Securing Information
Strengthening Business

The Government Protective Marking Scheme – a Case of the Emperor’s New Clothes?

Confidential shred imageThe emperor may not be naked but he’s not wearing very much!

At the back end of 2012 the Government made it clear that they intend to move to a new information classification policy. Draft documents were produced that provide an overview of the new scheme and the intention was to publish and go live in Spring 2013.They want to change the old 6-level model of UNCLASSIFIED, PROTECT, RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET to just 3 levels.

In our blog ‘ What’s New for Cyber Security in 2013? ‘ we touched briefly on the subject of this new Government Protective Marking Scheme and pondered whether it was another case of the emperor making a poor choice of attire!

Well, the initial rush to put the scheme into operational use has now been delayed until April 2014 so it does look as though the tailor’s stitching was lacking at the very least.

The new Government Classification Scheme is causing a stir

The Government Classification Scheme (or GCS as it is now known) has certainly caused a stir. At a recent Intellect workshop industry leaders were asked three key questions:

  1. How can industry best capitalise on the opportunities presented through the new policy?
  2. Articulate the main risk of implementation by industry – how might these be mitigated?
  3. What additional information do industry partners required (from Cabinet Office, Government Procurement Service, or their contracting authority)?

Responses varied but the underlying theme was that there is insufficient information coming from Cabinet Office about how it the scheme would work in practice and where the real cost savings would be. There was a general concern that without clear direction, the perceived benefits of change would be lost and government departments would resort to type. Cabinet Office stated that training material would soon be available and delivered to Departmental Security Officers for internal circulation. Industry could expect to get copies via their associated departments.

On the technical security front, there was also concern that the requirement for security controls would again be overly complex and costly. Cabinet Officer agreed that the initial drafts from CESG, expected in the next 4-6 weeks, would be discussed at another Intellect held workshop so that Industry views can be collected.

PSN Concerned

The PSNGB Security Committee has gathered some comments/feedback/questions regarding the new scheme. It covers topics such as how Shared Services may be affected, how accreditation will continue to be maintained and what ‘good practice’ may mean for different industries. It is worth a read if you are working towards PSN accreditation.

Keep up to date with developments

We’ll keep you up to date with all developments on this. Watch this blog and the Ascentor monthly newsletter for further information on the GCS as and when it comes in.

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Less rules, more goals. How recent changes in regulatory approaches can enable innovation in information security

Regulated sectors such as the civil nuclear industry and financial institutions have seen a recent shift towards outcome-focused regulation which is

How to pass Cyber Essentials PLUS first time

As anyone who’s ever run a race will know, it’s all about the preparation. As the saying goes, ‘if you fail to plan – you plan to fail’. The

The NIS Directive explained – compliance and guidance

Originally published in May 2018 just before it entered UK law, this article covers the NIS Directive, also known as NIS (D). We look at what it is,