Information relating to Cyber Security: FOI release

FOI Reference: FOI/202300374618
Date received: 5 September 2023
Date responded: 27 September 2023

Your request

Request for information 1

Has Social Security Scotland ever held a CE+ accreditation?

Request for information 2

Does Social Security Scotland hold a valid CE+ accreditation for the financial year 2022/2024?

Request for information 3

Has Social Security Scotland ever unsuccessfully attempted to attain a CE+ accreditation and if so, why was it unsuccessful?

Request for information 4

When was the last time that Social Security Scotland carried out a full disaster recovery test including a test of being able to restore fully, core systems from backups?

Response to your request

Request for information 1

Social Security Scotland has previously held a Cyber Essentials Plus accreditation.

Request for information 2

We have interpreted your request to relate to the financial year 2023/2024. Social Security Scotland does not currently hold a Cyber Essentials Plus accreditation (see response to question 3).

Request for information 3

An engagement was undertaken with a Cyber Essentials accessor. Social Security Scotland routinely perform a range of assurance activity in relation to cyber security, however given the expansion and complexity of our entirely cloud-based environment it was agreed that Cyber Essentials Plus was not a suitable assurance approach.

Request for information 4

Recovery tests are regularly completed on individual core systems and a full recovery exercise is scheduled within 2023/24.

About FOI

Social Security Scotland is committed to publishing responses to requests. The Scottish Government also publishes responses to requests. You can view the responses at http://www.gov.scot/foi-responses.