Information relating to Cyber Essential certificates: FOI release

Information requested

I understand that the Scottish Government received two Cyber Essentials certificates for Public administration and defence.

One (IASME-CE-006782) was issued on 19/10/2020 and the other (IASME-CEP-001637) was issued on 23/11/2020.

With regards to these certifications:

1. Please supply the documentation that names all the Scottish Government bodies / premises that are covered by these certifications. If there is no documentation, please supply a list.

2. Please supply documentation that outlines the technical standards for recovery and back-up that the Scottish Government is supposed to be working to, in order to comply with the cyber-essential certificates. These may be specified by Cyber Essentials standards, or some other technical standard. If there is no uniform standard across the Scottish Government for recovery and back-up, please provide details of all technical standards used, in all agencies.

3. Please could you confirm how much these certifications cost the Scottish Government? Please break this cost down by external consultant / supplier.

Response

1. The Cyber Essentials and Cyber Essentials Plus accreditations you detail cover the Scottish Government's desktop computing environment. This extends to all customers who use this environment on a shared service basis. These customers are:
Accountant in Bankruptcy
British-Irish Council
Children's Hearings Scotland
Community Justice Scotland
Court of the Lord Lyon
Crown Office and Procurator Fiscal Service (COPFS)
Disclosure Scotland
Edinburgh Tram Inquiry
Education Scotland
Food Standards Scotland
Forensic Mental Health Review
Forestry and Land Scotland
Historic Environment Scotland
Independent Living Fund (Scotland)
Inquiry into Queen Elizabeth University Hospital (Glasgow) and Royal Hospital for Children and Young People (Edinburgh)
Judicial Appointments Board
Judicial Complaints Reviewer Singleton Post
National Records of Scotland (NRS)
Office for the Scottish Charity Regulator (OSCR)
Office of the Advocate General
Parole Board for Scotland
Police Investigations and Review Commissioner
Poverty & Inequality Commission
Queen's and Lord Treasurer's Remembrancer
Race Equality Framework Adviser
Registers of Scotland
Revenue Scotland
Risk Management Authority
Scottish Boundary Commissions' Secretariat
Scottish Child Abuse Inquiry
Scottish Children's Reporter Administration
Scottish Commission on Social Security (SCoSS)
Scottish Courts and Tribunal Services
Scottish Fiscal Commission
Scottish Forestry
Scottish Housing Regulator
Scottish Human Rights Commission
Scottish Law Commission
Scottish Mental Health Law Review
Scottish National Investment Bank (SNIB)
Scottish Parliament
Scottish Prison Service
Scottish Public Pensions Agency
Scottish Public Services Ombudsman
Scottish Road Works Commissioner
Sheku Bayoh Inquiry
Social Security Scotland
Student Awards Agency for Scotland
The Office of the Secretary of State for Scotland
Transport Scotland
Upper Tribunals for Scotland
Volunteer Development Scotland

2. Technical standards for backup are not defined by Cyber Essentials or Cyber Essentials Plus, as such no standards are formally required to comply with Cyber Essentials certificates.

3. These certifications were assessed and supplied by Barrier Networks Ltd at a cost of £4,000 (excl.VAT). 

About FOI
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.