FOI Request - Security Testing Services

Request 101003907152

This request relates to the use of penetration testing and security testing services by your authority.
Information Requested:

For each of the last three completed financial years (or the closest available reporting period), please provide the following:
1. Total annual spend on penetration testing and/or security testing services
(including external penetration testing, infrastructure testing, application testing, and cloud security testing).
 

2. Number of engagements or testing exercises conducted per year
(for example: annual tests, quarterly tests, ad-hoc engagements).
 

3. Type of testing procured, where recorded (e.g. infrastructure, web application, internal, external, cloud).
 

4. Whether the services were:
a) Procured via a framework, or
b) Procured through direct award / individual contracts
 

Response 02-02-2026

1. Annual average spend is circa £15 – 20k

2. Not held. This information is not recorded, but testing exercises are carried out regularly, both on a periodic basis, but also on an ad-hoc basis when requirements dictate. Information that is not held falls under Section 17 of the Freedom of Information (Scotland) Act 2002 - Information not held.

3.  Not held. This information is not recorded but covers all of the areas specified above. Information that is not held falls under Section 17 of the Freedom of Information (Scotland) Act 2002 - Information not held.

4. Not recorded but covers all of the areas specified above.