IL0, IL1/2, IL3? Busting the G-Cloud Accreditation Security Jargon

GCloud image

UPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news .

If you are a supplier looking to offer your services through the Government’s G-Cloud service you’ll need to get that service accredited, and security accreditation is a big part of this.

This can seem a complex process if you are new to this world. We know from helping other suppliers achieve G-Cloud accreditation that part of the confusion stems from the varying levels of security requirements. As with any Government accreditation scheme there’s a lot of jargon: IL0, IL1/2, IL3? What does this all mean and what level applies to you? Here is Ascentor’s simple guide.

Ascentor’s quick guide to G-Cloud security requirements

G-Cloud services are divided into three tiers, which represent the security requirements of the customer’s information. Your accreditation requirements vary between these tiers:

  • IL0 — This represents the lowest level of security requirements: There is no requirement for security accreditation. Very few services will fall into this category.
  • IL1/2 — This represents the baseline level of security requirements and is probably relevant for 60%-70% of public sector customers. Accreditation is based on the use of ISO 27001 certification, i.e. good commercial practice.
  • IL3 — This requires enhanced security to protect sensitive information and is a common requirement for central Government departments and some agencies. Accreditation is based on HMG security standards – these are based on ISO 27001, but with more stringent requirements.

We hope these definitions help to make the G-Cloud security accreditation process a bit clearer. You’ll find some G-Cloud accreditation tips here: for IL1/2 .


Article by Peter Curran ,Principal IA Consultantat Ascentor.

Looking for support for your G-Cloud project? Find out how we can help.

Other articles you might like:

Share this article:

3 thoughts on “IL0, IL1/2, IL3? Busting the G-Cloud Accreditation Security Jargon

  1. […] Uncategorized Home / Government Information Security, Information Security for Government Suppliers, PSN and G-Cloud / Five Steps to G-Cloud Accreditation « Four Stages to Protecting Your Online Identity ILO, IL1/2, IL3? Busting the G-Cloud Accreditation Security Jargon » […]

  2. […] G-Cloud service you’ll need to undergo a security accreditation process. As we set out in our previous blog post, G-Cloud services are divided into three tiers. Here are a few useful tips for those who require […]

  3. […] G-Cloud service you’ll need to undergo a security accreditation process. As we set out in our previous blog post, G-Cloud services are divided into three tiers. Here are a few useful tips for those who require […]

Comments are closed.