Social Security Scotland technology and devices: FOI release

Information requested

Information relating to the number of devices deployed by Social Security Scotland organisation and our plans to procure a number of named services.

Response

Our responses are contained in the below tables.

An exemption under section 35(1)(a) of FOISA applies to some of the information you have requested.

This exemption applies where disclosure of information under the Act would, or would be likely to, prejudice substantially the prevention or detection of crime. To disclose the information requested would compromise our abilities to defend against cyber attacks.

This exemption is subject to the 'public interest test'. Therefore, taking account of all the circumstances of this case, we have considered if the public interest in disclosing the information outweighs the public interest in applying the exemption. We have found that, on balance, the public interest lies in favour of upholding the exemption. We recognise that there is a public interest in disclosing information as part of open, transparent and accountable government, and to inform public debate. However, there is a greater public interest in ensuring the security of the information we hold, much of it being the personal data of clients.

Q1. Can you please list the number of devices deployed by your organisation for the following?

Device Type	Number of Devices
Desktop PCs	17
Laptops	3932
Mobile Phones	881
Printers	(zero dedicated, all MFDs)
Multi Functional Devices (MFDs)	21
Tablets	0
Physical Servers	1
Storage Devices (for example: NAS, SAN)	0
Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points)	165
Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools)	Exemption 35(1)(a) applies. To be helpful, we can advise that the number of individual Software as a Service services we consume for security purposes is around 10. The number of hardware applications we use is approximately 4.

Q2. Does your organisation have plans to procure any of the below services, if yes then please provide information in the below format?

	Estimated/Total Cost	Duration
Example: Platform as a Service	1 million	2023/28
a. Cloud computing Cloud Hosting Service	£6,000,000	2024/2026
b. Software as a Service (SaaS) Operational Resourcing Tool	35(1)(a) applies to some information £200,000	2023/2028
c. Platform as a Service (PaaS) Integration Platform Low Code Platform	£800,000 £3,000,000	2023 2025/unknown at this stage
d. Infrastructure as a Service (IaaS)	35(1)(a) applies	35(1)(a) applies
e. Anything as a Service (Xaas)	NA	NA

Q3. Does your organisation have any plans to procure the below services, if yes then please provide required information in the below format?

	Estimated/Total Cost	Duration
Example: IoT security	0.5 million	2023/28
a. Network Security	35(1)(a) applies	35(1)(a) applies
b. Cloud Security	35(1)(a) applies	35(1)(a) applies
c. Endpoint Security	35(1)(a) applies	35(1)(a) applies
d. Mobile Security	35(1)(a) applies	35(1)(a) applies
e. IoT Security	35(1)(a) applies	35(1)(a) applies
f. Application Security	35(1)(a) applies	35(1)(a) applies

Q4. Does your organisation have any plans to procure below services, if yes then please provide information in the below format?

	Estimated/Total Cost	Duration
Example: Data and Analytics	8 millions	2023/27
Data and Analytics	NA	NA
AI and Automation	NA	NA
Digital Transformation	NA	NA

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.