I would be grateful if you could provide the most recent contract information you hold for the following areas:
1. Standard Firewall (Network)
Firewall services that protect the organisation’s network from unauthorised access and other internet security threats.
2. Anti-virus Software Application
Programs designed to prevent, detect, and remove viruses, malware, trojans, adware, and related threats.
3. Microsoft Enterprise Agreement
A volume licensing agreement that may include:
Microsoft 365 (Office, Exchange, SharePoint, Teams)
Windows Enterprise
Enterprise Mobility + Security (EMS)
Azure services (committed or pay-as-you-go)
4. Microsoft Power BI
Or any alternative business intelligence platform used for data connectivity, dashboards, and reporting.
For each of the above areas, I kindly request the following:
Who is the existing supplier for this contract?
What is the annual spend for each contract?
What is the description of the services provided?
Primary brand (where applicable)
What is the start date of the contract?
What is the expiry date of the contract?
What is the total duration of the contract?
Who is the responsible contract officer?
* Please include at least their job title, and where possible, name, contact number, and direct email address
How many licences or users are included (where applicable)?
In response to all of the above questions, please see the table below:
| Contract | Supplier | Annual spend? | Description? | Primary brand (where applicable) | Start date? | Expiry date? | Total duration? | Responsible contract officer? | How many licences or users (where applicable)? |
| 1. Standard Firewall (Network) | SCC | Approx. £35k | Firewall appliances | * | 03/03/2019 | 31/08/2026 | 6.5 years | Infrastructure Manager | N/A |
| 2. Anti-virus Software Application | Included in below | ||||||||
| 3. Microsoft Enterprise Agreement | SCC | Approx. £2.3m | Microsoft 365 E5/A5 licenses | N/A | 01/09/2024 | 31/08/2028 | 3 years | Supplier Relationship Manager | Approx. 6,500 |
| 4. Microsoft Power BI | Included in above | ||||||||
* This information is exempt from disclosure under Section 31(1) of the Freedom of Information Act 2000 (Prevention or Detection of Crime).
Devon County Council can confirm the requested information is held; however, this information constitutes valuable intelligence, that could be leveraged by a motivated cyber threat actor to inform a successful attack against Council infrastructure. Releasing this information would therefore increase the chances of the Council becoming the victim of a cyber-attack.
The Council has considered the public interest in releasing this information and recognises there is a public interest in openness and transparency. However, there is a stronger public interest in the Council maintaining the security and integrity of its IT systems. Significant weight should be applied to this public interest consideration given the current elevated cyber threat landscape facing public sector organisations. Therefore, the balance of public interest weighs in favour of withholding this information from disclosure.