The Central Sponsor for Information Assurance Claims Tested (CCT) Mark Scheme is a government quality mark initiative for IT security products and services. It was officially launched by the Cabinet Office minister Jim Murphy on 8 September 2005.
Its purpose is to provide accredited independent testing on the functionality of off-the-shelf products and services. The scheme is aimed at giving the wider public sector a basic level of assurance for the information security products and services they use.
The implementation programme for transformational government is underway, and this will mean many changes for customers and suppliers. Shared services and convergence of public sector systems will mean that it will be even more necessary for the public sector to gain assurance about the IT products and services they acquire.
Organisations such as the police and NHS deal with personal and sensitive information day-in, day-out, and they need to know that the information received has not been corrupted in any way by their IT equipment.
More than 95% of government services are now e-enabled, including paying taxes, applying for benefits and renewing driving licences. With this increased consumer choice, there is a strong requirement for good information assurance, to ensure that this sensitive information is managed and protected appropriately.
The CCT Mark will provide a choice of assured products and services to help facilitate a more secure and joined-up government, as well as more secure transactions between government and citizens.
In February 2006, the Cabinet Office and the Society for Information Technology Management (Socitm) held a joint event to promote information assurance and the CCT Mark to central government and the wider public sector.
In his keynote speech, Murphy said, “Information assurance is a core part of everyday business for the whole of the public sector. They need practical tools to ensure that they have the right level of security for handling sensitive information. The CCT Mark gives organisations confidence that a product has been independently tested and is fit for purpose.”
He said that the collaboration with Socitm would drive forward the promotion of the CCT Mark to a large number of public sector IT managers, and help them make informed choices in the IT marketplace.
Socitm expressed its support for the scheme, and president Angela Waite said, “We look forward to working together over the coming year to raise awareness, educate and inform. The CCT Mark is a good and positive step to achieving our goals.”
The feedback from the event was very encouraging, and many of the governement departments that attended expressed their support for the CCT Mark .
The NHS supports the CCT Mark, and it will bring key benefits to some of its IT initiatives, including relevant aspects of the national programme for IT, that will enable health professionals to access, share and store patient information securely. The NHS is also encouraging its suppliers to submit their products to gain the CCT Mark, as part of an overall endorsement of the scheme.
The CCT Mark is being implemented initially as a pilot, with the intention that it becomes a fully managed service in the future. The scheme is now in the second stage of its pilot and is open to all suppliers of information security products.
So far six products have received the CCT Mark, and there are more in the pipeline, with suppliers engaging with the six accredited test laboratories appointed by the scheme. A services pilot for a limited number of suppliers is due to end in April, when it is expected that the scheme will be opened to all suppliers of information security services.
The CCT Mark is still in its infancy but there is very much a growing awareness about it and the benefits that it will bring.
The Cabinet Office is exhibiting at stand 976 at Infosecurity Europe. Steve Marsh will be giving a keynote speech, CSIA – Sponsoring Information Assurance for the UK, at 10:30am on 29 April