IT

I am writing to make an open government request for all the information to which I am entitled under the FOI Act 2000.

Can you please provide an update on your Trust’s Infrastructure, including aspects of SaaS, Messaging, and eProcurement? The questions are in the attached spreadsheet, which I would be grateful if you could fill in.

I am writing under the Freedom of Information Act 2000 to request the following information;

1) Has your organisation been notified of any data breach or security incident in the last 3 years involving systems built upon or integrated with Salesforce?

2) Has your organisation experienced, or been informed of, any incidents relating to procurement or contract management systems that operate using Salesforce, namely the Atamis e-Procurement suite of software?

Please provide details of;

• The date the incident occurred
• The nature of the compromised data (such as commercial, personal, financial)
• If the breach was reported to the Information Commissioner’s Office
• Any remedial action taken by your organisation

3) Further to this, has your organisation undertaken any risk assessments in relation to the use of systems integrated with Salesforce. If so, please provide a summary of the findings.

To whom it may concern, I am writing to request information under the Freedom of Information Act 2000 regarding the cyber security of your NHS Trust, specifically relating to incidents and the current measures in place to mitigate such threats. 1. Ransomware incidents (FY2022–FY2025) Please confirm whether any digital systems within hospitals managed by your NHS Trust were affected by ransomware attacks during the financial years 2022–2023 through to 2024–2025 (inclusive). If yes: How many separate ransomware incidents occurred within this period? For each incident, please provide: The date or month of occurrence A brief description of the nature of the attack (e.g. type of ransomware, point of system entry, services impacted) 2. Data breaches following cyber incidents (FY2022–FY2025) Were any data breaches reported as a result of ransomware or other cyber incidents during this period? If yes, please provide for each breach: The type(s) of data affected (e.g. patient records, staff information) The specific impacts of each breach, categorised as follows (where applicable): Loss of patient data Loss of staff data Disruption to patient services (please specify which services, if known) Disruption to operational processes Financial impact (e.g. cost of recovery, penalties, compensation, etc.) Other impacts – please specify 3. Current cyber security measures (as of date of request) Please list all cyber security measures and protocols currently in place across the Trust. These may include, but are not limited to: Cyber insurance (including provider and coverage if available) Internal and external firewall systems Use of multi-factor authentication (MFA) for user accounts Access control systems for sensitive data and critical systems Anti-virus and anti-malware protection Cyber security training or awareness programmes for employees Regular penetration testing or security audits (please specify frequency) Existence and status of an incident response plan (e.g. last updated date) I look forward to your reply.

I am submitting this request under the Freedom of Information Act 2000.
Please provide the following information:

1. Access to Testing Clinical Information Systems

o What is the approval process by which an external organisation may apply or request to connect with the trust’s test clinical systems of record. (e.g. EMR, EHR, PACS)
o Which internal teams, roles, or committees are responsible for approving such a connection?
o What steps are involved in obtaining the necessary permissions or agreements to establish such a connection?
o What is the entry point for this process? e.g. email address or webform.

2. Access to Production Clinical Information Systems

o What is the approval process by which an external organisation may apply or request to connect with the trust’s production clinical systems of record. (e.g. EMR, EHR, PACS)
o Which internal teams, roles, or committees are responsible for approving such a connection?
o What steps are involved in obtaining the necessary permissions or agreements to establish such a connection?
o What is the entry point for this process? e.g. email address or webform.

At this point we’re not asking for information regarding the technical specifics of the trust’s internal systems. We are only requesting information on the trust’s approval and decision making processes.

I would like to request information on your organisation under the Freedom of Information Act.
SIP Trunking
Have you implemented SIP?
If yes, when does the contract expire?
Who is your SIP provider?
The email address of the primary contact for this contract?

Telephony
What is your current telephony system?
How many users of the telephony system?
When is the contract up for renewal?
The email address of the primary contact for this contract?

Team Telephony
Have you voice enable your Teams Licences?
If yes, when does the contract expire?
If not, is that something you are considering?

Contact Centre
What is the manufacturer of your contact centre.
How many concurrent agents do you have.
Who supplied and maintains the contact centre When does the contract expire

I’m contacting you as part of an independent review into the use of Electronic Document Management Systems (eDMS) across NHS Trusts in England. Specifically, I’m seeking information on how digitised patient records are processed, scanned, and managed within your Trust as I have seen from a previous request that I have need of further clarification on.

