I propose to take Questions Nos. 161 to 164, inclusive, together.
The responsibility for operational and security policies at the Central Bank is a matter for the Central Bank Commission and the Governor of the Central Bank. Section 33AK of the Central Bank Act 1942 (as amended) sets out the disclosure of information obligations of those employed or engaged by the Central Bank. I have been informed by the Central Bank that it is the general practice to require third party suppliers/contractors to sign a Section 33AK declaration, whereby the contractor or supplier acknowledges that it has been made aware of the secrecy provisions of the Central Bank Acts and agrees to notify each of its employees engaged in providing services or supplies to the Central Bank of such obligations, and, where appropriate, have that employee sign a separate Section 33AK declaration in his or her own name. This ensures that all persons (both the company and individual employees of that company), are subject to both statutory and contractual obligations in respect of confidential information and compliance with Section 33AK.
Furthermore, I have been informed by the Central Bank that it is a registered organisation with the Garda Vetting Unit, and this unit, with the approval of the subject of enquiry, makes criminal history disclosures of such enquiries to the Central Bank. The policy of the Central Bank is to conduct Garda vetting for all employees and also for any third party service providers or contractors who qualify for unaccompanied access to Central Bank premises. The policies of the Central Bank with regard to employees and third party service providers are to ensure that appropriate controls and legal conditions are in place to prevent unauthorised disclosure of Central Bank data.
In the case of the service provider named by the Deputy, it is a specific condition of the contract that Garda vetting checks may be undertaken if directed by the Central Bank. In addition, the service provider is under an express contractual obligation to the Central Bank to ensure those working on Central Bank services are made aware of their professional secrecy obligations arising under Section 33AK of the Central Bank Act 1942 (as amended), including their duties with respect to maintaining confidential information of the Central Bank and the fact that contravention of Section 33AK (1) is a criminal offence. (In this context it should also be noted that this service provider does not have access to any of the Central Bank's business applications. The security of the technical aspects of the systems are achieved through a combination of physical and logical protections, procedural and process protections, security features including encryption where necessary and on-going monitoring and reporting features).
In relation to the outsourcing of IT services, the Central Bank selected Hewlett Packard as a result of an open tendering process in compliance with the strict guidelines laid down by the EU public procurement process. I am informed by the Central Bank that a robust business case in which a number of alternatives were investigated thoroughly and compared across a number of criteria, including cost, was produced and was approved by the Central Bank Commission. The costs agreed with the provider are commercially sensitive and are not available for release. However the approach taken by the Central Bank was considerably advantageous on cost when compared to the alternatives examined.
The Central Bank has notified me that the migration of data centre services to Hewlett Packard will be fully completed in the coming weeks. A phased migration approach was adopted as part of a fixed price contract and the first live services began in May 2013, with the majority of the services running from the Hewlett Packard premises since September/October 2013. The migration timeframe included a number of months delay arising from a range of factors. The residual service migration is currently under way and is scheduled to complete by end April 2014.