Cyber security procurement information

You asked

The information I require is around the procurement side of Cyber Security.

For each of the different types of cyber security services can you please provide me with:

1. Who is the existing supplier for this contract?
2. What does the organisation annually spend for each of the contracts?
3. What is the description of the services provided for each contract?
4. Primary Brand (ONLY APPLIES TO CONTRACT 1&2)
5. What is the expiry date of each contract?
6. What is the start date of each contract?
7. What is the contract duration of contract?
8. The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.
9. Number of Licenses (ONLY APPLIES TO CONTRACT 3)

We said

Thank you for your request.

Please see the following answers to your questions:

1.  Who is the existing supplier for this contract?

• SCC and Computacenter
• Phoenix Software
• Phoenix Software

2.  What does the organisation annually spend for each of the contracts?

Cisco ASA:  

The costs associated with this service are a part of a wider packaged contract. The details of the negotiated costs would be exempt under s.43 of the Freedom of Information Act (2000), as disclosure would prejudice the commercial interests of ONS and its supplier.

The use of this exemption is subject to the public interest test.

Whilst we recognise arguments in favour of transparency and accountability regarding information pertaining to government public spending, we also value the public interest in our own capability to negotiate and to compete in a commercial environment.

Disclosure of the requested information would jeopardise our ability to negotiate future contracts and procurements at an advantageous price for us, which would be in the public interest as this will help to preserve public funds.

Additionally, it is also in the public interest for public authorities to be able to maintain the trust and confidence of the suppliers with which we work. Disclosure of the cost of this service would negatively impact a third party's ability to generate higher levels of income in the future, as their ability to experience open and fair competition for their services would be compromised. This would therefore render this supplier and other companies unwilling to work with us in the future. We would therefore have a reduced pool of suppliers with which we could negotiate. This damage to our reputation therefore directly and negatively impacts our commercial interests.

Therefore, the public interest in withholding this information outweighs the benefit of release.

Checkpoint:

£162,821.00 exc VAT

Defender:

Microsoft defender is embedded in the Microsoft enterprise agreement as it's a Microsoft Windows Defender which is part of our Windows 10 licensing as standard.

Sophos AV:

£32,613.00 exc VAT

3. What is the description of the services provided for each contract?

Please see the answers to questions 1 and 2 for this information.

4. Primary Brand (ONLY APPLIES TO CONTRACT 1&2)

1. Cisco ASA & Checkpoint

2. Defender & Sophos AV

5. What is the expiry date of each contract?

• Cisco ASA 23/07/2023
• Checkpoint 31/03/2022
• Defender 31/10/2022
• Sophos AV 31/03/2022

6. What is the start date of each contract?

• Cisco ASA 01/08/2020
• Checkpoint 01/04/2021
• Defender 01/11/2019
• Sophos AV 01/04/2019

7. What is the contract duration of contract?

• Cisco ASA 3 years
• Checkpoint 1 year
• Defender 3 years
• Sophos AV 3 years

8. The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.

The information is considered exempt under Section 40 (2) of the Freedom of Information Act 2000 (FOIA).

9.  Number of Licenses (ONLY APPLIES TO CONTRACT 3):

In addition, there are various sub-licenses for bespoke requirements.