Publication - FOI/EIR release

Further and Higher Education - Cyber Essentials (Plus) certification: FOI release

Published: 23 Apr 2019

Information request and response under the Freedom of Information (Scotland) Act 2002.

Published:
23 Apr 2019
Further and Higher Education - Cyber Essentials (Plus) certification: FOI release
FOI reference: FOI/201900000826
Date received: 21 Mar 2019
Date responded: 16 Apr 2019
Information requested

You asked for statistical information relating to the number of organisations within Further Education (Colleges) and Higher Education (Universities) that have completed certification in Cyber Essentials and Cyber Essentials+.

Response

The Public Sector Action Plan (PSAP) asks public bodies to ensure they have appropriate independent assurance that critical technical controls are in place to protect against the most common internet-borne cyber threats by the end of October 2018. It states a preference for Cyber Essentials Plus or Cyber Essentials with alternative independent assurance to be used for these purposes.

The PSAP notes that, where the deadline of end October 2018 cannot be met for legitimate reasons, public bodies will be asked to set out their plans for achieving independent assurance as soon as possible thereafter. It also notes that in exceptional cases and for some particularly complex public bodies, Cyber Essentials may not be an appropriate standard to work to, and that in these circumstances alternative ways of achieving independent assurance may be identified.

Some colleges and universities are still in the process of submitting monitoring returns regarding this action. However, the information held at present is shown in the table below:

  Cyber Essentials Cyber Essentials Plus Total
Colleges 8 4 12
Universities 3 6* 9
Total 11 10 21

* The University of the Highlands and Islands' Cyber Essentials Plus certification covers the university and a number of sites managed by it. These additional sites are excluded from the table above (An additional 11 colleges and 2 other institutions).

Information is available from the National Cyber Security Centre (NCSC) website, where you can find details of organisations that have had a Cyber Essentials Certificate issued in the last 12 months: https://www.cyberessentials.ncsc.gov.uk/cert-search/

You may wish to check the website at a later date as public sector organisations progress towards ensuring they have appropriate independent assurance in place.

Please note that the information held by the Scottish Government is in the process of being updated as monitoring returns are received. It may therefore not represent the most up to date position amongst universities and colleges.

About FOI
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact

Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG