FOI/202100177392 · FOI · unclear
Information relating to Cyber Essential certificates: FOI release
Information requested
I understand that the Scottish Government received two Cyber Essentials certificates for Public administration and defence. One (IASME-CE-006782) was issued on 19/10/2020 and the other (IASME-CEP-001637) was issued on 23/11/2020. With regards to these certifications: 1. Please supply the documentation that names all the Scottish Government bodies / premises that are covered by these certifications. If there is no documentation, please supply a list. 2. Please supply documentation that outlines the technical standards for recovery and back-up that the Scottish Government is supposed to be working to, in order to comply with the cyber-essential certificates. These may be specified by Cyber Essentials standards, or some other technical standard. If there is no uniform standard across the Scottish Government for recovery and back-up, please provide details of all technical standards used, in all agencies. 3. Please could you confirm how much these certifications cost the Scottish Government? Please break this cost down by external consultant / supplier.
Response
1. The Cyber Essentials and Cyber Essentials Plus accreditations you detail cover the Scottish Government's desktop computing environment. This extends to all customers who use this environment on a shared service basis. These customers are: Accountant in Bankruptcy British-Irish Council Children's Hearings Scotland Community Justice Scotland Court of the Lord Lyon Crown Office and Procurator Fiscal Service (COPFS) Disclosure Scotland Edinburgh Tram Inquiry Education Scotland Food Standards Scotland Forensic Mental Health Review Forestry and Land Scotland Historic Environment Scotland Independent Living Fund (Scotland) Inquiry into Queen Elizabeth University Hospital (Glasgow) and Royal Hospital for Children and Young People (Edinburgh) Judicial Appointments Board Judicial Complaints Reviewer Singleton Post National Records of Scotland (NRS) Office for the Scottish Charity Regulator (OSCR) Office of the Advocate General Parole Board for Scotland Police Investigations and Review Commissioner Poverty & Inequality Commission Queen's and Lord Treasurer's Remembrancer Race Equality Framework Adviser Registers of Scotland Revenue Scotland Risk Management Authority Scottish Boundary Commissions' Secretariat Scottish Child Abuse Inquiry Scottish Children's Reporter Administration Scottish Commission on Social Security (SCoSS) Scottish Courts and Tribunal Services Scottish Fiscal Commission Scottish Forestry Scottish Housing Regulator Scottish Human Rights Commission Scottish Law Commission Scottish Mental Health Law Review Scottish National Investment Bank (SNIB) Scottish Parliament Scottish Prison Service Scottish Public Pensions Agency Scottish Public Services Ombudsman Scottish Road Works Commissioner Sheku Bayoh Inquiry Social Security Scotland Student Awards Agency for Scotland The Office of the Secretary of State for Scotland Transport Scotland Upper Tribunals for Scotland Volunteer Development Scotland 2. Technical standards for backup are not defined by Cyber Essentials or Cyber Essentials Plus, as such no standards are formally required to comply with Cyber Essentials certificates. 3. These certifications were assessed and supplied by Barrier Networks Ltd at a cost of £4,000 (excl.VAT). About FOI The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.
Contact Please quote the FOI reference Central Enquiry Unit Email: ceu@gov.scot Phone: 0300 244 4000 The Scottish Government St Andrews House Regent Road Edinburgh EH1 3DG
Attachments
No attachments found.