FOI/202500491434 · FOI · cost limit

Devices and services procurement data: FOI release

Published: 2026-02-04
Received: 2025-10-30
Responded: 2025-11-25
Directorate: Corporate Operations Directorate
Topic: Public sector
Exemptions: 30, 12

Information requested

A range of information through questions contained in an attached Microsoft Excel document.

The tables from this document have been copied below with the answers for each item provided where possible.

Response

The tables below correspond directly to the tables included in the initial request. Where possible, I have provided an answer in the table as requested. Where an answer is not able to be provided, I have listed the specific exemption applied to this information and provided a further explanation beneath each table of each exemption used.

Q1. Can you please list the number of devices deployed by your organisation for the following? Device Type Number of Devices Desktop PCs 44 Laptops 10,156 Mobile Phones 3,879 Printers 31 Multi Functional Devices (MFDs) 284 Tablets 77 Physical Servers 65 Storage Devices (for example: NAS, SAN) 5 Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points) 2,489 Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools) Exempt under Section 30(c)

Regarding the exemption under Section 30(c), we consider that the information requested in this part of your request is exempt under 30(c) of FOISA (prejudice to effective conduct of public affairs). In considering this exemption we have taken account of the fact that disclosure of information under the FOISA is to “the world at large,” not just to an individual applicant. We are therefore required to consider the effect of releasing the information into the public domain. Providing details about the information you have requested into the public domain could subsequently be used by threat actors to evade any controls we might or might not have in place. We consider that the public interest in ensuring that the security of our systems and processes is not compromised, thereby maintaining ability to conduct affairs of public office, outweighs that of disclosing this information.

Q2. Does your organisation have plans to procure any of the below services, if yes then please provide information in the below format? 2025/26 Spend/Budget 2026/27 Spend/Budget 27/28 Spend/Budget 28/29 Spend/Budget Example: Platform as a Service 1,000,000 200000 a. Cloud computing Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 b. Software as a Service (SaaS) Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 c. Platform as a Service (PaaS) Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 d. Infrastructure as a Service (IaaS) Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 e. Anything as a Service (Xaas) Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12

Regarding the exemptions under Section 12, while our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. In order to find this information, every business area across the Scottish Government would need to be asked for any plans. The cost of carrying out such a trawl across the entire Scottish Government would exceed the cost limit. Under Section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under Section 12.

You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could ask what plans exist within an individual business area. You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on his website at: http://www.itspublicknowledge.info/YourRights/Tipsforrequesters.aspx.

Q3. Does your organisation have any plans to procure the below services, if yesthen please provide required information in the below format? 2025/26 Spend/Budget 2026/27 Spend/Budget 27/28 Spend/Budget 28/29 Spend/Budget Example: IoT security 50000 50000 80000 a. Network Security Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) b. Cloud Security Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) c. Endpoint Security Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) d. Mobile Security Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) e. IoT Security Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) f. Application Security Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c) Exempt under Section 30(c)

Regarding the exemptions under Section 30(c), we consider that the information requested in this part of your request is exempt under 30(c) of FOISA (prejudice to effective conduct of public affairs). In considering this exemption we have taken account of the fact that disclosure of information under the FOISA is to “the world at large,” not just to an individual applicant. We are therefore required to consider the effect of releasing the information into the public domain. Providing details about the information you have requested into the public domain could subsequently be used by threat actors to evade any controls we might or might not have in place. We consider that the public interest in ensuring that the security of our systems and processes is not compromised, thereby maintaining ability to conduct affairs of public office, outweighs that of disclosing this information.

Q4. Does your organisation have any plans to procure below services, if yes then please provide information in the below format? 2025/26 Spend/Budget 2026/27 Spend/Budget 27/28 Spend/Budget 28/29 Spend/Budget Example: Data and Analytics 1750000 2000000 a. Data and Analytics Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 b. AI and Automation Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 c. Digital Transformation Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 d. ERP Systems Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12

Regarding the exemptions under Section 12, while our aim is to provide information whenever possible, in this instance the costs of locating, retrieving and providing the information requested would exceed the upper cost limit of £600. In order to find this information, every business area across the Scottish Government would need to be asked for any plans. The cost of carrying out such a trawl across the entire Scottish Government would exceed the cost limit. Under Section 12 of FOISA public authorities are not required to comply with a request for information if the authority estimates that the cost of complying would exceed the upper cost limit, which is currently set at £600 by Regulations made under Section 12.

