University Hospitals Bristol and Weston NHS Foundation Trust's Digital Services Department provides digital and IM&T support and services to approximately 13,000 staff across three major sites in Bristol city centre, south Bristol and Weston.
Our support services are designed using ITIL® methodologies and projects are managed in accordance with PRINCE2. Digital Services is a multi-discipline department consisting of over 360 employees with a range of teams; please see our organisational structure for further information.
| Steve Gray |
Chief Information Officer (CIO) |
| Mike Ledbury |
Digital Convergence Programme Director |
| Chris Berrington |
Chief Technology Officer (CTO) |
| Paul Faulkner |
Head of Informatics |
| Simon Walrond |
Digital Services General Manager |
Email: DigitalServicesAdmin@uhbw.nhs.uk
|
Digital Services Capital Allocation
|
2021/2022
|
|
Total 21/22
|
£11,258,123
|
Digital Services Other Schemes
|
Scheme
|
Full Year Allocation
|
|
Trustwide Pc Replacement 21-22
|
£1,485,000
|
|
Total
|
£1,485,000
|
Digital Services Strategy
|
Scheme
|
Full Year Allocation
|
|
Server Upgrade And Refresh
|
£141,441
|
|
Microsoft 365 Deployment
|
£37,767
|
|
Consultancy & Surveys
|
£80,954
|
|
Professional Training Services
|
£31,412
|
|
In House Storage
|
£8,055
|
|
Medway Pds
|
£7,250
|
|
Gde
|
£1,369,568
|
|
Server Recharges
|
£310,718
|
|
Electronic Patient Record(Epr)
|
£74,328
|
|
Cyber Security Resilience
|
£140,000
|
|
Server Upgrade & Refresh 20/21
|
£46,160
|
|
Network Upgrade &Refresh 20/21
|
£599,246
|
|
New Devices & Mobility 20/21
|
£404,198
|
|
Computer Room 2 Replacement
|
£285,914
|
|
Server Upgrade&Refresh 21-22
|
£1,291,000
|
|
Network Upgrade&Refresh 21-22
|
£579,000
|
|
New Devices & Mobility 21-22
|
£200,000
|
|
Total
|
£5,607,011
|
Digital Services Weston
|
Scheme
|
Full Year Allocation
|
|
Weston IM&T Infrastructure
|
£3,775,100
|
|
Total
|
£3,775,100
|
Op Cap - Digital Services
|
Scheme
|
Full Year Allocation
|
|
Bid 255 - Notification System
|
£18,443
|
|
A&A System-wide IT Solution
|
£221,510
|
|
THQ Conference Room Av
|
£2,888
|
|
Patient Entertainment
|
£148,171
|
|
Total
|
£391,012
|
University Hospital Bristol and Weston NHS Foundation Trust can neither confirm nor deny whether information is held under section 31(3) of the FOIA. The full wording of section 31 can be found here: http://www.legislation.gov.uk/ukpga/2000/36/section/31
S31(3) of the FOIA allows a public authority to neither confirm nor deny whether it holds information where such confirmation would be likely to prejudice any of the matters outlined in section 31(1). This includes information the disclosure of which would or would be likely to prejudice the prevention or detection of crime.
As section 31(3) is a qualified exemption, it is subject to a public interest test for determining whether the public interest lies in confirming whether the information is held or not.
Factors in favour of confirming or denying the information is held
The Trust considers that to confirm or deny whether the requested information is held would indicate the prevalence of cyber-attacks against the Trust’s digital infrastructure and would reveal details about the Trust’s information security systems. The Trust recognises that answering the request would promote openness and transparency with regards to the Trust’s digital security.
Factors in favour of neither confirming nor denying the information is held
Cyber-attacks, which may amount to criminal offences for example under the Computer Misuse Act 1990 or the Data Protection Act 1998, are rated as a Tier 1 threat by the UK Government. The Trust like any organisation may be subject to cyber-attacks and, since it holds large amounts of sensitive, personal and confidential information, maintaining the security of this information is extremely important.
In this context, the Trust considers that confirming or denying whether the requested information is held would provide information about the Trust’s information security systems and its resilience to cyber-attacks. There is a very strong public interest in preventing the Trust’s information systems from being subject to cyber-attacks. Confirming or denying the type of information requested would be likely to prejudice the prevention of cybercrime, and this is not in the public interest.
Balancing the public interest factors
The Trust has considered that if it were to confirm or deny whether it holds the requested information, it would enable potential cyber attackers to ascertain how and to what extent the Trust is able to detect and deal with digital security attacks. The Trust’s position is that complying with the duty to confirm or deny whether the information is held would be likely to prejudice the prevention or detection of crime, as the information would assist those who want to attack the Trust’s digital systems. Disclosure of the information would assist a hacker in gaining valuable information as to the nature of the Trust’s systems, defences and possible vulnerabilities. This information would enter the public domain and set a precedent for other similar requests which would, in principle, result in the Trust being in a position where it would be more difficult to refuse information in similar requests. To confirm or deny whether the information is held is likely to enable hackers to obtain information in mosaic form combined with other information to enable hackers to gain greater insight than they would ordinarily have, which would facilitate the commissioning of crime such as hacking itself and also fraud. This would impact on the Trust’s operations including its front-line services. The prejudice in complying with section 1(1)(a) FOIA is real and significant as to confirm or deny would allow valuable insight into the perceived strengths and weaknesses of the Trust’s digital systems.