FOI reference - FOI 2015-05-12
Date - 12/05/2015
- Do you look after your own IT or is it outsourced?
- How much did you pay in last financial year for software licenses?
- How many computers users do you have?
- When do you need to renew the contract with Microsoft for software licenses? What was the value of your last contract per year?
- Do you currently measure software usage versus the number of licenses purchased? If so what is used for software usage metering?
- Do you use a software asset management tool?
- Please also provide details of IT contracts managers and any person(s) involved in IT software procurement”
Duty to confirm or deny whether TPR holds the information requested
I can confirm that The Pensions Regulator (TPR) holds the information you have requested. However, we are unable to supply some of the information requested for the reasons set out in the relevant section below.
Information we are able to supply
1. Do you look after your own IT or is it outsourced?
TPR’s IT department manages TPR’s estate, operating an in-source model. Some third parties may be utilised where specialist skills are required to supplement the in-house IT teams.
2. How much did you pay in last financial year for software licenses?
£843,187 (inclusive of VAT)
3. How many computers users do you have?
496. We have interpreted your request to mean the number of active user accounts across TPR.
4. When do you need to renew the contract with Microsoft for software licenses?
Our current Microsoft licences expire on 30 June 2017.
What was the value of your last contract per year?
The value of our last contract per annum was as follows:
- 2009/10 £66,914.13 (includes 15% VAT)
- 2010/11 £120,906.83 (includes 17.5% VAT)
- 2011/12 £70,869.11 (includes 20% VAT)
- 2012/13 £95,091.94 (includes 20% VAT)
- 2013/14 £188,851.28 (includes 20% VAT)
- 2014/15 £237,725.24 (includes 20% VAT)
Please note that Microsoft contracts are not renewed annually; contract length is determined by enterprise subscription offerings based on the government framework at the time, and it is usual to have either a three or five year agreement. For example, the duration of our previous Microsoft contract was five years.
5. Do you currently measure software usage versus the number of licenses purchased? If so what is used for software usage metering?
TPR measures usage by assigning licenses to users manually via active directory groups and VDI. No software is currently used to monitor usage but we are looking to procure a tool to automate this function in the near future.
6. Do you use a software asset management tool?
TPR does not currently utilise a software asset management tool.
Information we are not able to supply
7. Please also provide details of IT contracts managers and any person(s) involved in IT Software procurement
I have been unable to release the information requested in question 7 for the reasons set out below:
Section 40(2) Freedom of Information Act (FoIA)
The names which have been withheld are exempt from disclosure under section 40 (personal information) of the FoIA.
This is because the names constitute personal data as defined in section 1(1) of the Data Protection Act 1998 (DPA) and disclosing would not comply with the data protection principles set out in the DPA, in particular the requirement in the first data protection principle for processing to be fair and lawful and to comply with one of the conditions of processing in Schedule 2.
In considering whether disclosure would meet the requirement of fairness under the first data protection principle, I have reached the view that the persons concerned are not employed in public facing roles or roles that are of a level of seniority that would displace their reasonable expectation of privacy, bearing in mind that disclosure under the FoIA is to the public at large. Although there is a legitimate public interest in disclosure of information held by public bodies, in this case there is no strong public interest in the names of these particular employees being released into the public domain. TPR therefore considers disclosure in these circumstances to be prejudicial to these employees’ rights under the DPA and that these concerns outweigh the general public interest in transparency and accountability under the FoIA.
Disclosure of direct email addresses for TPR’s ICT staff, to the world at large, could lead to unsolicited or other inappropriate contact from sales and marketing individuals offering ICT related services and equipment which would have an impact on staff productivity but also be unfair to the individual staff members in question. TPR’s ICT staff have a reasonable expectation and right to be allowed to carry out their roles without being subjected to unsolicited or excessive marketing emails. It is therefore TPR’s policy that where a member of TPR ICT staff has not personally provided a contact with their direct email address, any emails sent to TPR in respect of ICT are to be sent to the following email address: firstname.lastname@example.org
As disclosure of the requested information would not comply with the DPA, the exemption in section 40(2) FoIA must be applied. This exemption is absolute and requires no further public interest balancing test beyond that involved in reaching my conclusion on compliance with the DPA.
Duty to provide advice and assistance
I am mindful of the duty to provide advice and assistance to requesters, as far as it is reasonably practicable to do so.
You may find other FoIA requests relating to IT expenditure and services informative. These can be found on our website in recently released information.
As I explained above, I am unable to provide you with contact details for IT staff who deal with procurement and contracts. However, you may find it useful to review the doing business with us page on our website.