This is to certify that the

Information Security Management SystemOf

Audit ScotlandAt

4th Floor, South Suite, The Athenaeum Building, 8 Nelson Mandela Place, Glasgow, G2 1BT102 West Port, Edinburgh, Scotland, EH3 9DN

Has been assessed by Certification Europe (UK) Ltd and deemed to comply with the requirements of

ISO 27001:2013This certificate is valid for the activities specified below:

The Information Security Management System (ISMS) covering the delivery and support of Audit Scotland

services including all organisational and client information, data, people, premises, technology, supplychain elements and outsourced data centres managed and delivered from the following locations: 102 West

Port, Edinburgh and 8 Nelson Mandela Place, Glasgow.

Certification to the standard is made under the Statement of Applicability (version 2.5) and Certification Europe has adjudged thatthe exclusions under this Statement do not compromise the integrity of the ISMS.

Certification of Registration remains the property of Certification Europe (UK) Ltd.The validity of this Certificate is maintained on the condition that the Management System is assessed through an

on-going surveillance programme and continues to adequately meet the requirements of the standard.To verify this certificate validity please contact us at info@certificationeurope.co.uk

Date of Initial Certification: 14th September 2016 This Certificate is valid until: 13th September 2022

Chief Executive: Michael Brophy

Chairman: Padraic A. White

Signature:

Signature:

Client Registration No.: 2019/2895Certificate Reference No.: A/1

Date of certificate issue: 19th

November 2019

Certification Europe (UK) Ltd Boundary House, Cricket Field Road, Uxbridge UB8 1QG, United Kingdom