Details of IPSA's information technology solutions

I can confirm that we do hold information relevant to your request.

Please could you provide the following information:

1. How many people are employed by your organisation, including full time and part time?

The latest figure on IPSA staffing is available in our Annual Report and Accounts 2018-19.

This information is therefore subject to a Refusal Notice under section 21 of FOIA, because it is reasonably accessible by other means.

2. What is your current intranet solution? (Sharepoint, Wordpress, Invotra, etc)

SharePoint.

3. How long have you been using this intranet solution?

The organisation was in the process of implementing MS 365 just before the pandemic lockdown, and have been developing it as our Intranet solution since then.

4. When is your intranet contract up for renewal?

Not applicable.

5. What is your annual intranet budget?

There is no separate budget.

6. Do you share an intranet/IT services with other organisations, if so who?

No.

7. Which team and/or individual(s) are responsible for managing your intranet internally?

Individual staff groups are responsible for managing their own SharePoint organisational facing hubs

8. Are you using the Office 365 suite? If so, which applications from the suite are in use?

We are using the MS 365 apps, and currently use Word, Excel, Outlook, PowerPoint, OneNote, SharePoint, Bookings and Skype on a daily business. We are also considering the use of other apps.

9. Which team and/or individual(s) are responsible for your intranet’s procurement within the organisation?

IT.

10. Is your Active Directory hosted on-premise, or in the cloud?

This information is subject to a Refusal Notice under section 31(1)(a) of FOIA, prejudicial to the prevention or detection of crime. This exemption covers all aspects of the prevention or detection of crime, including public authorities without any specific law enforcement responsibilities. The exemption can be used not only to withhold information provided to a law enforcement agency, but also to withhold information that would make anyone, including the public authority itself, more vulnerable to crime.

IPSA maintains that, if it were to disclose details about the hosting of Active Directory, then this would make us highly vulnerable to a cyber attack. It could result in the disclosure of personal and special category data, as well as business information. It would result in IPSA being unable to carry out its responsibilities under the Parliamentary Standards Act 2009 of regulating MPs’ expenses and providing MPs with support.

Section 31(1)(a) is a qualified exemption and we are required to consider the public interest. While I can see the benefit of the public understanding what IT systems that IPSA uses and the financial information around this, I do not find that this extends to knowing about Active Directory. I therefore find that the public interest in withholding the information outweighs the public interest in disclosure at this time.

11. Could you provide us with a link to your Digital Workplace Strategy?

Provision of a copy of our IT Strategy is also subject to a Refusal Notice under section 31(1)(a) of FOIA, prejudicial to the prevention or detection of crime. The reason for the exemption is the same as for the previous question. Our IT Strategy contains not only details of how IPSA intends to use technology to aid its daily work, but also the specifics of this. If this information was disclosed in response to a request under FOIA, then it would put the organisation at risk and with the consequences described above. I therefore find that the public interest in withholding the information outweighs the public interest in disclosure at this time.