FOI release

ICT / Infrastructure Procurement Information

Case reference FOI2026/00626

Received 18 June 2026

Published 16 July 2026

Request

Under the Freedom of Information Act 2000, I would like to request information relating to recent or current data centre-related procurement activity undertaken by your organisation within the last 3 years. Where held, please provide: 1. High-level technical specification or requirements documents relating to relevant procurements 2. Evaluation criteria, weighting models, or scoring methodologies used during the procurement process 3. Clarification questions and responses issued during the procurement 4. High-level summaries or redacted extracts of successful supplier approaches relating to: * implementation methodology * migration or transition approach * support/service delivery model * resilience or continuity arrangements * governance or operational approach 1. Contract award values, durations, extension provisions, and any publicly releasable pricing summaries 2. Contract variation notices, change notices, or extension approvals where applicable 3. Any bidder evaluation summaries, moderation summaries, or award recommendation summaries capable of disclosure in redacted form I am not requesting: * personal data * security-sensitive operational information * source code * proprietary low-level technical detail * information which would clearly prejudice legitimate commercial interests Where full disclosure is considered exempt, I request disclosure in partially redacted or summary form wherever reasonably possible. If the request exceeds appropriate cost limits, please treat this as a request for the most recent and most significant relevant procurement activity only. If information is withheld, please specify: * the exemption relied upon * whether partial disclosure was considered * whether a document schedule/index can be provided Kind regards, Adam Skeates Procurement Specialist – Estates & Capital [cid:image001.jpg@01DCFF2F.17868570] • 07341 097273 › Adam.Skeates@wpl.uhs.nhs.uk ü www.wessexprocurement.nhs.uk ******************************************************************************************************************** Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Trust unless explicitly stated otherwise. If you have received this e-mail in error please delete it and contact the University Hospital Southampton NHS Foundation Trust Helpdesk on:- 023 807 77222 The information contained in this e-mail may be subject to public disclosure under the Freedom of Information Act 2000. Unless the Information is legally exempt from disclosure, the confidentiality of this e-mail and your reply cannot be guaranteed. This footnote also confirms that this email message has been checked for computer viruses. Please visit our website at http://www.uhs.nhs.uk Think of the environment. Please avoid printing this e-mail unnecessarily.

Response

In accordance with section 1(1)(a) of the Freedom of Information Act 2000 (FOIA), Oxford City Council (OCC) confirms that it holds information within the scope your request.

 

1. High-level technical specification or requirements documents relating to relevant procurements

 

OCC holds documentation describing the high-level requirements for the procurement, including a Cabinet report describing the requirement for replacement hosting and data centre services, migration to Microsoft Azure, and associated managed infrastructure services; and the executed Call-Off Contract under the HealthTrust Europe ComIT3 Framework, including a specification of the services to be provided.

 

OCC is able to disclose the high-level description of the requirement. However, detailed technical specifications, infrastructure architecture, service configurations, network topology, cyber security controls, disaster recovery configurations and operational procedures have been withheld under section 31(1)(a) of the FOIA, which relates to law enforcement and, specifically, the prevention or detection of crime, as disclosure would expose details of OCC's Information and Communications Technology (ICT) infrastructure.

 

Certain proprietary supplier service descriptions have also been withheld under section 43(2) of the FOIA, which relates to the protection of commercial interests.

 

2. Evaluation criteria, weighting models, or scoring methodologies used during the procurement process

 

The procurement was undertaken as a Direct Award under the HealthTrust Europe ComIT3 Framework.

 

The procurement documentation records that OCC relied upon the Direct Award provisions of the framework, together with an objective justification that considered the service requirements, quality and price, cyber security, continuity of service, supplier experience and budget constraints.

 

OCC does not hold a procurement-specific evaluation scoring matrix or moderation scoring because no mini-competition was undertaken.

 

3. Clarification questions and responses issued during the procurement

 

OCC does not hold a supplier clarification log comparable to one that would ordinarily be produced during a competitive procurement.

 

Internal correspondence is held between OCC’s ICT, Procurement and Legal Services teams concerning the development of the procurement documentation and contract. However, these internal discussions do not constitute supplier clarification questions and responses issued during a competitive procurement.

 

4. High-level summaries or redacted extracts of successful supplier approaches relating to:

 

  *   implementation methodology

The implementation methodology involved the provision of managed hosting services under the HealthTrust Europe ComIT3 Framework, together with the phased migration of infrastructure and services to Microsoft Azure using agreed Statements of Work where required.
  *   migration or transition approach

The migration and transition approach involved migration from the existing Specialist Computer Centres-hosted data centre environment to an Azure-based cloud infrastructure while maintaining continuity of critical OCC services.
  *   support/service delivery model

The support and service delivery model covers managed infrastructure services relating to Microsoft Azure cloud services, networking, security, identity services, service management, monitoring, backup, disaster recovery, cyber security, Microsoft 365 support and associated infrastructure management.
  *   resilience or continuity arrangements

The resilience and continuity arrangements include managed monitoring, backup and disaster recovery capability, service continuity arrangements, defined service levels and contractual step-in rights.
  *   governance or operational approach

The governance and operational approach includes named Contract Managers, monthly service reviews, risk management, continual service improvement, technical account management, key performance indicator reporting and formal change-control arrangements.

 

Detailed operational documentation has been withheld under section 31(1)(a) of the FOIA, which relates to law enforcement and the prevention or detection of crime, and section 43(2) of the FOIA, which relates to commercial interests.

