We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - FOI/EIR release

Social Security Scotland device and IT services data: FOI release

Published
26 January 2026
Topic
Money and tax, Public sector
FOI reference
FOI/202500489453
Date received
15 October 2025
Date responded
12 November 2025

Information request and response under the Freedom of Information (Scotland) Act 2002.

Information requested

Request for information 1:

Can you please list the number of devices deployed by your organisation for the following?

  • Desktop PCs
  • Laptops
  • Mobile Phones
  • Printers
  • Multi Functional Devices (MFDs)
  • Tablets
  • Physical Servers
  • Storage Devices (for example: NAS, SAN)
  • Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points)
  • Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools)

Request for information 2:

Does your organisation have plans to procure any of the below services, if yes then please provid information?

1. Cloud computing
2. Software as a Service (SaaS)
3. Platform as a Service (PaaS)
4. Infrastructure as a Service (IaaS)
5. Anything as a Service (Xaas)

You requested spend/budget by financial year.

Request for information 3:

Does your organisation have any plans to procure the below services, if yes then please provide required information?

1. Network Security
2. Cloud Security
3. Endpoint Security
4. Mobile Security
5. IoT Security
6. Application Security

Request for information 4:

Does your organisation have any plans to procure below services?

1. Data and Analytics
2. AI and Automation
3. Digital Transformation
4. ERP Systems

Request for information 5:

Has your organisation implemented any form of AI or Automation services, and if not, what is the reason for not implementing?

You requested a spend/budget breakdown by financial year for requests for information 2 through 4.

Response

Request for information 1:

Please see most of the information which you have requested in the below table.

Device Type

Number of Devices

Desktop PCs

8

Laptops

4,727

Mobile Phones

651

Printers

2

Multi Functional Devices (MFDs)

21

Tablets

63

Physical Servers

1

Storage Devices (for example: NAS, SAN)

0

Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points)

156

Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools)

Exemption under Section 35(1) (a) applies

An exemption under section 35(1)(a) of FOISA applies to some of the information you have requested.

This exemption applies where disclosure of information under the Act would, or would be likely to, prejudice substantially the prevention or detection of crime. To disclose the information requested would compromise our abilities to defend against cyber attacks.

This exemption is subject to the 'public interest test'. Therefore, taking account of all the circumstances of this case, we have considered if the public interest in disclosing the information outweighs the public interest in applying the exemption. We have found that, on balance, the public interest lies in favour of upholding the exemption. We recognise that there is a public interest in disclosing information as part of open, transparent and accountable government, and to inform public debate. However, there is a greater public interest in ensuring the security of the information we hold, much of it being the personal data of clients.

To be helpful, we can advise that the number of individual Software as a Service services we consume for security purposes is around ten. The number of hardware applications we use is approximately four.

Request for Information 2:

Please see the table below.

An exemption under section 33(1)(b) of FOISA (commercial interests) applies to some of the information requested. This exemption applies because disclosure of this particular information would, or would be likely to, prejudice substantially the future commercial interests of Social Security Scotland.

This exemption is subject to the ‘public interest test’. Therefore, taking account of all the circumstances of this case, we have considered if the public interest in disclosing the information outweighs the public interest in applying the exemption. We have found that, on balance, the public interest lies in favour of upholding the exemption. We recognise that there is a public interest in disclosing information as part of open and transparent government, and to help account for the expenditure of public money.

However, there is a greater public interest to ensure that Social Security Scotland are always able to obtain the best value for public money.

An exemption under section 35(1)(a) of FOISA applies to some of the information you have requested.

This exemption applies where disclosure of information under the Act would, or would be likely to, prejudice substantially the prevention or detection of crime. To disclose the information requested would compromise our abilities to defend against cyber attacks.

This exemption is subject to the 'public interest test'. Therefore, taking account of all the circumstances of this case, we have considered if the public interest in disclosing the information outweighs the public interest in applying the exemption. We have found that, on balance, the public interest lies in favour of upholding the exemption. We recognise that there is a public interest in disclosing information as part of open, transparent and accountable government, and to inform public debate. However, there is a greater public interest in ensuring the security of the information we hold, much of it being the personal data of clients. 

Service

2025/26 Spend/Budget (£s)

2025/26 Spend/ Budget (£s)

2025/26 Spend/ Budget (£s)

2025/26 Spend/ Budget (£s)

1. Cloud computing

Exemption under Section 33(1)(b) applies

1. Software as a Service (SaaS)

Exemption under Section 35(1)(a) applies

1. Platform as a Service (PaaS)

Integration Platform

Low Code Platform

Exemption under Section 33(1)(b) applies

1. Infrastructure as a Service (IaaS)

Exemption under Section 35(1)(a) applies

1. Anything as a Service (XaaS)

Not applicable as no additional services are procured or categories under the broader XaaS as desktop, laptop and other XaaS services are highlighted in Q1 response

Request for information 3:

An exemption under section 35(1)(a) of FOISA applies to all of the information you have requested.

This exemption applies where disclosure of information under the Act would, or would be likely to, prejudice substantially the prevention or detection of crime. To disclose the information requested would compromise our abilities to defend against cyber attacks.

This exemption is subject to the 'public interest test'. Therefore, taking account of all the circumstances of this case, we have considered if the public interest in disclosing the information outweighs the public interest in applying the exemption. We have found that, on balance, the public interest lies in favour of upholding the exemption. We recognise that there is a public interest in disclosing information as part of open, transparent and accountable government, and to inform public debate. However, there is a greater public interest in ensuring the security of the information we hold, much of it being the personal data of clients.

Request for information 4:

While our aim is to provide information whenever possible, in this instance Social Security Scotland does not hold the information you have requested. Social Security Scotland has no immediate plans to change the way in which we use these services. This may change in the future.

This is a formal notice under section 17(1) of FOISA that Social Security Scotland does not have the information you have requested.

Request for information 5:

Yes, Social Security Scotland has implemented some AI use.

You may be interested in the information provided in the below, prior responses to Freedom of Information requests:

1. Social Security Scotland - Social Security Scotland’s use of Artificial Intelligence (AI) technology: FOI release

2. Social Security Scotland - AI Document Understanding or Client Advisor Knowledge Assist systems used by Social Security Scotland: FOI release

3. Social Security Scotland - AI Document Understanding and Client Advisor Knowledge Assist systems: FOI release

4. Social Security Scotland - AI Document Understanding system: FOI release

You may also find it useful to know that all anticipated procurements above £50,000 for the next two financial years are available in the Social Security Scotland Annual Procurement Report 2024-2025:

Social Security Scotland - Social Security Scotland Annual Procurement Report 2024-2025.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at https://www.gov.scot/foi-responses.

Contact

Please quote the FOI reference
Central Correspondence Unit
Email: contactus@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrew's House
Regent Road
Edinburgh
EH1 3DG

Back to top