Social Security Scotland cyber security: FOI release

Information request and response under the Freedom of Information (Scotland) Act 2002

Information requested

Request for information 1: Has Social Security Scotland ever held a CE+ accreditation?

Request for information 2: Does Social Security Scotland hold a valid CE+ accreditation for the financial year 2022/2024?

Request for information 3: Has Social Security Scotland ever unsuccessfully attempted to attain a CE+ accreditation and if so, why was it unsuccessful?

Request for information 4: When was the last time that Social Security Scotland carried out a full disaster recovery test including a test of being able to restore fully, core systems from backups?


Request for information 1:
Social Security Scotland has previously held a Cyber Essentials Plus accreditation.

Request for information 2:
We have interpreted your request to relate to the financial year 2023/2024. Social Security Scotland does not currently hold a Cyber Essentials Plus accreditation (see response to question 3).

Request for information 3:
An engagement was undertaken with a Cyber Essentials accessor. Social Security Scotland routinely perform a range of assurance activity in relation to cyber security, however given the expansion and complexity of our entirely cloud-based environment it was agreed that Cyber Essentials Plus was not a suitable assurance approach.

Request for information 4:
Recovery tests are regularly completed on individual core systems and a full recovery exercise is scheduled within 2023/24.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at


Please quote the FOI reference
Central Enquiry Unit
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road

Back to top