FOI23/24 104 Cyber Security

Date published: 15/11/2023

I am currently embarking on a research project around Cyber Security and was hoping you could provide me with some contract information relating to following information:

1.       Standard Firewall (Network) - Firewall service protects your corporate Network from unauthorised access and other Internet security threats

2.       Anti-virus Software Application - Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious

        software like worms, trojans, adware, and more.

3.       Microsoft Enterprise Agreement - is a volume licensing package offered by Microsoft.

The information I require is around the procurement side and we do not require any specifics (serial numbers, models, location) that could bring threat/harm to the organisation.

For each of the different types of cyber security services can you please provide me with:

1.       Who is the existing supplier for this contract?

2.       What does the organisation annually spend for each of the contracts?

3.       What is the description of the services provided for each contract?

4.       Primary Brand (ONLY APPLIES TO CONTRACT 1&2)

5.       What is the expiry date of each contract?

6.       What is the start date of each contract?

7.       What is the contract duration of contract?

8.       The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.

9.       Number of Licenses (ONLY APPLIES TO CONTRACT 3)

1    SQA believes that releasing this information would enable cyber criminals to identify and take advantage of any weaknesses within the security of the services delivered by these providers. This would put SQA’s information at risk, including financial and sensitive personal data. We therefore apply section 35(1)(a) to this part of your request. Section 35 is a qualified exemption so we have considered the public interest but we believe that on this occasion the risk to data outweighs the public interest in contract transparency.

2    1 - £50k        2 - £18k         3 - £227k all figures are per annum

3    SQA believes that releasing this information would enable cyber criminals to identify and take advantage of any weaknesses within the security of the services delivered by these providers. This would put SQA’s information at risk, including financial and sensitive personal data. We therefore apply section 35(1)(a) to this part of your request. Section 35 is a qualified exemption so we have considered the public interest but we believe that on this occasion the risk to data outweighs the public interest in contract transparency.

4    SQA believes that releasing this information would enable cyber criminals to identify and take advantage of any weaknesses within the security of the services delivered by these providers. This would put SQA’s information at risk, including financial and sensitive personal data. We therefore apply section 35(1)(a) to this part of your request. Section 35 is a qualified exemption so we have considered the public interest but we believe that on this occasion the risk to data outweighs the public interest in contract transparency.

5    1 - 31/10/24*         2 - 31/03/24                 3 – 01/05/25

6    1 - 01/10/20          2 - 01/04/23                3 – 30/04/25

7    1 - 3 years             2 - Renewed annually 3 – 2 years with the option to extend annually

8    Details of how to contact the Procurement team are published on our website here.  The phone number is 0345 213 6720 and the email address is procurement@sqa.org.uk

9    Approx 1500 licences

* Currently being renewed.