IT Services and Software Provision
Reference: 25-26213
Date response sent: 18/08/2025
Details of enquiry
I am writing under the Freedom of Information Act 2000 to request information about several systems and services in use at Tavistock and Portman NHS Foundation Trust. My inquiries are as follows:
| Technology | Supplier | Product / System Name | Contract Ending Date |
| Remote consultation system provider | Zoom | Zoom | ? |
| Electronic document management system | Trustmarque | Microsoft 365 | ? |
| Patient administration system | Advanced | Carenotes | ? |
| Computer hardware provider (laptops, PCs, smartphones, tablets, iPads etc) | Telefonica | ? | ? |
| Cyber security services | NHS England | ? | ? |
| Cyber security services | Xxxxxxxx | ? | ? |
| Electronic patient record | Advanced | Carenotes | ? |
| Payroll system | Equinti | Oracle | ? |
| Cloud provider | Microsoft | ? | ? |
| Cyber security services | Xxxxxxx | ? | ? |
Response sent
| Technology | Supplier | Product / System Name | Contract Ending Date |
| Remote consultation system provider | Zoom | Zoom | 01/02/26 |
| Electronic document management system | Not applicable | Not applicable | Not applicable |
| Patient administration system | Advanced | Carenotes | 28/02/26 |
| Computer hardware provider (laptops, PCs, smartphones, tablets, iPads etc) | Dell
Telefonica |
Lattitude | N/A outright purchase |
| Cyber security services | NHS England | Unknown | unknown |
| Cyber security services | Data Withheld s31a FOIA * | Data Withheld s31a FOIA * | Data Withheld s31a FOIA * |
| Electronic patient record | Advanced | Carenotes | 28/02/26 |
| Payroll system | Civica | Payroll | 31/03/26 |
| Cloud provider | Microsoft | O365 | 15/05/26 |
| Cyber security services | Data Withheld s31a FOIA * | Data Withheld s31a FOIA ** | Data Withheld s31a FOIA ** |
The Trust is withholding data concerning its Cyber Security services and has engaged exemption from publication under s.31(a) of the FOIA, Law Enforcement: the prevention or detection of crime, this is a qualified exemption that requires the authority to carry out the public interest test. We have carried out the public interest test and have set out below the public interest arguments which we have considered:
Arguments in favour of disclosure:
- Promoting accountability and transparency on how public funds are utilised and spent
Arguments in favour of maintaining the exemption:
- The Trust has a duty to ensure that its information systems and assets are kept secure
- Disclosure of the requested information could facilitate criminal activity, in particular cybercrime, and especially when combined with other information already in the public domain or which could be gleaned from other sources, including any information that the Trust has previously provided or may be forced to disclose in the future.
- Disclosure of the requested information could, therefore, increase vulnerability to malicious attack, including the corruption or loss of data, software, hardware or other equipment, which would impact on the Trust’s ability to provide essential services
- These vulnerabilities could extend to suppliers on whose services the Trust relies.
Balance of Argument for Disclosure/Exemption from Disclosure
We have concluded that, on balance, the public interest in maintaining the exemption outweighs the public interest in disclosure.