Cloud Services & the Government Security Classifications Policy
The UK government has increasingly been encouraging the use of cloud services instead of traditional IT solutions as it seeks to create more cost-effective and agile platforms as part of the Government ICT Strategy. To support this strategy the government has implemented a number of policies and initiatives to make the adoption and use of cloud services easier.
However, it has been observed that some UK public sector organisations have previously misinterpreted CESG guidance around Impact Levels under the Government Protective Marking Scheme (GPMS) creating an unnecessary barrier to consume cloud services.
On 2 April 2014, the Government Security Classification Policy (GSCP) was introduced which will ultimately replace the previous GPMS after a period of parallel running. The GSCP replaces the previous six Impact Levels (ILs) with just three classifications; OFFICIAL, SECRET and TOP-SECRET.
As there is no mapping between the previous Impact Levels and the new categories, public sector organisations are encouraged to make their own decision as to whether suppliers are applying the necessary controls to ensure appropriate protection of their data and systems.
This white paper provides public sector organisations with advice and guidance to help them make appropriate use of cloud services without compromising the confidentiality, integrity or availability of the information which makes up their digital and shared services.
Simply submit your details below to download this essential paper, 'Cloud Services & the Government Security Classifications Policy':
Further Resources from UKCloud
FCO Crisis Hub: Protecting UK Citizen Data Sovereignty Should the Worst Occur
Latest Report - Modernising the Public Sector
Dstl Move from Paper to an Online Marketplace: Latest Case Study
Cloud: Unlocking Transformation Across the UK Public Sector
Surrey CC Deploy Cloud Emergency Management Platform