The questions below focus on scanning operations and any technology or providers involved.

**eDMS Implementation and Scanning Practices**

1. How is content added to your eDMS? (Please delete as appropriate)

– Scanned Internally by Trust Staff
– Scanned Internally by a Company
– Scanned Externally by a Company
– Digital Documents Uploaded by Trust Staff
– Digital Documents Fed Through From Other Systems

2. If records are scanned internally by Trust staff, is this undertaken via a centralised scanning bureau or departmentally?

3. If some, or all records are scanned externally, what is the scanning service provider(s) company name(s)?

4. What is the scanning service provider’s contract expiry date?

5. If some, or all records are scanned via an internal, centralised scanning bureau, please specify the scanning hardware manufacturer and device models that are in use (e.g. 54Falcon Scanners by Opex Corporation 6).

6. If some, or all records are scanned internally at a departmental level, please confirm if desktop scanners or Multi-Function Devices (MFDs) are used. (Please delete as appropriate)
o Desktop Scanner
o Multi-Function Device (MFD)

7. Please specify the scanning hardware manufacturer and device models that are in use at a departmental level.

I wish to submit to the organisation a freedom of information request relating to the organisation’s ICT contracts, specifically around:
1. contact centre contract(s)
2. inbound network services contract (s)
The first part of my request relates to contact centre service contracts which could relate to one of the following:

1. Advanced call distribution to control the flow of calls and maximise customer experience
2. Email, website live chat and integrations with popular social media apps like Facebook and Instagram
3. Performance monitoring tools to track performance, customer satisfaction and other key sales metrics

This could be part of a whole package or separate service applications.

Please send me the following information for each provider:

1. Incumbent Supplier: For each of the contract(s) please can you provide me with the supplier of the contract.

2. Annual Average Spend: For each supplier, please state the annual average (over 3 years) spend for each supplier

3. Contract Duration: For each supplier, please state the contract duration of the contract expires. If available please also include any contract extensions.

4. Contract Expiry: For each supplier, please state the date of when the contract expires.

5. Contract Review: For each supplier, please state the date of when the contract will be reviewed.

6. Contract Description: For each supplier, please state a brief description of the services provided of the overall contract.

7. Contact Details: For each supplier, please state the person from within the organisation responsible for the contract. Please provide me with their full name, actual job title, contact number and direct email address. At the very least please provide me with their actual job title.

8. Number of Agents; please provide me with the total number of contact centre agents;

9. Number of Sites; please can you provide me with the number of sites the contact centre covers.

10. Manufacturer of the contact centre: Who is the manufacturer of the contact centre system that you operate?

11. Do you use Microsoft Exchange 2003 as your email server? If not, then which products do you use?

12. Number of email users: Approximate number of email users across the organisations.

The second part of my request relates to the use inbound network services contracts which could relate to one of the following:
1. 0800, 0845, 0870, 0844, 0300 number
2. Routing of calls
3. Caller Identifier
4. Caller Profile- linking caller details with caller records
5. Interactive voice response (IVR)
For a contract relating to the above please can you provide me with?

1. Incumbent Supplier: For each of the contract(s) please can you provide me with the supplier of the contract.
2. Annual Average Spend: For each supplier, please state the annual average (over 3 years) spend for each supplier
3. Contract Expiry: For each supplier, please state the date of when the contract expires.
4. Contract Review: For each supplier, please state the date of when the contract will be reviewed.
5. Contract Description: For each supplier, please state a brief description of the services provided of the overall contract.
6. Contact Details: For each supplier, please state the person from within the organisation responsible for the contract. Please provide me with their full name, actual job title, contact number and direct email address.

Also, I would appreciate it if the contract information was included within a spreadsheet.

I would be grateful if you could help in answering a request for information, answering for A & B on questions 1-11:

Q1) When purchasing software do you manage the licenses in house or outsource this to an MSP?

Q2) Which SAAS solutions are you utilising to manage the estate across Print, Desktop, Laptop, Peripherals, software assets & Telephony?

Q3) Are you using Autopilot or Intune today?

