We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - FOI/EIR release

IT equipment and Infrastructure: FOI release

Published
27 June 2023
Directorate
Digital Directorate
Topic
Public sector
FOI reference
FOI/202300359055
Date received
29 May 2023
Date responded
23 June 2023

Information request and response under the Freedom of Information (Scotland) Act 2002

Information requested

A range of questions and for ease of providing responses the question tables you submitted have been used as the format in this response to provide you with the requested information.

Response

I attach a copy of some of the information you requested in the format you asked for.

Q1. Can you please list the number of devices deployed by your organisation for the following?

Device Type

Number of Devices

Desktop PCs

76

Laptops

10,905

Mobile Phones

4662

Printers

Information not held centrally (*see note below)

Multi Functional Devices (MFDs)

407

Tablets

106

Physical Servers

85

Storage Devices (for example: NAS, SAN)

5

Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points)

2150

Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools)

Firewalls Web Proxies, Mail Gateways, Analyser and Manager are all exempt under section 30(c) (** see note below)

* While our aim is to provide information whenever possible, in this instance the Scottish Government does not have some of the information you have requested. This is because Printers and Multi Functional Devices (MFDs) are purchased by business areas direct from framework suppliers therefore this information is not held centrally. This is a formal notice under section 17(1) of FOISA that the Scottish Government does not have the information you have requested.

** While our aim is to provide information whenever possible, in this instance an exemption under section 30(c) of FOISA (prejudice to effective conduct of public affairs) applies to your request. Disclosing this information would substantially prejudice our ability to carry out the effective conduct of public affairs.

Providing details about the information you have requested into the public domain could subsequently be used by threat actors, building a picture of our security capability, to evade any controls we might or might not have in place. This could therefore enable them to target specific types of attack or data exfiltration methods and would constitute substantial prejudice to the effective conduct of public affairs.

Q2. Does your organisation have plans to procure any of the below services, if yes then please provide information in the below format?

 

Estimated/Total Cost

 

Duration

Example: Platform as a Service

1 million

2023/28

a. Cloud computing

Exempt under section 12

 

b. Software as a Service (SaaS)

Exempt under section 12

 

c. Platform as a Service (PaaS)

Exempt under section 12

 

d. Infrastructure as a Service (IaaS)

Exempt under section 12

 

e. Anything as a Service (Xaas)

Exempt under section 12

 

While our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. The reason for this is that to locate and retrieve that information we would need to contact all business areas within the Scottish Government to obtain all the required information and in carrying out that organisational trawl for all required information the upper cost limit would be breached. Under Section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under section 12.

You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could restrict your request to a specific business area of the Scottish Government, such as a specific named Directorate, as this would allow us to limit the searches that would require to be conducted. You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on his website at: http://www.itspublicknowledge.info/YourRights/Tipsforrequesters.aspx.

Q3. Does your organisation have any plans to procure the below services, if yes then please provide required information in the below format?

 

Estimated/Total Cost

 

Duration

Example: IoT security

0.5 million

2023/28

a. Network Security

Exempt under section 30(c)

 

b. Cloud Security

Exempt under section 30(c)

 

c. Endpoint Security

Exempt under section 30(c)

 

d. Mobile Security

Exempt under section 30(c)

 

e. IoT Security

Exempt under section 30(c)

 

f. Application Security

Exempt under section 30(c)

 

While our aim is to provide information whenever possible, in this instance an exemption under section 30(c) of FOISA (prejudice to effective conduct of public affairs) applies to your request. Disclosing this information would substantially prejudice our ability to carry out the effective conduct of public affairs. Providing details about the information you have requested into the public domain could subsequently be used by threat actors, building a picture of our security capability, to evade any controls we might or might not have in place. This could therefore enable them to target specific types of attack or data exfiltration methods and would constitute substantial prejudice to the effective conduct of public affairs.

Q4. Does your organisation have any plans to procure below services, if yes then please provide information in the below format?

 

Estimated/Total Cost

 

Duration

Example: Data and Analytics

8 millions

2023/27

Data and Analytics

Exempt under section 12

 

AI and Automation

Exempt under section 12

 

Digital Transformation

Exempt under section 12

 

While our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. The reason for this is that to locate and retrieve that information we would need to contact all business areas within the Scottish Government to obtain all the required information and in carrying out that organisational trawl for all required information the upper cost limit would be breached. Under Section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under section 12.

You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could restrict your request to a specific business area of the Scottish Government, such as a specific named Directorate, as this would allow us to limit the searches that would require to be conducted. You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on his website at: http://www.itspublicknowledge.info/YourRights/Tipsforrequesters.aspx.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

Contact

Please quote the FOI reference
Central Enquiry Unit
Email: ceu@gov.scot
Phone: 0300 244 4000

The Scottish Government
St Andrews House
Regent Road
Edinburgh
EH1 3DG

Back to top