IL0, IL1/2, IL3? Busting the G-Cloud Accreditation Security Jargon

GCloud image

UPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news .

If you are a supplier looking to offer your services through the Government’s G-Cloud service you’ll need to get that service accredited, and security accreditation is a big part of this.

This can seem a complex process if you are new to this world. We know from helping other suppliers achieve G-Cloud accreditation that part of the confusion stems from the varying levels of security requirements. As with any Government accreditation scheme there’s a lot of jargon: IL0, IL1/2, IL3? What does this all mean and what level applies to you? Here is Ascentor’s simple guide.

Ascentor’s quick guide to G-Cloud security requirements

G-Cloud services are divided into three tiers, which represent the security requirements of the customer’s information. Your accreditation requirements vary between these tiers:

  • IL0 — This represents the lowest level of security requirements: There is no requirement for security accreditation. Very few services will fall into this category.
  • IL1/2 — This represents the baseline level of security requirements and is probably relevant for 60%-70% of public sector customers. Accreditation is based on the use of ISO 27001 certification, i.e. good commercial practice.
  • IL3 — This requires enhanced security to protect sensitive information and is a common requirement for central Government departments and some agencies. Accreditation is based on HMG security standards – these are based on ISO 27001, but with more stringent requirements.

We hope these definitions help to make the G-Cloud security accreditation process a bit clearer. You’ll find some G-Cloud accreditation tips here: for IL1/2 .


Article by Peter Curran ,Principal IA Consultantat Ascentor.

Looking for support for your G-Cloud project? Find out how we can help.

Other articles you might like:

You may also be interested in:

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.

Cyber Essentials is changing - our overview

As the IASME Consortium takes over the management of the certification of Cyber Essentials (CE) Scheme, we look at what the changes will involve and why the scheme is still very much needed.