Further to the original Facilities Management request, the contract below has expired. Please provide the current status.
I wish to submit to the organisation a freedom of information request relating to the organisation’s ICT contracts, specifically around:
1. contact centre contract(s)
2. inbound network services contract (s)
Please send me the following information for each provider:
1. Incumbent Supplier: For each of the contract(s) please can you provide me with the supplier of the contract.
2. Annual Average Spend: For each supplier, please state the annual average (over 3 years) spend for each supplier
3. Contract Duration: For each supplier, please state the contract duration of the contract expires. If available please also include any contract extensions.
4. Contract Expiry: For each supplier, please state the date of when the contract expires.
5. Contract Review: For each supplier, please state the date of when the contract will be reviewed.
6. Contract Description: For each supplier, please state a brief description of the services provided of the overall contract.
7. Contact Details: For each supplier, please state the person from within the organisation responsible for the contract. Please provide me with their full name, actual job title, contact number and direct email address. At the very least please provide me with their actual job title.
8. Number of Agents; please provide me with the total number of contact centre agents;
9. Number of Sites; please can you provide me with the number of sites the contact centre covers.
10. Manufacturer of the contact centre: Who is the manufacturer of the contact centre system that you operate?
11. Do you use Microsoft Exchange 2003 as your email server? If not, then which products do you use?
12. Number of email users: Approximate number of email users across the organisations.
The second part of my request relates to the use inbound network services contracts which could relate to one of the following:
1. 0800, 0845, 0870, 0844, 0300 number
2. Routing of calls
3. Caller Identifier
4. Caller Profile- linking caller details with caller records
5. Interactive voice response (IVR)
For a contract relating to the above please can you provide me with?
1. Incumbent Supplier: For each of the contract(s) please can you provide me with the supplier of the contract.
2. Annual Average Spend: For each supplier, please state the annual average (over 3 years) spend for each supplier
3. Contract Expiry: For each supplier, please state the date of when the contract expires.
4. Contract Review: For each supplier, please state the date of when the contract will be reviewed.
5. Contract Description: For each supplier, please state a brief description of the services provided of the overall contract.
6. Contact Details: For each supplier, please state the person from within the organisation responsible for the contract. Please provide me with their full name, actual job title, contact number and direct email address.
Thank you for your request dated 23rd November 2022.
Public Health Wales does not confirm or deny that we hold the information you have requested as we do not release details regarding our information security arrangements and we therefore engage the following exemption under the Freedom of Information Act 2000.
Section 38(2) – Health and Safety of the Act – which states that:
38(1) Information is exempt information if its disclosure under this Act would, or would be likely to –
(a) endanger the physical or mental health of any individual, or
(b) endanger the safety of any individual.
(2) The duty to confirm or deny does not arise if, or to the extent that, compliance with section 1(1)(a) would, or would be likely to, have either of the effects mentioned in subsection (1).
Public Interest Test
Public interest considerations in favour of releasing the information.
There is a general public interest in openness and transparency in public sector bodies which can help to maintain public trust.
Information relating to Public Health Wales protective security measures in relation to its systems are clearly matters of public interest and we recognise that there is a legitimate interest in knowing that security measures are in place and where they are focused.
Public interest considerations in favour of refusing to release the information.
Public Health Wales has a duty to protect the public and individuals, and to provide a safe and effective public health service. The release of information under FOIA is ‘release to the world’ and I feel that releasing this information into the public domain would not be in the public interest.
Public Health Wales protective security measures that exist are there to protect our systems which are used to directly assist with the provision of patient care. It has been established that any groups who may be planning cyber-attacks are known to conduct extensive research into the opposition they might face and the release of any information which is held about the security of our systems, no matter how innocuous such requests may appear, may enhance the capability of cyber terrorists and hackers to carry out such attacks.
Releasing any information held could enable hackers and cyber criminals to gain knowledge about Public Health Wales capabilities and IT security measures, and this could enable them to plan attacks where they perceive a lower level of security resource exists. This exposes our IT systems to greater risk and therefore it also follows that risk to our systems will also constitute a risk to both public and staff of Public Health Wales as our systems are used to provide patient care.
Balance of Public Interest Test
Public Health Wales concedes that there is a very real interest in the public knowing that it has adequate levels of protection in place for its IT systems to ensure that we limit any potential for risk befalling the systems on which we heavily rely upon to complete our day to day business and for running the organisation.
However Public Health Wales believes that ensuring the safety of our systems is paramount and on the balance of the information provided above Public Health Wales believes that there would be a clear causative link between releasing the requested information which could then expose Public Health Wales to the risk of crime which could subsequently endanger or cause harm to our patients. Public Health Wales believes that confirming or denying the information requested is held could expose Public Health Wales sites to hackers and cyber criminals this in turn could lead to Public Health Wales being unable to deliver and provide patient care thereby resulting in a real risk of potential harm to our patients and staff and endanger individuals who are depend upon our IT systems for the care they require.
Public Health Wales therefore believes that the public interest in releasing this information outweighs any arguments for disclosure and so we will neither confirm nor deny that we hold the information requested.
If you are unhappy with the service you have received in relation to your request and wish to make a complaint or request a review of the decision, you should write to the Corporate Complaints Manager, Public Health Wales NHS Trust, 3, Number 2, Capital Quarter, Tyndall Street, Cardiff, CF10 4BZ.
If you are not content with the outcome of your complaint or review, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the Trust. The Information Commissioner can be contacted at:
Information Commissioner for Wales
2nd Floor
Churchill House
Churchill Way
Cardiff
CF10 2HH
Telephone: 029 2067 8400
Email: wales@ico.org.uk