Social Security Scotland: framework document

Sets out the detailed accountability and governance framework for Social Security Scotland, and the context for the Agency's relationship with Scottish Ministers and core Scottish Government Directorates.

Organisational Security and Resilience

69. The Chief Executive is responsible for ensuring that adequate systems of protective security are maintained by Social Security Scotland, including appropriate physical, personnel and cyber security controls designed to protect Agency assets, staff, and citizens during their interactions with the Agency. The systems will allow the Agency to identify threats and treat risks as appropriate through risk management procedures.

70. In line with the Scottish Public Sector Action Plan on Cyber Resilience, Social Security Scotland is a Cyber Catalyst organisation whereby the Chief Executive has agreed that the organisation will undertake work to implement best practice guidelines in respect of cyber resilience. The Agency will provide regular updates to the SG Cyber Resilience Unit and Scottish Ministers against a Scottish Public Sector Cyber Resilience monitoring and evaluation framework.

71. The Agency will as part of business continuity planning consider the most resilient ICT options and measures that can be invoked rapidly in the event of a serious incident or business impact to one of the Agency key locations.


Back to top