Devices and services procurement data: FOI release

Information requested

A range of information through questions contained in an attached Microsoft Excel document.

The tables from this document have been copied below with the answers for each item provided where possible.

Response

The tables below correspond directly to the tables included in the initial request. Where possible, I have provided an answer in the table as requested. Where an answer is not able to be provided, I have listed the specific exemption applied to this information and provided a further explanation beneath each table of each exemption used.

Q1. Can you please list the number of devices deployed by your organisation for the following?
Device Type	Number of Devices
Desktop PCs	44
Laptops	10,156
Mobile Phones	3,879
Printers	31
Multi Functional Devices (MFDs)	284
Tablets	77
Physical Servers	65
Storage Devices (for example: NAS, SAN)	5
Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points)	2,489
Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools)	Exempt under Section 30(c)

Regarding the exemption under Section 30(c), we consider that the information requested in this part of your request is exempt under 30(c) of FOISA (prejudice to effective conduct of public affairs). In considering this exemption we have taken account of the fact that disclosure of information under the FOISA is to “the world at large,” not just to an individual applicant. We are therefore required to consider the effect of releasing the information into the public domain. Providing details about the information you have requested into the public domain could subsequently be used by threat actors to evade any controls we might or might not have in place. We consider that the public interest in ensuring that the security of our systems and processes is not compromised, thereby maintaining ability to conduct affairs of public office, outweighs that of disclosing this information.

Q2. Does your organisation have plans to procure any of the below services, if yes then please provide information in the below format?	2025/26 Spend/Budget	2026/27 Spend/Budget	27/28 Spend/Budget	28/29 Spend/Budget
Example: Platform as a Service	1,000,000		200000
a. Cloud computing	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12
b. Software as a Service (SaaS)	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12
c. Platform as a Service (PaaS)	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12
d. Infrastructure as a Service (IaaS)	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12
e. Anything as a Service (Xaas)	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12

Regarding the exemptions under Section 12, while our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. In order to find this information, every business area across the Scottish Government would need to be asked for any plans. The cost of carrying out such a trawl across the entire Scottish Government would exceed the cost limit. Under Section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under Section 12.

You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could ask what plans exist within an individual business area. You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on his website at: http://www.itspublicknowledge.info/YourRights/Tipsforrequesters.aspx.

Q3. Does your organisation have any plans to procure the below services, if yesthen please provide required information in the below format?	2025/26 Spend/Budget	2026/27 Spend/Budget	27/28 Spend/Budget	28/29 Spend/Budget
Example: IoT security	50000	50000	80000
a. Network Security	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)
b. Cloud Security	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)
c. Endpoint Security	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)
d. Mobile Security	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)
e. IoT Security	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)
f. Application Security	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)	Exempt under Section 30(c)

Regarding the exemptions under Section 30(c), we consider that the information requested in this part of your request is exempt under 30(c) of FOISA (prejudice to effective conduct of public affairs). In considering this exemption we have taken account of the fact that disclosure of information under the FOISA is to “the world at large,” not just to an individual applicant. We are therefore required to consider the effect of releasing the information into the public domain. Providing details about the information you have requested into the public domain could subsequently be used by threat actors to evade any controls we might or might not have in place. We consider that the public interest in ensuring that the security of our systems and processes is not compromised, thereby maintaining ability to conduct affairs of public office, outweighs that of disclosing this information.

Q4. Does your organisation have any plans to procure below services, if yes then please provide information in the below format?	2025/26 Spend/Budget	2026/27 Spend/Budget	27/28 Spend/Budget	28/29 Spend/Budget
Example: Data and Analytics	1750000	2000000
a. Data and Analytics	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12
b. AI and Automation	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12
c. Digital Transformation	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12
d. ERP Systems	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12	Exempt under Section 12

Regarding the exemptions under Section 12, while our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. In order to find this information, every business area across the Scottish Government would need to be asked for any plans. The cost of carrying out such a trawl across the entire Scottish Government would exceed the cost limit. Under Section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under Section 12.

You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could ask what plans exist within an individual business area. You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on his website at: http://www.itspublicknowledge.info/YourRights/Tipsforrequesters.aspx.

Q5. Has your organisation implemented any form of AI or Automation services, and if not, what is the reason for not implementing?	Yes	No	Reason
Example: Yes, Example: No, Legacy System	Please see summary response to these questions below	NA	NA
a. Implemented	NA	NA	NA
b. Minor implementation with completed AI strategy	NA	NA	NA
c. Plans to develop implementation	NA	NA	NA
d. Due to legacy systems	NA	NA	NA

The Scottish Government Intelligent Automation Centre of Excellence is a division dedicated to supporting business areas across Scottish Government to implement AI enabled automation opportunities and best practices.

Copilot Chat has been available to all SCOTS users since early 2025, implemented as a feature release to the Scottish Government's existing Microsoft Enterprise Agreement. This provides browserbased access to generative AI for all users. Additionally, a seven month trial of Microsoft Copilot 365 commenced in May of 2025 to further assess the potential uses and return on investment of AI.

Individual business areas may have additional cases of AI and automation implementations beyond those listed above. However, a trawl of the entirety of the Scottish Government would exceed the upper cost limit of £600 and is not considered proportionate in this instance.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at https://www.gov.scot/foi-responses.