The new Government Security Classification Policy came into force in April 2014. It includes subtle changes that strengthen Public Services Network (PSN) as a platform for innovation and reform in public sector.
First, the six classifications for sharing information have been reduced to three to reduce complexity.
The classifications now comprise Official, Secret and Top Secret. There is also a subset of Official, called Official-Sensitive, for information that could have more damaging consequences if it were lost, stolen or published in the media.
Under the new classifications, most public sector information will be classed as Official – this is information derived from routine business operations and services. The government’s ICT Strategy anticipates that the PSN will be the primary network bearer for Official information.
This is because PSN is a trusted method for sharing Official information that has already been tested, reviewed and checked against compliance regimes. It demonstrates solid management processes and is being readily audited.
More on PSN
PSN-consuming organisations already comply with the PSN Information Assurance regulations. The PSN platform comes with agreed levels of service, integrity and a built-in level of security that’s appropriate for most government business. It is already the trusted platform for sharing information across the public sector.
Responsibility and safeness
The new rules also leave information originators (or owners) with the responsibility of classifying it. This means only they can change the classification, although others can challenge it.
For example, through the Freedom Of Information Act (FOIA), a member of the public may challenge an Official-Sensitive classification of a document that is, perhaps, in the public interest.
The PSN provides a secure transport mechanism, which reduces the risk of mistakenly under-classifying a document.
Perhaps more importantly, under the new rules, with responsibility falling to the individual, we need to focus more on safeness of information. Information owners will need to acknowledge they have information that needs to be managed; they will need to understand what they are managing and think about the safeness of information.
PSN provides a safe environment for innovation that reduces the cost and risk of experimentation
For example, a user needs to send information from A to B and might also need to share the information with others. The information owner needs to go to the proverbial door and know what’s behind it before sharing information.
They’ll need to ask themselves the question, is the information being sent going to be safe? How should I classify it? Again, PSN has a role to play by reducing risk and keeping Official information safe.
PSN provides a safe environment for innovation that reduces the cost and risk of experimentation. Eventually, for sharing Official information at least, PSN will become the ‘hygiene factor’; information owners will expect it to be the transportation method for information. They need it to be in place. After all, other industry sectors have trusted environments, why shouldn’t the public sector?
The new Government Security Classification Policy is a change welcomed by PSNGB. Combined with a new trusted network for the public sector, PSNGB will soon see how information owners can do things differently, how together we can reform the public sector for good.
This was first published in September 2014