You may, however, wish to consider reducing the scope of your request in order that the costs can be brought below £600. For example, you could ask what plans exist within an individual business area. You may also find it helpful to look at the Scottish Information Commissioner's 'Tips for requesting information under FOI and the EIRs' on his website at: http://www.itspublicknowledge.info/YourRights/Tipsforrequesters.aspx.

Q5. Has your organisation implemented any form of AI or Automation services, and if not, what is the reason for not implementing? Yes No Reason Example: Yes, Example: No, Legacy System Please see summary response to these questions below NA NA a. Implemented NA NA NA b. Minor implementation with completed AI strategy NA NA NA c. Plans to develop implementation NA NA NA d. Due to legacy systems NA NA NA

The Scottish Government Intelligent Automation Centre of Excellence is a division dedicated to supporting business areas across Scottish Government to implement AI enabled automation opportunities and best practices.

Copilot Chat has been available to all SCOTS users since early 2025, implemented as a feature release to the Scottish Government's existing Microsoft Enterprise Agreement. This provides browserbased access to generative AI for all users. Additionally, a seven month trial of Microsoft Copilot 365 commenced in May of 2025 to further assess the potential uses and return on investment of AI.

Individual business areas may have additional cases of AI and automation implementations beyond those listed above. However, a trawl of the entirety of the Scottish Government would exceed the upper cost limit of £600 and is not considered proportionate in this instance.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at https://www.gov.scot/foi-responses.

Contact Please quote the FOI reference Central Correspondence Unit Email: contactus@gov.scot Phone: 0300 244 4000 The Scottish Government St Andrew's House Regent Road Edinburgh EH1 3DG

Detected exemption language

Where an answer is not able to be provided, I have listed the specific exemption applied to this information and provided a further explanation beneath each table of each exemption used. Device Type Number of Devices Desktop PCs 44 Laptops 10,156 Mobile Phones 3,879 Printers 31 Multi Functional Devices (MFDs) 284 Tablets 77 Physical Servers 65 Storage Devices (for example: NAS, SAN) 5 Networking Infrastructure (for example: Switches, Routers, Interfaces, Wireless Access Points) 2,489 Security Infrastructure (for example: Firewalls, Intrusion Detection Systems (IDS), Virus Monitoring Tools) Exempt under Section 30(c) Regarding the exemption under Section 30(c), we consider that the information requested in this part of your request is exempt under 30(c) of FOISA (prejudice to effective conduct of public affairs). In considering this exemption we have taken account of the fact that disclosure of information under the FOISA is to “the world at large,” not just to an individual applicant. Cloud computing Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 b. Software as a Service (SaaS) Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 Exempt under Section 12 c.

Attachments

No attachments found.

Similar releases

Correspondence discussing the response to FOI request 202600503390: FOI release 2026-05-15 · partially withheld · 2 files
Perth and Kinross broadband queries: FOI release 2026-05-14 · not held · 0 files
Crown Office and Procurator Fiscal Service funding query: FOI release 2026-05-14 · unclear · 0 files
Scottish Government documentation regarding the procurement of Oracle: FOI release 2026-05-14 · not held · 0 files
Brand Scotland marketing spend information: FOI release 2026-05-13 · unclear · 0 files
Number of Freedom of Information requests which have proceeded to a review: FOI release 2026-05-13 · unclear · 0 files
Sensitive and routine Freedom of Information request statistics: FOI release 2026-05-12 · unclear · 0 files
Correspondence regarding Information Commissioner decision notices: FOI release 2026-05-12 · partially withheld · 2 files