Freedom of information response

Information technology software info

Publication date: 
Tuesday 2 June 2020
Request: 
  • What reseller do you prefer to buy your Software through? 
  • Are there any favoured frameworks you tend to use?
  • Who is the decision-maker for IT Purchasing?
  • Who is your mobile phone provider?
  • What Mobile Device Management Solution are you using and when is the renewal date?
  • What Mobile Threat Detection do you have in place for mobile devices and when is the renewal date?
  • What Virtual Desktop Software do you have in place for remote workers and when is the renewal date?
  • Do you currently use a document security or digital rights management tool and when is the renewal date?
  • What are you using for instant messaging?
  • Who do you currently use for your Annual IT health checks and when is your next one due?
  • What email exchange server are you running? Cloud or on-premise?
  • What antivirus software/tool do you use and when is the renewal date?
  • Do you have an incident response team within your IT department?
Response: 
  • Bytes
  • Crown Commercial services and G-Cloud are regularly used
  • Strategic Lead
  • Vodafone and Telefonica (O2)
  • InTune – July 2021
  • No
  • Citrix and AOVPN
  • No
  • Microsoft Teams
  • Yes - October
  • A mixture
  • Section 31 exemption applies, please see below for further details
  • Yes

Section 31 Law Enforcement

With regards to the question above, it is our view that the information should not be released. We have therefore applied the exemption contained in Section 31 - Law Enforcement to this request. Providing the information you have requested could compromise the security of the councils network / data. The reasons for the application of this exemption have been captured below under the public interest test section.

Public Interest Test:

  • Public interest in disclosure:
    • It would inform the public of the security arrangements in place to protect their data and the spend associated with arrangements.
  • Public interest to maintain the exemption:
    • The identification of hardware to ascertain manufacturer/platforms is one of the first things a hacker will perform or look for;
    • Releasing the brand of our Web Filtering Provider for example will reduce the amount of time an attacker would need to spend trying targeted vulnerabilities, on the basis that they will already know which ones to try;
    • If hackers already have this information then they can skip the above phase, which in turn reduces the likelihood of detection by our security systems.

Based on the above, it is the council’s view that there is a stronger public interest to maintain the use of the exemption for section 31. The key reasons for this is as follows:

The council feels the factors in favour of withholding the information outweigh those in favour of publication. A realistic outcome/consequence of releasing this information would be that the Council would be subject to attack or become increasingly vulnerable to attack. Therefore it is not in the public interest for the Council to make itself vulnerable to a cyber-attack as it is tax payers money that will be used to pay for additional software to increase our protection as well as the cost of repairing damage done during an attack.

You are free to use any information supplied to you for your own use, including non-commercial research purposes. However, any other type of re-use, for example, by publishing the information or issuing copies to the public will require the permission of the copyright owner.

Where the copyright is owned by Thurrock Council, you must apply to the Council to re-use the information. Please email information.matters@thurrock.gov.uk if you wish to re-use the information you have been supplied. For information where the copyright is owned by another person or organisation, you must apply to the copyright owner to obtain their permission.

Request reference:
FOI 9995