 

1. Contract award values, durations, extension provisions, and any publicly releasable pricing summaries

 

OCC can disclose the following information:

  • Contractor: Specialist Computer Centres Public Limited Company (SCC)

  • Procurement route: Direct Award under the HealthTrust Europe ComIT3 Framework

  • Contract commencement date: 1 September 2024

  • Initial term: Five years

  • Extension provisions: Up to a maximum of ten years in accordance with the framework

  • Estimated contract value: Approximately £3.5 million over the initial five-year term

  • Estimated annual value: Approximately £570,000, together with any applicable overages

Detailed pricing schedules have been withheld under section 43(2) of the FOIA.

 

2. Contract variation notices, change notices, or extension approvals where applicable

At the time the request was received, OCC did not hold any contract variation notices, extension approvals or change notices falling within the scope of your request.

 

3. Any bidder evaluation summaries, moderation summaries, or award recommendation summaries capable of disclosure in redacted form

 

As the procurement was undertaken by Direct Award under an existing framework agreement, OCC does not hold bidder moderation reports or comparative evaluation summaries between competing suppliers.

 

Section 31(1)(a) of the FOIA provides that information is exempt where its disclosure would, or would be likely to, prejudice the prevention or detection of crime.

 

The information withheld under this exemption consists of detailed technical specifications, infrastructure architecture, service configurations, network topology, cyber security controls, disaster recovery configurations and operational procedures.

 

OCC considers that disclosure of this level of technical detail would provide information about the design and operation of its information technology infrastructure and security arrangements. Making that information publicly available would be likely to assist individuals seeking to identify or exploit potential vulnerabilities, circumvent security measures or undertake unauthorised or criminal activity against the OCC’s systems.

 

OCC has considered whether the information could be disclosed in part. High-level descriptions of the services, implementation, migration, support, resilience and governance arrangements have been provided, while the detailed information that would reveal security-sensitive operational arrangements has been withheld.

 

OCC recognises the public interest in transparency concerning its information technology arrangements, the procurement of services and the use of public funds. Disclosure may assist the public in understanding how OCC has approached the migration and management of its infrastructure.

 

However, there is a substantial public interest in protecting OCC’s systems and information from unauthorised access, disruption and criminal activity. Disclosure of detailed infrastructure and security information would be likely to increase the risk to OCC’s systems and the services that depend upon them.

 

Having considered the competing factors, OCC considers that the public interest in maintaining the exemption outweighs the public interest in disclosing the detailed security-sensitive information.

 

Section 43(2) of the FOIA provides that information is exempt where its disclosure would, or would be likely to, prejudice the commercial interests of any person, including a company or public authority.

 

The information withheld under this exemption consists of certain proprietary supplier service descriptions, detailed operational material and detailed pricing schedules.

 

OCC considers that disclosure of this information would be likely to reveal non-public information concerning the supplier’s service arrangements, methods and detailed pricing structure. Disclosure would be likely to provide competitors with information that could be used to the supplier’s commercial disadvantage in future procurement exercises and commercial negotiations.

 

The disclosure of detailed pricing information may also affect OCC’s position in future negotiations for comparable services by revealing detailed pricing arrangements that are not otherwise publicly available.

 

OCC has considered whether partial disclosure could be made. It has therefore disclosed the name of the contractor, the procurement route, the contract commencement date, the initial term, the extension provisions, the estimated overall value and the estimated annual value. It has withheld only the more detailed proprietary and pricing information to which the exemption applies.

 

OCC recognises the public interest in openness and accountability in public procurement. There is a legitimate public interest in understanding the value, duration and nature of contracts entered into by the OCC and in assessing whether public money is being used appropriately.

 

OCC has addressed that interest by disclosing the principal contract information and high-level descriptions of the services and delivery arrangements.

 

There is also a public interest in protecting fair competition and avoiding unwarranted prejudice to the commercial position of a supplier. Disclosure of detailed proprietary service information and pricing structures could place the supplier at a competitive disadvantage and could affect the OCC’s ability to obtain value for money in future procurements and negotiations.

 

Having considered the competing factors, OCC considers that the public interest in maintaining the exemption outweighs the public interest in disclosing the detailed proprietary and pricing information.

 

The categories of information held, disclosed and withheld, together with the exemptions applied, have been identified in the answers above. A separate document schedule has not been provided as part of this response.

 

In accordance with section 16 of the FOIA, which relates to the duty to provide reasonable advice and assistance, OCC has provided the following links to information that may assist you.

 

The Cabinet report entitled Migration from Data Centre to Microsoft Azure, which was considered by Cabinet on 17 April 2024, provides high-level information about the background to the procurement, the proposed migration and the contracting approach. It is available here.

 

The agenda page for the Cabinet meeting held on 17 April 2024 is available here.

 

OCC also publishes information about its current contracts and procurement arrangements on its website here.

 

These links are provided to assist you in accessing relevant information that is already publicly available. They do not affect the application of sections 31(1)(a) and 43(2) to the detailed security-sensitive and commercially sensitive information identified above.

 

If you disagree with any part of the response to your request, you are entitled to ask the Council for an internal review of the decision(s) made.  You may do this by writing to the Monitoring Officer, by either email monitoringofficer@oxford.gov.uk – or by post to Monitoring Officer, Oxford City Council, Town Hall, St Aldate’s, Oxford, OX1 1BX.  After the result of the internal review, if you remain dissatisfied, you may ask the Information Commissioner to intervene on your behalf.  You may do this by writing to the Information Commissioner's Office, Wycliffe Lane, Wilmslow, Cheshire, SK9 5AF.

 

Yours sincerely,

 

 

Freedom of Information Officer

 

| Freedom of Information Team | Law & Governance | Oxford City Council | Town Hall | St Aldate’s | Oxford | OX1 1BX |

Documents

There are no documents for this release.

This is Oxford City Council's response to a freedom of information (FOI) or environmental information regulations (EIR) request.

You can browse our other responses or make a new FOI request.