Skip to main content

New security update for G-Cloud looming

The Government Digital Service (GDS) has announced that a new G-Cloud Security Approach will be coming into effect shortly and apply to the Digital Marketplace as well.

This update asks for supplier self-assertion and removes the need for providers using the framework to get Pan Government Accreditation (PGA).

This accreditation was intended to manage combined risks efficiently on behalf of all public sector organisations involved in a procurement effort.

Read more: How the cloud supports green IT computing

G-Cloud PGA submissions will no longer be accepted from 30 July 2014, according to a recent GDS blog post and providers are advised to submit their applications before this date if they wish to hold the accreditation.

GDS adds that guidance relating to the new security approach will be available to comment on in the “next few weeks.”

Accreditation submissions for cloud services connected to the Public Service Network (PSN) will still require PGA and need to be submitted separately to the PSNA – the body responsible for governing certification related to the Network.

New scheme to match new classifications

According to a separate GDS blog post, the G-Cloud security approach will now take into account the recent government security classification scheme changes.

Rather than security assurances falling under “Impact Levels,” information is now classified as “Official,” “Secret,” and “Top Secret,” in increasing levels of severity.

As with many updates to government processes, the aim of the new security approach is to make things clearer, simpler and faster.

Read more: Ireland Seeking Its Own G-Cloud Framework

GDS claims the new system will allow public sector buyers to assess and compare services based on their specific requirements.