FOI ref: FOI-2023-1392
You asked
Under the Freedom of Information Act 2000, please can you provide the following information in relation to your past, present and future suppliers of the following services: 1) Email encryption:
a) Do you have a product or supplier for email encryption? b) If so, please can you supply details of the contractual arrangements in place including date of award, details of any Framework used or link to the advertisement, contract value and duration. c) If so, please can you indicate the plans for future procurement of this product? d) If not, please can you indicate what evaluation of the requirement for email encryption has been undertaken? e) Please can you confirm the individual responsible for managing your email encryption contract or wider cyber security contracts and provide their contact details and role title?
2) E-signatures:
a) Do you use a specific product or solution for electronic signatures? b) If so, please can you confirm the name of the supplier from which this solution is purchased? c) If so, please can you supply details of the contractual arrangements in place including date of award, details of any Framework used or link to the advertisement, contract value and duration. d) If so, please can you indicate the plans for future procurement of this product? e) If not, please can you indicate what evaluation of the requirement for email encryption has been undertaken? f) Please can you confirm the individual responsible for managing your e-signature solution contract or wider cyber security and provide their contact details and role title?
We said
Thank you for your request. Please see the following answers to your questions.
Q1) Yes
1a) Framework: Health Trust Europe ICT Solutions Framework
Date Awarded: 01 March 2023
Duration: 12 months
Value: £78,426.33
We are unable to disclose the name of the product in use, as this would prejudice the prevention or detection of crime. We believe that releasing this information would increase the likelihood of criminals conducting malicious attacks on the system, placing ONS and its staff and assets in a much more vulnerable position. s.31(1)(a) of the Freedom of Information Act 2000 (FOIA) is therefore engaged.
This exemption is subject to a public interest test. We recognise that releasing this information would aid transparency and accountability of the ONS and provide information about how effective our cyber security measures are. However, we see greater value in the inherent public interest in crime prevention. There is also a public interest in avoiding the costs (financial, distress, inconvenience, publicity, regulatory) associated with any criminal attack. By refusing this information we are also preventing any threat to the integrity and security of our sensitive data and are ensuring that we can comply with our duties to take all necessary steps to safeguard the sensitive data.
Consequently, we find the public interest falls in favour of withholding the information.
1c) Current product is being reviewed and needs to be assessed against alternative products before final decisions can be made.
1d) The evaluation was 100% cost.
1e) Personal data is exempt under s.40(2) of FOIA. If you are interested in becoming a supplier, please see the relevant section of our website: ONS: About us
2) No