Request for information 1: Has Social Security Scotland ever held a CE+ accreditation?
Request for information 2: Does Social Security Scotland hold a valid CE+ accreditation for the financial year 2022/2024?
Request for information 3: Has Social Security Scotland ever unsuccessfully attempted to attain a CE+ accreditation and if so, why was it unsuccessful?
Request for information 4: When was the last time that Social Security Scotland carried out a full disaster recovery test including a test of being able to restore fully, core systems from backups?
Request for information 1:
Social Security Scotland has previously held a Cyber Essentials Plus accreditation.
Request for information 2:
We have interpreted your request to relate to the financial year 2023/2024. Social Security Scotland does not currently hold a Cyber Essentials Plus accreditation (see response to question 3).
Request for information 3:
An engagement was undertaken with a Cyber Essentials accessor. Social Security Scotland routinely perform a range of assurance activity in relation to cyber security, however given the expansion and complexity of our entirely cloud-based environment it was agreed that Cyber Essentials Plus was not a suitable assurance approach.
Request for information 4:
Recovery tests are regularly completed on individual core systems and a full recovery exercise is scheduled within 2023/24.
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.
Please quote the FOI reference
Central Enquiry Unit
Phone: 0300 244 4000
The Scottish Government
St Andrews House
There is a problem
Thanks for your feedback