IT equipment and Infrastructure: FOI release
- Published
- 27 June 2023
- Directorate
- Digital Directorate
- Topic
- Public sector
- FOI reference
- FOI/202300359055
- Date received
- 29 May 2023
- Date responded
- 23 June 2023
Information request and response under the Freedom of Information (Scotland) Act 2002
Information requested
A range of questions and for ease of providing responses the question tables you submitted have been used as the format in this response to provide you with the requested information.
Response
I attach a copy of some of the information you requested in the format you asked for.
Q1. Can you please list the number of devices deployed by your organisation for the following? |
|
Device Type |
Number of Devices |
Desktop PCs |
76 |
Laptops |
10,905 |
Mobile Phones |
4662 |
Printers |
Information not held centrally (*see note below) |
Multi Functional Devices (MFDs) |
407 |
Tablets |
106 |
Physical Servers |
85 |
Storage Devices (for example: NAS, SAN) |
5 |
Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points) |
2150 |
Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools) |
Firewalls Web Proxies, Mail Gateways, Analyser and Manager are all exempt under section 30(c) (** see note below) |
* While our aim is to provide information whenever possible, in this instance the Scottish Government does not have some of the information you have requested. This is because Printers and Multi Functional Devices (MFDs) are purchased by business areas direct from framework suppliers therefore this information is not held centrally. This is a formal notice under section 17(1) of FOISA that the Scottish Government does not have the information you have requested.
** While our aim is to provide information whenever possible, in this instance an exemption under section 30(c) of FOISA (prejudice to effective conduct of public affairs) applies to your request. Disclosing this information would substantially prejudice our ability to carry out the effective conduct of public affairs.
Providing details about the information you have requested into the public domain could subsequently be used by threat actors, building a picture of our security capability, to evade any controls we might or might not have in place. This could therefore enable them to target specific types of attack or data exfiltration methods and would constitute substantial prejudice to the effective conduct of public affairs.
Q2. Does your organisation have plans to procure any of the below services, if yes then please provide information in the below format? |
Estimated/Total Cost |
Duration |
Example: Platform as a Service |
1 million |
2023/28 |
a. Cloud computing |
Exempt under section 12 |
|
b. Software as a Service (SaaS) |
Exempt under section 12 |
|
c. Platform as a Service (PaaS) |
Exempt under section 12 |
|
d. Infrastructure as a Service (IaaS) |
Exempt under section 12 |
|
e. Anything as a Service (Xaas) |
Exempt under section 12 |
|
While our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. The reason for this is that to locate and retrieve that information we would need to contact all business areas within the Scottish Government to obtain all the required information and in carrying out that organisational trawl for all required information the upper cost limit would be breached. Under Section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under section 12.
You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could restrict your request to a specific business area of the Scottish Government, such as a specific named Directorate, as this would allow us to limit the searches that would require to be conducted. You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on his website at: http://www.itspublicknowledge.info/YourRights/Tipsforrequesters.aspx.
Q3. Does your organisation have any plans to procure the below services, if yes then please provide required information in the below format? |
Estimated/Total Cost |
Duration |
Example: IoT security |
0.5 million |
2023/28 |
a. Network Security |
Exempt under section 30(c) |
|
b. Cloud Security |
Exempt under section 30(c) |
|
c. Endpoint Security |
Exempt under section 30(c) |
|
d. Mobile Security |
Exempt under section 30(c) |
|
e. IoT Security |
Exempt under section 30(c) |
|
f. Application Security |
Exempt under section 30(c) |
|
While our aim is to provide information whenever possible, in this instance an exemption under section 30(c) of FOISA (prejudice to effective conduct of public affairs) applies to your request. Disclosing this information would substantially prejudice our ability to carry out the effective conduct of public affairs. Providing details about the information you have requested into the public domain could subsequently be used by threat actors, building a picture of our security capability, to evade any controls we might or might not have in place. This could therefore enable them to target specific types of attack or data exfiltration methods and would constitute substantial prejudice to the effective conduct of public affairs.
Q4. Does your organisation have any plans to procure below services, if yes then please provide information in the below format? |
Estimated/Total Cost |
Duration |
Example: Data and Analytics |
8 millions |
2023/27 |
Data and Analytics |
Exempt under section 12 |
|
AI and Automation |
Exempt under section 12 |
|
Digital Transformation |
Exempt under section 12 |
|
While our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. The reason for this is that to locate and retrieve that information we would need to contact all business areas within the Scottish Government to obtain all the required information and in carrying out that organisational trawl for all required information the upper cost limit would be breached. Under Section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under section 12.
You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could restrict your request to a specific business area of the Scottish Government, such as a specific named Directorate, as this would allow us to limit the searches that would require to be conducted. You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on his website at: http://www.itspublicknowledge.info/YourRights/Tipsforrequesters.aspx.
About FOI
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.
Contact
Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000
The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG
There is a problem
Thanks for your feedback