IT systems activity within Scottish Public Pensions Agency: FOI release

FOI reference: FOI/18/02668
Date received: 6 November 2017
Date responded: 15 January 2018

Information requested

Your request:

IT systems activity within SPPA subsequent to the Brexit vote of 2016.

1. How many outside personnel (e.g. non-permanent employees such as contractors or freelancers) have been provided with access to internal department systems and applications?

2. When using internal IT department IT systems, are these outside personnel provided with the same safety and security training as permanent personnel?

3. (If possible) How many employees (either permanent or temporary) that have worked in a system administrator role have left the department?

4. (If possible) How many servers did the department have in operation on Friday 24th June 2016?

5. (If possible) How many servers did the department have in operation on Tuesday 3rd January 2017?

6. (If possible) How many servers did the department have in operation on Friday 23rd June 2017?

7. (If possible) How many servers does the department have in operation today Friday 3rd November?

8. (If possible) What policies do you have in place regarding the auditing and monitoring of privileged access to department systems?

Response

1. How many outside personnel (e.g. non-permanent employees such as contractors or freelancers) have been provided with access to internal department systems and applications?

30 personnel

Each application/server that is located at SPPA has a support and maintance contract which the system supplier provides. When access to a server is required the supplier must contact the SPPA with details of the work that is being carried out and a member of SPPA staff will provide access. Each supplier must have the appropriate security clearance prior to any access being enabled. This ensures that SPPA know who is accessing the application or server. Once the work is completed the access will be disabled.

2. When using internal IT department IT systems, are these outside personnel provided with the same safety and security training as permanent personnel?

All external staff have the same understanding of SG policies as permanent staff.

3. (If possible) How many employees (either permanent or temporary) that have worked in a system administrator role have left the department?

None internally.

4. (If possible) How many servers did the department have in operation on Friday 24th June 2016?

12 personnel

5. (If possible) How many servers did the department have in operation on Tuesday 3rd January 2017?

14 personnel

6. (If possible) How many servers did the department have in operation on Friday 23rd June 2017?

15 personnel

7. (If possible) How many servers does the department have in operation today Friday 3rd November?

15 personnel

8. (If possible) What policies do you have in place regarding the auditing and monitoring of privileged access to department systems?

All Servers are within the Scottish Government Domain and must comply in accordance with SG policies such as PSN. SPPA have an agreed IT Code of Conduct in place and regularly monitor all internal systems to ensure no unauthorised access.

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses