Information Technology Procurement- 18116

< Back

A request for information about information technology procurement – 18116

Ref: FOI/18116

RE: FREEDOM OF INFORMATION ACT 2000 REQUEST

I am writing to confirm that the West Midlands Fire Service has now completed its search for the information you requested on 2nd August 2018.

Please find below a summary of our findings.

Request

  1. Do you have a procurement policy which supports the use of UK Government IT procurement frameworks, such as G-Cloud and Digital Outcomes and Specialists?

Reply

Yes.

Request

  1. Has your organisation adopted a strategy or IT policy guidance for using:

(Please indicate yes or no for each)

  • Hyperscale public cloud (e.g. AWS / Azure/ Google Cloud Platform)
  • Other cloud (e.g. UK Cloud)
  • Software as a Service (e.g. Office 365)

Reply

  • Hyperscale public cloud (e.g. AWS / Azure/ Google Cloud Platform) No
  • Other cloud (e.g. UK Cloud) No
  • Software as a Service (e.g. Office 365) Yes

Request

2.1. Who is responsible for each?

Reply

With regards for the contact details of ICT Manager, WMFS ICT Department operates a single point of contact policy and callers are directed to the ICT Service Desk via HQ Reception on 0121 380 6067. The call will be directed to the ICT Service Desk and allocated to the ICT specialist with responsibility for the specific service. There is a direct email address for suppliers making sales enquires email: procurement.enquires@wmfs.net. Furthermore, guidance from the Information Commissioner’s Office is as follows:

* The presumption is in favour of protecting privacy, so the release of personal information will only be fair if there is a genuine reason to disclose. This involves a three-stage test. A public authority will generally have to satisfy itself that:

* There is a legitimate interest in disclosure;

* The legitimate interest can only be met, or fully met, by the disclosure of information which identifies individuals (i.e. the disclosure is necessary to that purpose); and, the disclosure would not involve unwarranted detriment to the individual’s privacy or other rights and legitimate interests.

* You can find out more about FOI exemptions from the Information Commissioner’s Office. This will explain which one or more of the FOI exemptions applies, and tell you how to appeal if you disagree with our decision.

Request

  1. How many on-premise data centres do you own?

Reply

As a major emergency service provider, you will appreciate that we must ensure that our systems are appropriately protected. Releasing detailed information about our IT systems and infrastructure in response to your request and other similar requests under Freedom of Information has wider implications that we must consider.  By this we mean that disclosing this information may prejudice our ability to maintain our own and national security. We believe that maintaining security and ensuring public safety in a national and local context takes precedence over this request.

We accept that this type of information is of interest to commercial companies and to researchers but believe that it is not in the greater public good to release detailed information.

We do not imply that release of this information alone would necessarily be immediately detrimental, but taken with other information we consider that it could have an adverse effect on our capability, effectiveness and security. Given the current security climate in the UK we recognise the necessity to take a precautionary approach. In this situation we have also taken account of whether the release of this information, could, if put together with other available information, cause damage. After consideration we concluded that this type of information cannot be divorced from its context and looked at in isolation. In some circumstances, releasing this information could give rise to prejudice that would not otherwise have existed, because, taken together with other information requested, it could disclose a composite of information which is more sensitive than its individual parts taken separately.

We are therefore refusing your request under several Freedom of Information exemptions, s24 National Security, s36 Effective conduct of public affairs, s44 Prohibition on Disclosure.

In taking this decision we have taken note of the Centre for Protecting the National Infrastructure Guidance on disclosure of sensitive information, which states

“…. that national security is paramount and should be considered carefully in any government or commercial decision to release or disseminate information to the public”.

This guidance continues to state that careful consideration must be given before disclosing ‘precise information which exposes an organisation’s information or process control systems to the threat of electronic attack’.

Some of these exemptions are subject to the public interest test. This means that we must consider whether the public interest in releasing the information outweighs the public interest in refusing to disclose. We have considered that it is in the interest of the majority of the public to protect our systems from potential harm, in order to support us to ensure public safety. We have also decided that the likelihood of damage to our systems need not be immediate as the impact would, in an emergency situation, be potentially serious.

We also considered whether release of this information is in the public interest in terms of explaining our decisions, ensuring accountability, or providing transparency into our handling of public finances. We have concluded that the detail of this information is not necessary to meet the public interest or reassure public concerns. As a result, we have decided that the public interest is better served by not disclosing this detailed information.”

Request

  1. How many third-party data centres do you use?

Reply

None

Request

Do you use cloud for storing data / applications?

Reply

Yes

Request

  1. Expressed in percentage terms, approximately what proportion of your data and applications are held in:
  • An on-premise data centre
  • A third-party data centre
  • Hyperscale public cloud (e.g. AWS / Azure/ Google Cloud Platform)
  • Other public cloud (e.g. UK Cloud)
  • Private cloud

Reply

As a major emergency service provider, you will appreciate that we must ensure that our systems are appropriately protected. Releasing detailed information about our IT systems and infrastructure in response to your request and other similar requests under Freedom of Information has wider implications that we must consider.  By this we mean that disclosing this information may prejudice our ability to maintain our own and national security. We believe that maintaining security and ensuring public safety in a national and local context takes precedence over this request.

We accept that this type of information is of interest to commercial companies and to researchers but believe that it is not in the greater public good to release detailed information.

We do not imply that release of this information alone would necessarily be immediately detrimental, but taken with other information we consider that it could have an adverse effect on our capability, effectiveness and security. Given the current security climate in the UK we recognise the necessity to take a precautionary approach. In this situation we have also taken account of whether the release of this information, could, if put together with other available information, cause damage. After consideration we concluded that this type of information cannot be divorced from its context and looked at in isolation. In some circumstances, releasing this information could give rise to prejudice that would not otherwise have existed, because, taken together with other information requested, it could disclose a composite of information which is more sensitive than its individual parts taken separately.

We are therefore refusing your request under several Freedom of Information exemptions, s24 National Security, s36 Effective conduct of public affairs, s44 Prohibition on Disclosure.

In taking this decision we have taken note of the Centre for Protecting the National Infrastructure Guidance on disclosure of sensitive information, which states

“…. that national security is paramount and should be considered carefully in any government or commercial decision to release or disseminate information to the public”.

This guidance continues to state that careful consideration must be given before disclosing ‘precise information which exposes an organisation’s information or process control systems to the threat of electronic attack’.

Some of these exemptions are subject to the public interest test. This means that we must consider whether the public interest in releasing the information outweighs the public interest in refusing to disclose. We have considered that it is in the interest of the majority of the public to protect our systems from potential harm, in order to support us to ensure public safety. We have also decided that the likelihood of damage to our systems need not be immediate as the impact would, in an emergency situation, be potentially serious.

We also considered whether release of this information is in the public interest in terms of explaining our decisions, ensuring accountability, or providing transparency into our handling of public finances. We have concluded that the detail of this information is not necessary to meet the public interest or reassure public concerns. As a result, we have decided that the public interest is better served by not disclosing this detailed information.”

Request

  1. Is your IT primarily managed in-house or is it outsourced?

Reply

As a major emergency service provider, you will appreciate that we must ensure that our systems are appropriately protected. Releasing detailed information about our IT systems and infrastructure in response to your request and other similar requests under Freedom of Information has wider implications that we must consider.  By this we mean that disclosing this information may prejudice our ability to maintain our own and national security. We believe that maintaining security and ensuring public safety in a national and local context takes precedence over this request.

We accept that this type of information is of interest to commercial companies and to researchers but believe that it is not in the greater public good to release detailed information.

We do not imply that release of this information alone would necessarily be immediately detrimental, but taken with other information we consider that it could have an adverse effect on our capability, effectiveness and security. Given the current security climate in the UK we recognise the necessity to take a precautionary approach. In this situation we have also taken account of whether the release of this information, could, if put together with other available information, cause damage. After consideration we concluded that this type of information cannot be divorced from its context and looked at in isolation. In some circumstances, releasing this information could give rise to prejudice that would not otherwise have existed, because, taken together with other information requested, it could disclose a composite of information which is more sensitive than its individual parts taken separately.

We are therefore refusing your request under several Freedom of Information exemptions, s24 National Security, s36 Effective conduct of public affairs, s44 Prohibition on Disclosure.

In taking this decision we have taken note of the Centre for Protecting the National Infrastructure Guidance on disclosure of sensitive information, which states

“…. that national security is paramount and should be considered carefully in any government or commercial decision to release or disseminate information to the public”.

This guidance continues to state that careful consideration must be given before disclosing ‘precise information which exposes an organisation’s information or process control systems to the threat of electronic attack’.

Some of these exemptions are subject to the public interest test. This means that we must consider whether the public interest in releasing the information outweighs the public interest in refusing to disclose. We have considered that it is in the interest of the majority of the public to protect our systems from potential harm, in order to support us to ensure public safety. We have also decided that the likelihood of damage to our systems need not be immediate as the impact would, in an emergency situation, be potentially serious.

We also considered whether release of this information is in the public interest in terms of explaining our decisions, ensuring accountability, or providing transparency into our handling of public finances. We have concluded that the detail of this information is not necessary to meet the public interest or reassure public concerns. As a result, we have decided that the public interest is better served by not disclosing this detailed information.”

Request

  1. Do you share your IT infrastructure and services with any other organisation?

Reply

No

Request

  1. Do you have a central IT department?

Reply

Yes

Request

  1. Who in your organisation is responsible for driving your cloud strategy?

Reply

Strategic Head of IT

Request

  1. If your organisation does have a cloud strategy, what are the main drivers?

Reply

  • Cost savings Scalability
  • Agility
  • Security
  • Modernisation

Request

  1. In the next 12 months are you looking to procure any of the following?

(Please indicate yes or no for each)

On-premise data centre

Colocation facilities

Physical IT infrastructure

Hyperscale public cloud services (e.g. AWS / Azure/ Google Cloud Platform)

Other public cloud services (e.g. UK Cloud)

Private cloud services

Outsourced IT managed services

Reply

  • On-premise data centre – No
  • Colocation facilities – No
  • Physical IT infrastructure – Yes
  • Hyperscale public cloud services (e.g. AWS / Azure/ Google Cloud Platform) – Yes
  • Other public cloud services (e.g. UK Cloud) – No
  • Private cloud services – No
  • Outsourced IT managed services – No

If you have any queries about this email, please contact me.  Please remember to quote the reference number above in any future communications. If you are unhappy with the service you have received in relation to your request and wish to make a complaint or request a review of our decision please write to The Public Relations Department, West Midlands Fire Service, 99 Vauxhall Road, Birmingham, B7 4HW

Further information concerning Freedom of Information requests can be found on the Information Commissioner website at either the following link: https://ico.org.uk/ or at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

Customer Service Form

General enquiry


A safe and well visit for you..

A safe and well visit for someone else...

Safeside enquiry form


Quick poll

How often do you test your smoke alarm?

We've running a quick poll to find out how often people test their smoke alarms

Accessibility