Combined Shape Created with Sketch. !

Information relating to Cyber Security: FOI release

Information request and response under the Freedom of Information (Scotland) Act 2002

FOI Reference: FOI/202300374618
Date received: 5 September 2023
Date responded: 27 September 2023


Thank you for your request dated 5 September 2023 under the Freedom of Information (Scotland) Act 2002 (FOISA).

Your request

Request for information 1: Has Social Security Scotland ever held a CE+ accreditation?

Request for information 2: Does Social Security Scotland hold a valid CE+ accreditation for the financial year 2022/2024?

Request for information 3: Has Social Security Scotland ever unsuccessfully attempted to attain a CE+ accreditation and if so, why was it unsuccessful?

Request for information 4: When was the last time that Social Security Scotland carried out a full disaster recovery test including a test of being able to restore fully, core systems from backups?

Response to your request

Request for information 1:

Social Security Scotland has previously held a Cyber Essentials Plus accreditation.

Request for information 2:

We have interpreted your request to relate to the financial year 2023/2024. Social Security Scotland does not currently hold a Cyber Essentials Plus accreditation (see response to question 3).

Request for information 3:

An engagement was undertaken with a Cyber Essentials accessor. Social Security Scotland routinely perform a range of assurance activity in relation to cyber security, however given the expansion and complexity of our entirely cloud-based environment it was agreed that Cyber Essentials Plus was not a suitable assurance approach.

Request for information 4:

Recovery tests are regularly completed on individual core systems and a full recovery exercise is scheduled within 2023/24.

About FOI

Social Security Scotland is committed to publishing responses to requests. The Scottish Government also publishes responses to requests. You can view the responses at

Sign up to our newsletter

If you are an organisation or individual who works with people who may need information or support on any of our benefits, sign up to our stakeholder newsletter.

We'll never send you content you haven’t asked for and you can opt out at any time.

Please enter a valid email address

Read our privacy policy