FOI Request 2166

Subject: Contracts for Firewall, Anti-virus, Microsoft Enterprise Agreement, and Power BI

Status: Complete

Date received: June 2025

Question Asked:

I am conducting a research project into how public sector organisations procure cyber security services and enterprise software platforms. As part of this, I would be grateful if you could provide the most recent contract information you hold for the following areas:

1. Standard Firewall (Network)

Firewall services that protect the organisation’s network from unauthorised access and other internet security threats.

2. Anti-virus Software Application

Programs designed to prevent, detect and remove viruses, malware, trojans, adware and related threats.

3. Microsoft Enterprise Agreement

A volume licensing agreement that may include:

• Microsoft 365 (Office, Exchange, SharePoint, Teams)

• Windows Enterprise

• Enterprise Mobility + Security (EMS)

• Azure services (committed or pay-as-you-go)

4. Microsoft Power BI

Or any alternative business intelligence platform used for data connectivity, dashboards, and reporting.

For each of the above areas, I kindly request the following:

1. Who is the existing supplier for this contract?

2. What is the annual spend for each contract?

3. What is the description of the services provided?

4. Primary brand (where applicable)

5. What is the start date of the contract?

6. What is the expiry date of the contract?

7. What is the total duration of the contract?

8. Who is the responsible contract officer?

   - Please include at least their job title, and where possible, name, contact number, and direct email address

9. How many licences or users are included (where applicable)?

Our Response:

Please see our response below to your Freedom of Information Request:

1. Standard Firewall (Network)

I can confirm that Cheshire Fire and Rescue Service (CFRS) do hold this information.

The Freedom of Information Act provides a number of exemptions from the requirement to release certain information. After careful consideration and advice from the IT Security Department (CFRS IT function is a joint collaboration with Cheshire Police) we regret to inform you that we are unable to disclose information in relation to the Network Firewall.

The decision not to disclose has been made in accordance with Section 24 (1) - Safeguarding National Security.

Public Interest Test.

In Applying this exemption, we have considered the Public Interest Test as required by the Act. While we acknowledge the public interest in transparency and accountability. We have determined that the public interest in protecting the security of individuals outweighs the interest of disclosure in this instance.

Factors for disclosing considered

There is a public interest in disclosing information as it contributes to the public understanding and accountability of public money.

It demonstrates openness and transparency in our decision making processes.

Factors for not disclosing considered

A response under FOI is deemed to be a response to “the world at large” and releasing information about our Firewall could result in a person using this information for malicious intent,

To disclose this information could allow potential threat actors to gain knowledge of the hardware makes and models and could use that information to target vulnerabilities in the products.

If our systems were compromised this could severely impact our ability to respond to emergency situations.

2. Anti-virus Software Application

The Freedom of Information Act provides a number of exemptions from the requirement to release certain information. After careful consideration and advice from the IT Security Department (CFRS IT function is a joint collaboration with Cheshire Police) we regret to inform you that we are unable to disclose information in relation to the Anti-Virus Software Application.

The decision not to disclose has been made in accordance with Section 24 (1) - Safeguarding National Security.

Public Interest Test.

In Applying this exemption, we have considered the Public Interest Test as required by the Act. While we acknowledge the public interest in transparency and accountability. We have determined that the public interest in protecting the security of individuals outweighs the interest of disclosure in this instance

Factors for disclosing considered

There is a public interest in disclosing information as it contributes to the public understanding and accountability of public money.

It demonstrates openness and transparency in our decision making processes.

Factors for not disclosing considered

A response under FOI is deemed to be a response to “the world at large” and releasing information about our Anti-Virus Software Application could result in a person using this information for malicious intent.

To disclose this information could allow potential threat actors to gain knowledge of the hardware makes and models and could use that information to target vulnerabilities in the products.

If our systems were compromised this could severely impact our ability to respond to emergency situations.

3. Microsoft Enterprise Agreement

The enterprise agreement has been renewed with SCC recently.

The information is publicly available on the following public contract database, you can view by clicking the following link:

Sell2

You can search contracts by name or reference number and filter in order to see contracts for Cheshire Fire Authority only, then select a contract to view the details. The reference number for this contract is CPA/SPU/2552F.

4. Microsoft Power BI

Cheshire Fire and Rescue Service are exploring the use of Power BI for a specific piece of work. However, this is very much in its pilot stage.

Outcome: Partial Data Held

FOI responded to within timescales: YES

Further action: NO