EOS / EOL Networking Equipment
1a. What EOS (end of support) or EOL (end of life) networking equipment do you have in your IT estate?
----
Network Lifecycle
2a. Have you conducted a network refresh in the past 36 months?
2b. If so with which area? (eg Data Centre, Enterprise Networking, Wi-Fi, Security, Collaboration) 2c. Which vendor/technology solution was chosen?
2d. Which reseller/partner delivered the solution?
2e. Who maintains the solution?
2f. When does the maintenance contract expire/renewal date?
----
Have you conducted a POC (proof of concept) in the last 12 months for any of the below technology areas?
3a. Data centre (yes/no)
3b. Enterprise networking (yes/no)
3c. Wi-Fi (yes/no)
3d. Security (yes/no)
3e. Collaboration/Microsoft Telephony (calling plan/operator connect/direct routing (yes/no) 3f. Network monitoring (yes/no) 3g. Which vendor and what equipment was tested?
3h. Which partner/reseller provided the POC?
3i. Was the POC successful?
3j. Do you intend to use the solution in a live environment?
----
Do you plan to refresh your network in the next 24 months for any of the below technology areas:- 3a. Data centre (yes/no) 3b. Enterprise networking (yes/no) 3c. Wi-Fi (yes/no) 3d. Security (yes/no) 3e. Collaboration/Microsoft Telephony (yes/no) 3f. Network monitoring (yes/no) 3g. When do you plan to have the new solution implemented? (Specify date) 3h. Have you/do you intend to go to RFx for this?
3i. When do you plan to go to RFx for this?
----
Do you have a Cisco estate for any of the below architecture, and what technology/equipment has been implemented?:- 4a. Data centre 4b. Enterprise networking 4c. Wi-Fi 4d. Security 4e. Collaboration 4f. Network monitoring
----
Cisco Support
5a How are you currently supporting your Cisco estate?
5b. Which company sells/provides you with support?
5c. If you outsource support, for which aspects?
5d. How do you keep your equipment/software up to date?
----
Cisco Partner/Reseller
6a. Who is the supplier/reseller for Cisco hardware/software?
6b. Do you have a preferred supplier agreement for Cisco hardware/software?
6c. When do these supplier agreements expire?
6d. How long has the current supplier relationship existed?
----
Cisco Enterprise Agreement (EA)
7a. Do you have a Cisco (EA)?
7b. When is your (EA) contract expiry/renewal date?
7c. Who provides/resells your Cisco (EA)?
----
Do you have an HP/Aruba estate for any of the below architectures, and what technology/equipment has been implemented?:- 8a. Data centre 8b. Enterprise networking 8c. Wi-Fi 8d. Security 8e. Collaboration 8f. Network monitoring
----
HP/Aruba Support
9a How are you currently supporting your HP/Aruba estate?
9b. Which company sells/provides you with support?
9c. If you outsource support, for which aspects?
9d. How do you keep your equipment/software up to date?
----
HP/Aruba Partner/Reseller
10a. Who is the supplier/reseller for HP/Aruba hardware/software?
10b. Do you have a preferred supplier agreement for HP/Aruba hardware/software?
10c. When do these supplier agreements expire?
10d. How long has the current supplier relationship existed?
----
HP/Aruba Enterprise Agreement (EA)
11a. Do you have an HP/Aruba (EA)?
11b. When is your (EA) contract expiry/renewal date?
11c. Who provides/resells your HP/Aruba (EA)?
----
Telephony
12a. Do you have ISDN Lines?– Supplier, quantity (lines), contractual position 12b. Do you have PSTN Lines? – Supplier, quantity (lines), contractual position.
12c. Do you have SIP Channels? - Supplier, quantity (channels), contractual position.
12d. Have you started/completed projects to prepare for the PSTN switch-off?
12e. Which technology partner assisted in your PSTN switch-off readiness project?
12f. Would you describe your organisation as entirely ready for the PSTN switch-off?
12g. PBX (phone system) Make & Model (eg Avaya, Cisco, Mitel), contractual position 12h. Who maintains your PBX (phone system) 12i. How long has the relationship with the maintainer been in place?
12j. Are you considering or interested in Microsoft Telephony (eg Calling Plans, Direct Routing, Operator connect)?
Thank you for your recent request dated 22nd June 2023.
Public Health Wales does not confirm or deny that we hold the information you have requested regarding end of support or end of life networking equipment. Providing the level of detail requested may result in releasing sufficient information to potentially compromise our information security arrangements. We therefore engage the following exemption under the Freedom of Information Act 2000.
Section 38(2) – Health and Safety of the Act – which states that:
38(1) Information is exempt information if its disclosure under this Act would, or would be likely to –
(a) endanger the physical or mental health of any individual, or
(b) endanger the safety of any individual.
(2) The duty to confirm or deny does not arise if, or to the extent that, compliance with section 1(1)(a) would, or would be likely to, have either of the effects mentioned in subsection (1).
In order to engage this exemption, I am required to consider the public interest.
Public interest considerations in favour of releasing the information.
There is a general public interest in openness and transparency in public sector bodies which can help to maintain public trust.
Information relating to Public Health Wales end of support or end of life networking equipment are clearly matters of public interest and we recognise that there is a legitimate interest in knowing the details surrounding this networking equipment.
Public interest considerations in favour of refusing to release the information.
Public Health Wales has a duty to protect the public and individuals, and to provide a safe and effective public health service. The release of information under FOIA is ‘release to the world’ and I do not believe that there is a significant public interest in the level of detail that you have requested.
Public Health Wales end of support or end of life networking equipment that exist are used to directly assist with the provision of patient care. It has been established that any groups who may be planning cyber-attacks are known to conduct extensive research into the opposition they might face and the release of any information which is held about the details of our systems, no matter how innocuous such requests may appear, may enhance the capability of cyber terrorists and hackers to carry out such attacks.
Releasing any information held could enable hackers and cyber criminals to gain knowledge about Public Health Wales capabilities, and this could enable them to plan attacks where they perceive a lower level of security resource exists. This exposes our systems to greater risk and therefore it also follows that risk to our systems will also constitute a risk to both public and staff of Public Health Wales as our systems are used to provide patient care.
Balance of Public Interest Test
Public Health Wales concedes that there is a very real interest in the public knowing that it has adequate levels of protection in place for its systems to ensure that we limit any potential for risk befalling the systems on which we heavily rely to complete our day to day business and for running the organisation.
However Public Health Wales believes that ensuring the safety of our systems is paramount and on the balance of the information provided above Public Health Wales believes that there would be a clear causative link between releasing the requested information which could then expose Public Health Wales to the risk of crime which could subsequently endanger or cause harm to our patients. Public Health Wales believes that confirming or denying the information requested is held could expose Public Health Wales sites to hackers and cyber criminals this in turn could lead to Public Health Wales being unable to deliver and provide patient care thereby resulting in a real risk of potential harm to our patients and staff and endanger individuals who are depend upon our systems for the care they require.
I believe therefore that the public interest in withholding this information outweighs any arguments for disclosure and so we will neither confirm nor deny that we hold the information requested.
If you are unhappy with the service you have received in relation to your request and wish to make a complaint or request a review of the decision, you should write to the Corporate Complaints Manager, Public Health Wales NHS Trust, 3, Number 2, Capital Quarter, Tyndall Street, Cardiff, CF10 4BZ.
If you are not content with the outcome of your complaint or review, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the Trust. The Information Commissioner can be contacted at:
Information Commissioner for Wales
2nd Floor
Churchill House
Churchill Way
Cardiff
CF10 2HH
Telephone: 029 2067 8400
Email: wales@ico.org.uk