Electronic Patient Record system

​Request 810188915

For your current ePCR solution, please provide the following: 

1. Endpoint Security, MDM & Compliance 

Please confirm the following for ePCR-related mobile devices (tablets, ruggedised devices, etc.): 

• Whether Microsoft Advanced Threat Protection / Defender for Endpoint is used. 

• If not, please confirm the alternative endpoint protection solution. 

• MDM or mobile security platform used (e.g., Intune, AirWatch, MobileIron, Samsung Knox). 

• Minimum OS version requirements and patch/update policies. 

• Update window requirements (e.g., iOS must be updated within X weeks of release). 

2. Hosting & System Architecture 

• Hosting model (SaaS, cloud, private cloud, on-premise). 

• Cloud provider (if applicable). 

• Any documented disaster recovery or failover arrangements.

Response

1. Endpoint Security, MDM & Compliance

Disclosure of detailed information would be likely to prejudice the security of systems. Accordingly, this information is exempt from disclosure under Article 42 (Law Enforcement) of the Freedom of Information (Jersey) Law 2011 has therefore been applied.

2. Hosting & System Architecture

Cloud provider

The nature of the direct award basis means that the documentation related to this procurement is deemed commercially sensitive and is exempt under Article 33(b) (Commercial Interests) of the Freedom of Information (Jersey) Law 2011.

Hosting model and Documented disaster recovery or failover arrangements

Disclosure of detailed information would be likely to prejudice the security of systems. Accordingly, this information is exempt from disclosure under Article 42 (Law Enforcement) of the Freedom of Information (Jersey) Law 2011 has therefore been applied

The Government of Jersey holds management information and internal reporting relating to cloud expenditure and cost management which is provided to senior management as part of routine financial and operational governance.

However, the Government does not disclose copies of internal management reports, dashboards, or governance packs, as they contain commercially sensitive financial information and internal operational detail.

This information can also expose GoJ security configuration.

This information is exempt under:

Articles applied

Article 33 - Commercial interests

Information is qualified exempt information if –

(a) it constitutes a trade secret; or

(b) its disclosure would, or would be likely to, prejudice the commercial interests of a person (including the scheduled public authority holding the information).

Article 42 - Law enforcement

Information is qualified exempt information if its disclosure would, or would be likely to, prejudice –

(a) the prevention, detection or investigation of crime, whether in Jersey or elsewhere;

(b) the apprehension or prosecution of offenders, whether in respect of offences committed in Jersey or elsewhere;

(c) the administration of justice, whether in Jersey or elsewhere;

(d) the assessment or collection of a tax or duty or of an imposition of a similar nature;

(e) the operation of immigration controls, whether in Jersey or elsewhere;

(f) the maintenance of security and good order in prisons or in other institutions where persons are lawfully detained;

(g) the proper supervision or regulation of financial services; or

(h) the exercise, by the Jersey Financial Services Commission, of any function imposed on it by any enactment.

Public Interest Test

It is recognised that there is a public interest in providing information in a transparent manner, however this public interest is not considered to outweigh the interests of the government in preventing cyber-crime or maintaining the integrity of its law enforcement assets. It is considered that the release of this information may increase risks, particularly in view of major cyber-attacks that have occurred in other jurisdictions in recent years.​​