The Central Sponsor for Information Assurance Claims
Tested (CCT) Mark Scheme is a government quality mark initiative
for IT security products and services. It was officially launched
by the Cabinet Office minister Jim Murphy on 8 September
2005.
Its purpose is to provide accredited independent testing on the
functionality of off-the-shelf products and services. The scheme is
aimed at giving the wider public sector a basic level of assurance
for the information security products and services they use.
The implementation programme for transformational government is
underway, and this will mean many changes for customers and
suppliers. Shared services and convergence of public sector systems
will mean that it will be even more necessary for the public sector
to gain assurance about the IT products and services they
acquire.
Organisations such as the police and NHS deal with personal and
sensitive information day-in, day-out, and they need to know that
the information received has not been corrupted in any way by their
IT equipment.
More than 95% of government services are now e-enabled,
including paying taxes, applying for benefits and renewing driving
licences. With this increased consumer choice, there is a strong
requirement for good information assurance, to ensure that this
sensitive information is managed and protected appropriately.
The CCT Mark will provide a choice of assured products and
services to help facilitate a more secure and joined-up government,
as well as more secure transactions between government and
citizens.
In February 2006, the Cabinet Office and the Society for
Information Technology Management (Socitm) held a joint event to
promote information assurance and the CCT Mark to central
government and the wider public sector.
In his keynote speech, Murphy said, “Information assurance is a
core part of everyday business for the whole of the public sector.
They need practical tools to ensure that they have the right level
of security for handling sensitive information. The CCT Mark gives
organisations confidence that a product has been independently
tested and is fit for purpose.”
He said that the collaboration with Socitm would drive forward
the promotion of the CCT Mark to a large number of public sector
IT managers, and help them make informed choices in the IT
marketplace.
Socitm expressed its support for the scheme, and president
Angela Waite said, “We look forward to working together over the
coming year to raise awareness, educate and inform. The CCT Mark is
a good and positive step to achieving our goals.”
The feedback from the event was very encouraging, and many of
the governement departments that attended expressed their support
for the CCT Mark .
The NHS supports the CCT Mark, and it will bring key benefits to
some of its IT initiatives, including relevant aspects of the
national programme for IT, that will enable health professionals to
access, share and store patient information securely. The NHS is
also encouraging its suppliers to submit their products to gain the
CCT Mark, as part of an overall endorsement of the scheme.
The CCT Mark is being implemented initially as a pilot, with the
intention that it becomes a fully managed service in the future.
The scheme is now in the second stage of its pilot and is open to
all suppliers of information security products.
So far six products have received the CCT Mark, and there are
more in the pipeline, with suppliers engaging with the six
accredited test laboratories appointed by the scheme. A services
pilot for a limited number of suppliers is due to end in April,
when it is expected that the scheme will be opened to all suppliers
of information security services.
The CCT Mark is still in its infancy but there is very much a
growing awareness about it and the benefits that it will bring.
www.cctmark.gov.uk
The Cabinet Office is exhibiting at stand 976 at Infosecurity
Europe. Steve Marsh will be giving a keynote speech, CSIA –
Sponsoring Information Assurance for the UK, at 10:30am on 29
April