Skip to main content
Menu

Software (2021)

Request

  1. Please advise what technologies (including version) you use for: HR, Payroll, L&D, Finance, Procurement, Contract Centre

  2. Please advise if any of the [named] services are outsourced to third parties, and if so, when does the contract end?



Response

1) Please advise what technologies (including version) you use for:

This information is held by the House of Commons.

Please note that some software used by the House of Commons are also used by the Parliamentary Digital Service (PDS), which is a joint, bicameral service which provides technology and communications services to both the House of Commons and the House of Lords. While the two Houses of Parliament are separate public authorities for the purposes of the Freedom of Information Act 2000 (FOIA), information about software used by PDS is bicameral information and this information therefore covers both Houses. For information about software used solely by the House of Lords, you may wish to forward your request to foilords@parliament.uk.

The names of the different pieces of technology being used by the House of Commons.
All are used by both the House of Commons and the PDS, except for Allocate ER Tracker – Case Management, which is only used by the House of Commons.

Information about the versions of different software currently being used is exempt from disclosure by virtue of sections 31 and 24 FOIA.

Section 31 – Law enforcement

The House considers that disclosing information about the versions of software being used by the House of Commons and PDS would be likely to prejudice the prevention or detection of crime. Therefore, this information is exempt by virtue of Section 31(1)(a) FOIA. This is a qualified exemption and the public interest test applies.
We accept the legitimate public interest in being transparent about what software public money is being spent on. It is also important that the public has confidence that the House’s computer systems and the parliamentary network are up-to-date and secure. However, this is outweighed by the risks of criminal activity being undertaken if the information was disclosed. The release of this material could provide valuable information to those wishing to launch a cyber-attack against the House of Commons. Knowledge of version numbers may allow cyber-attackers to build up a picture of the House’s policies and processes for updating software. This would be useful to them if a particular version of software had vulnerability that they were aware of or if it had become unsupported. Another factor that favours withholding the information is the possibility of a “mosaic effect”, whereby this information could be combined with other information already in the public domain or obtained from elsewhere, in order to build a more complete picture of our security arrangements. This is particularly concerning in the field of cyber security, where small details may appear harmless but are capable of being combined with other information to breach or bypass security measures.
In these circumstances it is our view that the public interest in maintaining the exemption outweighs the public interest in disclosing the information.

Section 24 – National security

The House also considers that withholding from disclosure information about the versions of software being used by the House of Commons and PDS is necessary for the purpose of safeguarding national security. This information is therefore also exempt by virtue of Section 24 FOIA. This is a qualified exemption and the public interest test applies.
Again we have considered the legitimate public interest in being transparent about the spending of public money by the House of Commons on software. It is also important that the public has confidence that the House’s computer systems and the parliamentary network are up-to-date and secure. However, we consider that it is not in the wider public interest to disclose this information because, as well as the risk posed to the security of Parliament’s IT network, there is also a risk of national security being compromised. Parliament is an essential part of the UK’s system of government. The disclosure of this information is extremely likely to assist the design of attacks against the network, jeopardising the security of information necessary for the proper functioning of the Government in Parliament. Knowledge of version numbers may allow cyber-attackers to build up a picture of the House’s policies and processes for updating software. This would be useful to them if a particular version of software had vulnerability that they were aware of or if it had become unsupported. Groups planning attacks are known to conduct extensive research and to disclose this information could potentially provide those groups or individuals with an indication of where to focus their efforts when targeting our systems.
The wider public interest is therefore to favour non-disclosure.

2) Please advise if any of the [named] services are outsourced to third parties, and if so, when does the contract end?

This information is held by the House of Commons. None of the services to which you refer are outsourced to third parties.