Information Technology Infrastructure

Posted on

  

  1. What is your annual IT Budget for 2023, 2024 & 2025? 

 

Please note that details of Devon County Council’s budgets are published on the council’s website at https://www.devon.gov.uk/finance-and-budget/budgets/.   

 

  1. Storage:

  

a. What storage vendor(s) and models do you currently use? 

 

Please see contracts register for details. 

 

 

b. What is the capacity of the storage data in TB & How much of this is utilised? 

 

101TB out of 140TB 

 

c. What were the installation dates of the above storage vendor(s)? (Month/Year) d. 

 

Please see contracts register for details. 

 

d.  When is your planned (or estimated) storage refresh date? (Month/Year)? 

 

Please see contracts register for details. 

 

e. Do you have any extended warranties, if so, with which supplier? 

 

Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  

The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

 

f.  What is your estimated budget for the storage refresh? 

 

Devon County Council does not have a defined budget for this activity. 

 

3.  Server/Compute:

a. What server vendor(s) and models do you currently use?

 Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  . 

 The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 b. What were the installation dates of the above server vendor(s)? (Month/Year) 

 November 2018 

 c. When is your planned (or estimated) server refresh date? (Month/Year) 

 November 2023 

 

d. What is your estimated budget for the server refresh?

 Devon County Council does not have a defined budget for this activity. 

 

e. Do you have any extended warranties, if so, with which supplier?

Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.   

 The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

 f. Which operating systems are used?

 

Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies. 

The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

4.  Security:

a. What security solutions are being utilised?

 Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  

 The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 b. Do you have a SIEM?

 Devon County Council can neither confirm nor deny that we hold the information you have requested.  This is because to do so, would reveal information that we consider is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  

 The council considers that disclosure of the information you have requested would be likely to reveal information about the Council’s security posture that a threat actor could use to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

c. Do you have a SOC? If so, is it in house or outsourced?

 Devon County Council can neither confirm nor deny that we hold the information you have requested.  This is because to do so, would reveal information that we consider is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  I will explain why this is the case below. 

 The council considers that disclosure of the information you have requested would be likely to reveal information about the Council’s security posture that a threat actor could use to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

d. Is it 24/7?

 Devon County Council can neither confirm nor deny that we hold the information you have requested.  This is because to do so, would reveal information that we consider is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  I will explain why this is the case below. 

 The council considers that disclosure of the information you have requested would be likely to reveal information about the Council’s security posture that a threat actor could use to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

e. Name and role for IT Manager(s) / Officer(s) primarily responsible for cybersecurity 

 Cyber security is the responsibility of the Council’s Strategic Cyber Security Manager.   

 

f. Names of all cyber security vendor(s) you use

 Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  .

The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

g. Cost, duration, and end date for the above contract(s)/license(s) 

 

Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies. 

 The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

h. What firewall vendor and model do you leverage?

 Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.   

 The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

i. When are the firewalls due for refresh?

 August 2025 

 

j. When do the firewalls run out of support?

 

Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.   

 The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

5. Backup, DR and BC:

a. What device/system do you use for your daily backups (e.g tape or disk) b. What backup software do you use?

 Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.   

 The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

b. How much data do you backup, in TB?

 Approximately 200TB 

 

c. Do you use a third party to provide a Business Continuity service (e.g. office workplace recovery or infrastructure ship-to-site solutions)?

 Devon County Council can confirm that we hold the information you have requested.  However, we consider this information is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.   

 The council considers that disclosure of the information you have requested would be likely to reveal information that could be used by a cyber threat actor to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

d. When is your estimated backup refresh?

 Please see contracts register for details relating to recent backup refresh. 

 

e. Do you already backup into the cloud?

 Devon County Council can neither confirm nor deny that we hold the information you have requested.  This is because to do so, would reveal information that we consider is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  

 The council considers that disclosure of the information you have requested would be likely to reveal information about the Council’s security posture that a threat actor could use to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

f. Do you back up M365?

 Devon County Council can neither confirm nor deny that we hold the information you have requested.  This is because to do so, would reveal information that we consider is exempt from disclosure on the grounds that Section 31(1)(a) of the Freedom of Information Act 2000 applies.  

 The council considers that disclosure of the information you have requested would be likely to reveal information about the Council’s security posture that a threat actor could use to improve the chances of them targeting a successful cyber-attack against Devon County Council.   

 Whilst we recognise that there is a public interest in openness and transparency around the management of the Council’s IT infrastructure, we consider that there is a stronger public interest in the council being able to maintain the confidentiality, integrity, and availability of its IT infrastructure.  For this reason, we consider that the balance of public interest is best served by withholding this information from disclosure at this time. 

 

6. Number of Physical servers?

4 

7. How far are you in your cloud strategy?

Started to integrate.

 8. Do you use Azure or Amazon Web Services?

 Azure 

 9. Which IT services do you outsource? When do the contracts end?

 

Database Support 

The contract comes to an end in April 2024 

 

10. Please also name all of the IT re-sellers that you work with and buy from, as well as the frameworks utilised.

 

Specialist Computer Centre 

Please see contracts register for details. 

11. Are you actively moving any applications/infrastructure into a cloud environment? If so who is responsible for this?

 

Yes, and this is being achieved with the use of internal resources. 

 

12. What is the total number of IT staff employed by the organization: Please list and provide contact details for the IT senior management team including CIO, IT Director and Infrastructure Architects if applicable.

 115 

Devon County Council does not have a Chief Information Officer or an IT Director.  Responsibility for IT falls to our Strategic Lead for Digital Trans ICT IG & Cyber Security, Gary Dempster who can be contacted via procure@devon.gov.uk. 

 

13.Who is Head of IT? – Please provide contact details

 Gary Dempster 

Email: procure@devon.gov.uk  

 

14. Who is Head of Procurement? – Please provide contact details

 Justin Bennetts 

Email: procure@devon.gov.uk  

 

15. Do you have a managed/shared service with any other councils?

 

No. 

 

16. Do you normally purchase equipment and services as a capital investment (Cap-Ex) or ongoing operational charges (Opex)?

 

Significant value items and bulk purchases – capital (£12k de minimus) 

Otherwise – revenue