FOI 25-293 Cyber Security Services

Freedom of Information Request

Reference
FOI 25-293 Cyber Security Services
Request Date
08 Jul 2025
Response Date
05 Aug 2025
Information Requested

Dear Data and Information Officer, I am conducting a research project into how public sector organisations procure cyber security services and enterprise software platforms. As part of this, I would be grateful if you could provide the most recent contract information you hold for the following areas:  

  1. Standard Firewall (Network) Firewall services that protect the organisation’s network from unauthorised access and other internet security threats. 
  2. Anti-virus Software Application Programs designed to prevent, detect, and remove viruses, malware, trojans, adware, and related threats. 
  3. Microsoft Enterprise Agreement A volume licensing agreement that may include: ● Microsoft 365 (Office, Exchange, SharePoint, Teams) ● Windows Enterprise ● Enterprise Mobility + Security (EMS) ● Azure services (committed or pay-as-you-go) 
  4. Microsoft Power BI Or any alternative business intelligence platform used for data connectivity, dashboards, and reporting. 

 

For each of the above areas, I kindly request the following:  

Who is the existing supplier for this contract?  

What is the annual spend for each contract?  

What is the description of the services provided?  

Primary brand (where applicable)  

What is the start date of the contract?  

What is the expiry date of the contract?  

What is the total duration of the contract?  

Who is the responsible contract officer?  • Please include at least their job title, and where possible, name, contact number, and direct email address  

 

How many licences or users are included (where applicable)? Important Notes ● I do not request any technical specifications such as device models, serial numbers, IP ranges, or site-level infrastructure details that may pose a security or operational risk.  

  • If full disclosure of named personnel is not possible under Section 40 of the FOI Act, I would still appreciate disclosure of job titles and generic contact information, such as a team inbox or switchboard extension. ● If any commercial sensitivities under Section 43 apply, I respectfully request a clear explanation of the specific harm expected from disclosing aggregated annual spend or supplier names, especially where the contract has already been awarded. ● This request is made in line with the principles of the Procurement Act 2023, which reinforces the importance of transparency and public access to contract information, particularly around supplier identity, contract value, and duration. If any part of this request is likely to exceed the cost/time limits, I would be grateful if you could prioritise the information that can be provided within the statutory threshold. This request is submitted under the Freedom of Information Act 2000, and I look forward to your response within 20 working days. 
Response

We note that you have referenced FOIA 2000, please note the Scottish Ambulance Service is responding under FOISA 2002 (Freedom of Information Scotland Act 2002).  

 

  1. Standard Firewall (Network) Firewall services that protect the organisation’s network from unauthorised access and other internet security threats. 

The Current contract is with BT and is valid between 30/05/2024-30/05/2027 at a cost of £23k.  The Scottish Ambulance Service’s Head of Procurement is responsible for this contract. 

 

An exemption under section 38(1)(b) of FOISA states: information which relates to a living individual other than the applicant for the information will be exempt where the disclosure of the information the rights of an individual under the Data Protection Act 2018, UKGDPR.  We have applied this to your request for name and contact details.  Procurement can be contacted on sas.procurement@nhs.scot 

 

  1. Anti-virus Software Application Programs designed to prevent, detect, and remove viruses, malware, trojans, adware, and related threats.

We have applied section 17 of the Freedom of Information Scotland Act 2002 as information not held.  This is a national contract which is managed by National Service Scotland (NSS) this can be requested from Freedom of information | National Services Scotland 

 

  1. Microsoft Enterprise Agreement A volume licensing agreement that may include: ● Microsoft 365 (Office, Exchange, SharePoint, Teams) ● Windows Enterprise ● Enterprise Mobility + Security (EMS) ● Azure services (committed or pay-as-you-go) 

We have applied section 17 of the Freedom of Information Scotland Act 2002 as information not held.  This is a national contract which is managed by National Service Scotland (NSS) this can be requested from Freedom of information | National Services Scotland 

 

  1. Microsoft Power BI Or any alternative business intelligence platform used for data connectivity, dashboards, and reporting

We have applied section 17 of the Freedom of Information Scotland Act 2002 as information not held.  This is a national contract which is managed by National Service Scotland (NSS) this can be requested from Freedom of information | National Services Scotland 

 

 

 

In This Section