Official probe into HPE’s Oz 3Par crashes would create 'further negative publicity' if revealed
And that’s one reason why The Register has been denied access to the final document
The final report into the two major failures of HPE 3Par storage area networks at the Australian Taxation Office (ATO) would likely lead to “further negative publicity” for the vendor – which is one reason the ATO has decided not to release the document.
It later emerged that the ATO had disabled error reporting on the storage area networks, so missed signs of things going awry. The ATO also did not have a failover rig in place in case of an breakdown because it couldn’t afford one, and was also unprepared for outages.
In the aftermath of the IT cockups, the ATO asked tech services giant DXC, which installed the storage boxes, to compile a final report on the matter.
That report has been finished, and is in the hands of ATO officials. It apparently reveals no new details on the 3Par problems. However, the report wasn't made public, so The Register therefore made a freedom of information request to access the document, as we felt its contents could offer 3Par users around the world something useful, and/or shed light on how the ATO’s actions had impacted citizens’ affairs.
But that request was denied.
Our reading of the ATO’s reasoning is that the report describes proprietary methodologies that HPE and DXC use to design and deploy 3Par SANs, and that if that information were to be available that could hurt HPE. Another reason offered was that all three parties had no expectation that the design and methodological information would ever become public, and that if it did, the ATO could look leaky and that wouldn’t help it do business with its myriad suppliers.
Crucially, the denial letter we were sent also mentioned that disclosing the final report raised “the prospect of further negative publicity it could generate for HPE” as “the format and context of the information together with HPE’s transparent approach and the proprietary methodology deployed which would have an unreasonable adverse effect if it was to be released.”
The Register is therefore considering an appeal of this decision. If we proceed, it won’t be to generate “further negative publicity” for HPE, the ATO nor DXC. Rather, the mere mention of the possibility suggests that some facts in the report will show one or all of the organizations have something to hide.
Watch this space. ®
Sponsored: Becoming a Pragmatic Security Leader