Q4) Is there a specific team that manages your software applications today in which is separate to the hardware asset management team?

Q5) How many devices are in the estate in totality including Laptops, Desktops, Printers, Virtual environments and telephones?

Q6) Do you usually pay for your software as a CAPEX or OPEX expense?
:- also do you pay for your hardware as an CAPEX or OPEX expense?

Q7) What is the process in place to test new software implementations and who would be the lead on new software implementations & how long would this usually take?

Q8) How many meeting room spaces do you have & do you have any management tools to make the most of your meeting room spaces?

Q9) How many operating systems are managed within the estate and which ones E.G Windows, Mac OS , Linux?

Q10) Is there a DEX (digital employee experience) strategy in place within the organisation?

Q11) do you have any services in place today to Track, Lock & wipe endpoint devices even if not connected to the network or powered down?

I am writing to make an open government request for all the information to which I am entitled under the FOI Act 2000.
1. What is your whole Trust’s IT spend for the following financial year?:
FY 2023/2024 (£):
FY 2024/2025 (£):
DEFINITION: Please include in your IT spend calculation the capital and revenue cost of your IT staff, Software, Services, Hardware, Communication equipment and Other IT spend for the requested financial year.

2. Based on your most recent Digital Maturity Assessment (DMA) submission to NHS England in 2024 (and 2025, if completed), please provide the following:
a) Your overall DMA score (on a scale of 1.0 to 5.0).
b) If readily available, the individual scores for each of the seven DMA pillars:
• Empower Citizens
• Ensure Smart Foundations
• Healthy Populations
• Improve Care
• Safe Practice
• Support People
• Well Led

DEFINITION: The Digital Maturity Assessment (DMA) is a self-assessment tool used by NHS organisations to evaluate their readiness for digital transformation. The overall score is usually the average of seven pillars, each scored from 1.0 (least mature) to 5.0 (most mature). The pillars are: Empower Citizens, Ensure Smart Foundations, Healthy Populations, Improve Care, Safe Practice, Support People, and Well Led.

3. Based on your most recent HIMSS EMRAM and HIMMS INFRAM assessment/ self-assessment, please provide the following:
Which HIMSS EMRAM score have your Trust currently achieved (0-7):
Which HIMSS INFRAM score have your Trust currently achieved (0-7):
Do you have plans to reassess, if your Trust is working towards achieving a new HIMSS EMRAM or INFRAM level, what level is this, and when will it be achieved:

Definitions:
Electronic Medical Record Adoption Model (EMRAM) – is an eight-stage model, scored from stages zero (least mature) to seven (most mature). At each stage, organisations need to demonstrate a progressive and eventual removal of paper, higher pervasiveness of use and compliance statistics, and an increasing reliance on automation and clinical decision support.
Infrastructure Adoption Model (INFRAM) – The eight-stage INFRAM measures the maturity of a healthcare facility’s IT infrastructure across five areas: mobility, security, collaboration, transport and data centre.

I am writing under the Freedom of Information Act 2000 to request information about Gloucestershire Health and Care NHS Trust’s current and future plans for IT service delivery models. I believe this request is in the public interest as it promotes transparency in how public sector bodies manage and procure IT services, ensuring accountability and value for taxpayers.

Specifically, I am seeking information that would help me understand the strategic direction and considerations regarding outsourcing, in-sourcing, multi-sourcing, or optimising existing contracts.

Please provide the following information where available:
• Current IT Service Model – Is your IT delivery primarily in-house, outsourced, or a hybrid approach, and if not delivered in-house, who provides this service?
• Major IT Contracts – Key details of significant IT service contracts (including scope, value, end date and any options for extension or renegotiation).
• Future IT Plans – Any strategic plans or considerations for changing IT delivery models (e.g., outsourcing, in-sourcing, multi-sourcing).

Please could you answer the following:
1. Is your NHS organisation currently using any software/apps that include artificial intelligence (AI)?
If answer to Q1 is yes:
2. Please provide a list of any AI-based software that is currently in use within your organisation. Please include the brand name of the software and the name of the company that sells it.

3. For each of the AI-based software products currently in use, please state whether:

a. it is only being used within the context of a research study or pilot project OR

b. is has been purchased/commissioned by your organisation for routine use.