HMG Information Assurance
2008 saw an unprecedented change in the openness of the UK Government's approach to information security. Historically, everything was defined in The Manual of Protective Security (MoPS or MPS) which had a protective marking of RESTRICTED. This meant that the Cabinet Office were usually unwilling to provide it to the “wider public sector” and led to many situations where agencies were expected to comply with it’s demands but were unable to see what those demands were.
The Security Policy Framework (SPF) was published late in 2008 and replaces The Manual of Protective Security. The SPF is mandatory for all government Departments and Agencies. It also states that it “should also be extended, where necessary, to any organisations working on behalf of, or handling HMG assets, such as Non-Departmental Public Bodies (NDPBs), contractors, Emergency Services, devolved administrations, Local Authorities or any regular suppliers of goods and / or services.”
The SPF is composed of four tiers with tiers 1 to 3 being available publically from the Cabinet Office website. The three tiers are:-
Tier 1: The Overarching Security Policy Statement.
Tier 2: The Five Core Security Principles.
Tier 3: The Seven Security Policies.
The Seven Security Policies highlighted in Tier 3 are:-
- Governance, Risk Management and Compliance
- Protective Marking and Asset Control
- Personnel Security
- Information Security and Assurance
- Physical Security
- Counter-Terrorism
- Business Continuity
Tier 3 also outlines 70 Mandatory Requirements (MR) that all applicable organisations must adhere to.
Tier 4 still attracts a protective marking of UK RESTRICTED and is intended for people who are required to implement tiers 1 to 3. Interestingly, CESG will no longer see working in the wider public sector as a barrier to obtaining a copy of Tier 4.
- Support 0845 58 27999
- General 0845 58 27001
- Request a Call / Quote
