Securing Information
Strengthening Business

IL0, IL1/2, IL3? Busting the G-Cloud Accreditation Security Jargon

GCloud image

UPDATE June 2015: Since the original publication of this article, the Government’s approach to G-Cloud security has significantly changed. Please refer to this article instead – it explains the new security assertions process introduced with G-Cloud 6. To keep in touch with future developments why not sign-up to receive our regular news .

If you are a supplier looking to offer your services through the Government’s G-Cloud service you’ll need to get that service accredited, and security accreditation is a big part of this.

This can seem a complex process if you are new to this world. We know from helping other suppliers achieve G-Cloud accreditation that part of the confusion stems from the varying levels of security requirements. As with any Government accreditation scheme there’s a lot of jargon: IL0, IL1/2, IL3? What does this all mean and what level applies to you? Here is Ascentor’s simple guide.

Ascentor’s quick guide to G-Cloud security requirements

G-Cloud services are divided into three tiers, which represent the security requirements of the customer’s information. Your accreditation requirements vary between these tiers:

  • IL0 — This represents the lowest level of security requirements: There is no requirement for security accreditation. Very few services will fall into this category.
  • IL1/2 — This represents the baseline level of security requirements and is probably relevant for 60%-70% of public sector customers. Accreditation is based on the use of ISO 27001 certification, i.e. good commercial practice.
  • IL3 — This requires enhanced security to protect sensitive information and is a common requirement for central Government departments and some agencies. Accreditation is based on HMG security standards – these are based on ISO 27001, but with more stringent requirements.

We hope these definitions help to make the G-Cloud security accreditation process a bit clearer. You’ll find some G-Cloud accreditation tips here: for IL1/2 .

Article by Peter Curran ,Principal IA Consultantat Ascentor.

Looking for support for your G-Cloud project? Find out how we can help.

Other articles you might like:

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

Less rules, more goals. How recent changes in regulatory approaches can enable innovation in information security

Regulated sectors such as the civil nuclear industry and financial institutions have seen a recent shift towards outcome-focused regulation which is

How to pass Cyber Essentials PLUS first time

As anyone who’s ever run a race will know, it’s all about the preparation. As the saying goes, ‘if you fail to plan – you plan to fail’. The