Information request and response under the Freedom of Information (Scotland) Act 2002
FOI Reference: FOI/202300374618
Date received: 5 September 2023
Date responded: 27 September 2023
REQUEST UNDER THE FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 (FOISA)
Thank you for your request dated 5 September 2023 under the Freedom of Information (Scotland) Act 2002 (FOISA).
Request for information 1: Has Social Security Scotland ever held a CE+ accreditation?
Request for information 2: Does Social Security Scotland hold a valid CE+ accreditation for the financial year 2022/2024?
Request for information 3: Has Social Security Scotland ever unsuccessfully attempted to attain a CE+ accreditation and if so, why was it unsuccessful?
Request for information 4: When was the last time that Social Security Scotland carried out a full disaster recovery test including a test of being able to restore fully, core systems from backups?
Response to your request
Request for information 1:
Social Security Scotland has previously held a Cyber Essentials Plus accreditation.
Request for information 2:
We have interpreted your request to relate to the financial year 2023/2024. Social Security Scotland does not currently hold a Cyber Essentials Plus accreditation (see response to question 3).
Request for information 3:
An engagement was undertaken with a Cyber Essentials accessor. Social Security Scotland routinely perform a range of assurance activity in relation to cyber security, however given the expansion and complexity of our entirely cloud-based environment it was agreed that Cyber Essentials Plus was not a suitable assurance approach.
Request for information 4:
Recovery tests are regularly completed on individual core systems and a full recovery exercise is scheduled within 2023/24.
Social Security Scotland is committed to publishing responses to requests. The Scottish Government also publishes responses to requests. You can view the responses at http://www.gov.scot/foi-responses.