in a highly competitive world within the education market place – supporting over 740 schools nationwide.  Scomis do not publish their pricing because of the commercial competition. Quotes are only supplied on an individual basis when it receives an expression of interest from a prospective client.

Scomis have started to sell corporate services outside of DCC, again in a highly competitive marketplace, and would not wish to share information with competitors in respect of the ICT Service Catalogue as this could severely prejudice its commercial interests.

DCC appreciates that there is a public interest in openness and transparency, but also needs to ensure that the best interests of the people of Devon and the efficient spending of tax payer’s money are maximised.

Section 31 (3) – ‘Law Enforcement’:

The ICT Service Catalogue contains information relating to DCC’s ICT and Cyber Security systems and packages.  This information is not disclosable under Section 31(3) of the Freedom of Information Act 2000 – ‘Law Enforcement’.  This is because to confirm or deny what information is contained within the ICT Service Catalogue would place the organisation at risk of fraud and crime.  Such systems hold information about individuals and, therefore, the possible chain of events resulting from releasing this information could put individuals, and authorities, at risk of criminal activity.

Release of this information could aid malicious parties by encouraging cyber attacks by enabling parties to deduce where any weaknesses in our systems may lie and therefore how best to attack a DCC user.  Attacks on IT systems are criminal offences, so to provide information might prejudice the prevention of crime by facilitating the possibility of an offence being carried out. There is a very strong public interest in the effectiveness of law enforcement and the prevention of crime.

Although DCC appreciates that there is a general public interest in openness (because this increases public trust and engagement), this public interest should be weighed against a very strong public interest in safeguarding the security of Council specific systems.  Incurring this risk can be deemed not in the public interest.

Section 31 of the Freedom of Information Act 2000 states that there is a very strong public interest in protecting the law enforcement capabilities of public authorities.

3. Technical Standard (What you expect of any new IT or Digital Systems to use) This is available via the link provided – Technical Design Standards

4. Also, can you include a copy of any surveys conducted pertaining to information and/or cyber security, data protection or information governance.”

Information Governance conducted a short survey earlier this year to gather information relating to staff opinions on data protection and cyber security.  The results of this survey can be accessed via the link provided – Data Protection & Cyber Security Survey