13 Jun 2012

UK Government to Ease Security Accreditation for Public Sector Suppliers

The UK Government plans to cut the number of internal security classifications to three from six to make the accreditation for public sector suppliers easier, according to government Chief Information Officer Andy Nelson, who spoke of the project at a Cloud Computing event in London.

“The government has a complex security marking scheme, there are six levels,” Mr. Nelson said, as quoted by PC Advisor. “We are trying to simplify that to just three to see if we can get most of government in the lowest level for most of its business. If we can do that and then use commercial products and commercial accredited stamps like ISO 27001, we can definitely simplify things. We are trying to make the shift towards this but it's not an easy journey."

British suppliers are qualified through a standard Business Impact Level classification that indicates the security level of their services. IL0 is the lowest (protected), while IL6 is the highest security level (top secret).

The government released CloudStore in February, and hundreds of service suppliers registered and were catalogued online. UK authorities would like to accredit each service only once, helping other infrastructures to reuse the service without going through the accreditation process again. Government officials are also considering using commercial certifications in the process, such as ISO 27001.