Question reference: S5W-35543
- Asked by: Mary Fee, MSP for West Scotland, Scottish Labour
- Date lodged: 25 February 2021
-
Current status: Answered by David Stewart MSP (on behalf of the Scottish Parliamentary Corporate B on 11 March 2021
Question
To ask the Scottish Parliamentary Corporate Body how it assesses the Parliament’s cyber security measures to ensure that they are reviewed and updated.
Answer
The SPCB
commissions an independent audit of the cyber security measures in place to
protect the Parliament's technology and information assets. The audit
measures our performance against the Cyber Essentials information assurance
scheme operated by the National Cyber Security Centre. Audits are undertaken
annually with the most recent resulting in retention of certification at Cyber
Essentials Plus level.
Achieving
certification provides the SPCB with a validation of the cyber security
procedures and processes we have in place to protect the Parliament from
cyber-attack, and aligns our efforts to the Scottish Governments Public Sector
Action plan on Cyber Resilience.