Category Archives: PSN and G-Cloud

Understanding the new, more simplified PSN compliance

public services network | AscentorThis post is an update on the recent changes to the compliance certificate process of the Government’s Public Services Network (PSN); with links to relevant articles we feel will further understanding. Continue reading “Understanding the new, more simplified PSN compliance” »

avatar

Paul Trethewey

Information Assurance Practitioner and Security Assurance Coordinator.

More Posts - Website

Share

What is ‘IL3’ and why are so many searching for it?

G-Cloud accredited Il3Each month, the term ‘IL3’ is one of the highest search queries that brings visitors to the Ascentor website – and it’s been this way for some time. In fact, a search for ‘IL3’ on Google lists Ascentor in the 1st, 2nd and 3rd rankings. However, with the recent demise of the IS1/2 standard, there was an expectation that the search term would no longer be relevant – but our visitor numbers disagree. So, what is ‘IL3’, why are people still searching for it and could there be more appropriate search options?

This article looks at the history of Impact Levels (ILs), examines how they were misused and suggests alternative search terms and phrases you may also find helpful. Continue reading “What is ‘IL3’ and why are so many searching for it?” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

G-Cloud 6: Accreditation is dead – long live Assertions!

Assertion: “a confident and forceful statement of fact or belief” OED

HM Government G-Cloud logoG-Cloud 6 has arrived – so what does it mean for you, and what do you need to know? On first inspection it looks like a lot of additional work – but it doesn’t have to be.

G-Cloud 6 Security Assertions

All suppliers wishing to include their cloud service offerings within the Governments Digital Marketplace as a G-Cloud 6 service are now mandated to complete a set of questions regarding security. The questions are based on CESG’s Cloud Security Principles and are aimed at getting consumers of services to assess whether supplier security assertions meet their own particular security needs. Continue reading “G-Cloud 6: Accreditation is dead – long live Assertions!” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

The New G-Cloud Security Approach – A change for the better?

What is changing? 

GCloud image

UPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news.

For G-Cloud services up to and including G-Cloud 5, the security approach has been for suppliers to gain accreditation through the CESG Pan Government Accreditation (PGA) service. It basically involved a PGA Accreditor independently reviewing assertions by suppliers and checking with third parties that these assertions were actually true. For G-Cloud 6 suppliers there will no longer be a role for PGA. Instead, suppliers will provide assertions regarding how they comply with CESG’s Cloud Security Principles. It will then be up to consumers of their services to determine whether these assertions provide a sufficient level of confidence for them to use the service. Continue reading “The New G-Cloud Security Approach – A change for the better?” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

G-Cloud and ISO27001 – All 27001 Certificates Are NOT The Same

iStock_000021358032XSmall

UPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news.

Contrary to a popular myth, 270001 certification does not automatically mean easy G-Cloud accreditation. All 27001 certificates are NOT the same. If you’re thinking of gaining ISO27001 to support your G-Cloud accreditation this article will help you get it right first time.

Busting the ISO27001 / G-Cloud myth

You may have a shiny new ISO27001 Certificate hanging on the wall and feel justifiably proud of your achievement. If you are on the G-Cloud Framework or are planning on joining, the next stage is to fill the space next to it with a nice G-Cloud Accreditation Certificate. That shouldn’t be too much problem should it, after all your ISO27001 Certificate says you are compliant with the standard and that’s all they’re after right?

Sorry, think again! Continue reading “G-Cloud and ISO27001 – All 27001 Certificates Are NOT The Same” »

avatar

Dave James

Information Risk Management expert and Managing Director of Ascentor

More Posts

Follow Me:
Twitter

Share

What’s New in Cyber Security for 2013

Combination Padlock2013 promises to be an interesting year in the cyber security world.

The same old attacks will continue to happen with monotonous frequency and organisations that don’t concentrate on even the basics will continue to fall victim. It is worth pointing out early that just getting the basics right will stop the majority of attacks and help you avoid large fines for non-compliance. If the only thing you do this year is tighten up on the basics, you’ve done well! (CESG’s advice is a good starting point – Ten Steps to Cyber Security.)

Outside of this, there are some BIG things happening this year, especially in the Government cyber arena. Here are our predictions.  Continue reading “What’s New in Cyber Security for 2013” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

G-Cloud Security: Useful Tips for IL3 Accreditation

GCloud imageUPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news.

If you are a supplier looking to get your product or service accredited for the Government’s G-Cloud service you’ll need to undergo a security accreditation process. As we set out in our previous blog post, G-Cloud services are divided into three tiers. Here are a few useful tips for those who require IL3 level of accreditation – requiring enhanced security to protect sensitive information – to ensure your product or service passes muster.  Continue reading “G-Cloud Security: Useful Tips for IL3 Accreditation” »

avatar

Peter Curran

Principal IA Consultant at Ascentor

More Posts

Follow Me:
Twitter

Share

G-Cloud Security: Useful Tips for IL1/2 Accreditation

GCloud imageUPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news.

If you are a supplier looking to get your product or service accredited for the Government’s G-Cloud service you’ll need to undergo a security accreditation process. As we set out in our previous blog post, G-Cloud services are divided into three tiers. Here are a few useful tips for those who require IL1/2 level of accreditation – the baseline security requirement – to ensure your product or service passes muster. Continue reading “G-Cloud Security: Useful Tips for IL1/2 Accreditation” »

avatar

Peter Curran

Principal IA Consultant at Ascentor

More Posts

Follow Me:
Twitter

Share

IL0, IL1/2, IL3? Busting the G-Cloud Accreditation Security Jargon

GCloud image

UPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news.

If you are a supplier looking to offer your services through the Government’s G-Cloud service you’ll need to get that service accredited, and security accreditation is a big part of this.

This can seem a complex process if you are new to this world. We know from helping other suppliers achieve G-Cloud accreditation that part of the confusion stems from the varying levels of security requirements. As with any Government accreditation scheme there’s a lot of jargon: IL0, IL1/2, IL3? What does this all mean and what level applies to you? Here is Ascentor’s simple guide.  Continue reading “IL0, IL1/2, IL3? Busting the G-Cloud Accreditation Security Jargon” »

avatar

Peter Curran

Principal IA Consultant at Ascentor

More Posts

Follow Me:
Twitter

Share

Five Steps to G-Cloud Accreditation

GCloud imageUPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news.

The Government’s G-Cloud service is open for business. To date over 1,700 information and communications services have been added to the Cloudstore catalogue. In practice, only a tiny fraction of these services have actually been approved for use by public sector organisations. The main barrier is security accreditation.

For suppliers who wish to offer their services through to G-Cloud there is a business imperative to become accredited. This will make your services more attractive to, and more likely to be selected by the public sector customer.

Here is a run down of the steps you’ll need to take so your service gets accredited. Continue reading “Five Steps to G-Cloud Accreditation” »

avatar

Peter Curran

Principal IA Consultant at Ascentor

More Posts

Follow Me:
Twitter

Share

Latest Insights

Recent Comments

    • Barry Harvey: It is perhaps surprising to hear that a generation we think of as being tech savvy is anything but....
    • David Conway: I can imagine that, even at this stage, many businesses will still be blissfully unaware of this...
    • Sonja Jefferson: Are you going to be offering that training for ‘normal, non-techie people that now have...
    • Dave James: @Colin Robbins: Yes, Its really illumintaing isnt’t it. Provides a bit of context to the recent...
    • Colin Robbins: Very interesting report. I find it staggering that 26% of companies had not briefed their boards on...
  •  
    Buy Cialis in UK