Information request and response under the Freedom of Information (Scotland) Act 2002
FOI Reference: FOI/202300379255
Date received: 3 October 2023
Date responded: 30 October 2023
REQUEST UNDER THE FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 (FOISA)
Thank you for your request dated 29 September 2023 under the Freedom of Information (Scotland) Act 2002 (FOISA).
Your request
You asked for information relating to the number of devices deployed by the Social Security Scotland organisation and our plans to procure a number of named services.
You provided a table requesting this information relating to specific devices and services and this has been reproduced in our response.
Response to your request
Our responses are contained in the below tables.
An exemption under section 35(1)(a) of FOISA applies to some of the information you have requested. This exemption applies where disclosure of information under the Act would, or would be likely to, prejudice substantially the prevention or detection of crime. To disclose the information requested would compromise our abilities to defend against cyber attacks.
This exemption is subject to the 'public interest test'. Therefore, taking account of all the circumstances of this case, we have considered if the public interest in disclosing the information outweighs the public interest in applying the exemption. We have found that, on balance, the public interest lies in favour of upholding the exemption. We recognise that there is a public interest in disclosing information as part of open, transparent and accountable government, and to inform public debate. However, there is a greater public interest in ensuring the security of the information we hold, much of it being the personal data of clients.
Q1. Can you please list the number of devices deployed by your organisation for the following?
Device Type |
Number of Devices |
Desktop PCs |
17 |
Laptops |
3932 |
Mobile Phones |
881 |
Printers |
(zero dedicated, all MFDs) |
Multi Functional Devices (MFDs) |
21 |
Tablets |
0 |
Physical Servers |
1 |
Storage Devices (for example: NAS, SAN) |
0 |
Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points) |
165 |
Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools) |
Exemption 35(1)(a) applies. To be helpful, we can advise that the number of individual Software as a Service services we consume for security purposes is around 10. The number of hardware applications we use is approximately 4. |
Q2. Does your organisation have plans to procure any of the below services, if yes then please provide information in the below format?
Estimated/Total Cost |
Duration |
|
Example: Platform as a Service |
1 million |
2023/28 |
a. Cloud computing Cloud Hosting Service |
£6,000,000 |
2024/2026 |
b. Software as a Service (SaaS) Operational Resourcing Tool |
35(1)(a) applies to some information £200,000 |
2023/2028 |
c. Platform as a Service (PaaS) Integration Platform Low Code Platform |
£800,000 £3,000,000 |
2023 2025/unknown at this stage |
d. Infrastructure as a Service (IaaS) |
35(1)(a) applies |
35(1)(a) applies |
e. Anything as a Service (Xaas) |
NA |
NA |
Q3. Does your organisation have any plans to procure the below services, if yes then please provide required information in the below format?
Estimated/Total Cost |
Duration |
|
Example: IoT security |
0.5 million |
2023/28 |
a. Network Security |
35(1)(a) applies |
35(1)(a) applies |
b. Cloud Security |
35(1)(a) applies |
35(1)(a) applies |
c. Endpoint Security |
35(1)(a) applies |
35(1)(a) applies |
d. Mobile Security |
35(1)(a) applies |
35(1)(a) applies |
e. IoT Security |
35(1)(a) applies |
35(1)(a) applies |
f. Application Security |
35(1)(a) applies |
35(1)(a) applies |
Q4. Does your organisation have any plans to procure below services, if yes then please provide information in the below format?
Estimated/Total Cost |
Duration |
|
Example: Data and Analytics |
8 millions |
2023/27 |
Data and Analytics |
NA |
NA |
AI and Automation |
NA |
NA |
Digital Transformation |
NA |
NA |
Your right to request a review
If you are unhappy with this response to your Freedom of Information request, you may ask us to carry out an internal review of the response, by writing to the Chief Executive. This can be sent to foi@socialsecurity.gov.scot. Your review request should explain why you are dissatisfied with this response, and should be made within 40 working days from the date when you received this letter. We will complete the review in accordance with Freedom of Information (Scotland) Act 2002 as soon as possible, and not later than 20 working days from the day following the date we receive your review request.
If you are not satisfied with the result of the review, you then have the right to appeal to the Scottish Information Commissioner. More detailed information on your appeal rights is available on the Commissioner's website at:
http://www.itspublicknowledge.info/YourRights/Unhappywiththeresponse/AppealingtoCommissioner.aspx
Feedback
We would value your feedback on how we have managed your request for information. We have prepared a short survey to help provide feedback. The survey is anonymous. If you would like to provide feedback, please follow this link:
https://response.questback.com/scottishgovernment/informationrightssurvey