The emperor may not be naked but he’s not wearing very much!
At the back end of 2012 the Government made it clear that they intend to move to a new information classification policy. Draft documents were produced that provide an overview of the new scheme and the intention was to publish and go live in Spring 2013.They want to change the old 6-level model of UNCLASSIFIED, PROTECT, RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET to just 3 levels.
In our blog ‘ What’s New for Cyber Security in 2013? ‘ we touched briefly on the subject of this new Government Protective Marking Scheme and pondered whether it was another case of the emperor making a poor choice of attire!
Well, the initial rush to put the scheme into operational use has now been delayed until April 2014 so it does look as though the tailor’s stitching was lacking at the very least.
The new Government Classification Scheme is causing a stir
The Government Classification Scheme (or GCS as it is now known) has certainly caused a stir. At a recent Intellect workshop industry leaders were asked three key questions:
- How can industry best capitalise on the opportunities presented through the new policy?
- Articulate the main risk of implementation by industry – how might these be mitigated?
- What additional information do industry partners required (from Cabinet Office, Government Procurement Service, or their contracting authority)?
Responses varied but the underlying theme was that there is insufficient information coming from Cabinet Office about how it the scheme would work in practice and where the real cost savings would be. There was a general concern that without clear direction, the perceived benefits of change would be lost and government departments would resort to type. Cabinet Office stated that training material would soon be available and delivered to Departmental Security Officers for internal circulation. Industry could expect to get copies via their associated departments.
On the technical security front, there was also concern that the requirement for security controls would again be overly complex and costly. Cabinet Officer agreed that the initial drafts from CESG, expected in the next 4-6 weeks, would be discussed at another Intellect held workshop so that Industry views can be collected.
The PSNGB Security Committee has gathered some comments/feedback/questions regarding the new scheme. It covers topics such as how Shared Services may be affected, how accreditation will continue to be maintained and what ‘good practice’ may mean for different industries. It is worth a read if you are working towards PSN accreditation. http://psngb.org/2013/02/gpms-review-work-in-progress/
Keep up to date with developments
We’ll keep you up to date with all developments on this. Watch this blog and the Ascentor monthly newsletter for further information on the GCS as and when it comes in.
Article by Paddy Keating ,Director/Government Service Manager at Ascentor.
Other articles you might like:
- What’s new in Cyber Security for 2013?
- Learn from the Experts – Tips from the 2013 Information Assurance Practitioner’s Event