Never one to rest on our laurels when it comes to secure data transfer, we are currently undertaking the IL3 security accreditation for our ICT system.

This accreditation requires enhanced security to protect sensitive information and is a common requirement for central Government departments and some agencies.

Accreditation is based on HMG security standards, which in turn are based on ISO 27001, but with more stringent requirements.

Read more: What Are the UK Government’s Cloud Security Principles?

What is IL3 Accreditation?

IL3 accreditation is the most secure tier of G-Cloud data protection.

To understand why IL3 accreditation is important we have to first look at the new Government Security Classification launched in April 2014 to make security processes concerning information and assets more robust and effective.

The old Government Protective Marking System

The longstanding Government Protective Marking System underpinned security processes for protecting information and other assets for decades. It was deeply embedded in Government departmental processes and was the basis of securing information created or processed by the public sector.

But the old structure of six levels of protection – Not Protectively Marked, Protect, Restricted, Confidential, Secret and Top Secret – was not working. It was outdated, misunderstood, misused and not geared to modern ICT. And worse, it offered a false level of assurance.

The new Government Security Classification

The new simplified government security classification scheme uses just three levels:

1 OFFICIAL:

This category is for the majority of information created or processed by government and includes both routine business and some sensitive information, which could have damaging consequences if lost, stolen or published in the media, but are not subject to a heightened threat profile.

2 SECRET:

Very sensitive information that justifies heightened protective measures to defend against determined and highly capable threats.

office-583839_1280_1

For example, where compromise could seriously damage military capabilities, international relations or the investigation of serious organised crime.

3 TOP SECRET:
This category of information is the most sensitive requiring the highest levels of protection from the most serious threats.

For example, where compromise could cause widespread loss of life or else threaten the security or economic wellbeing of the country or friendly nations.

Having incorporated the typical threat profiles into more digestible levels of protection, the new classification is intended to liberate and modernise Government IT by simplifying the approach to secure data transfer and introducing greater commonality to support uptake of shared services.

The greater commercial good practice it encourages in the most used grade of sensitive information, OFFICIAL, should also help to uplift security standards overall and improve interoperability across the public sector and how it works with industry, SMEs and academia.

IL3 Accreditation

The IL3 accreditation shows you go over and beyond the adequate security standards to handle OFFICIAL information, which is the grade for 90% of governmental secure data transfer. This is why we are working towards our accreditation.

As an official supplier to the UK government G-Cloud framework, our specialist cloud services can be delivered across central government departments, executive agencies and non-departmental public bodies.

We are already ISO 27001 certified, which requires us to implement a number of important security practices for ISM processes, and the IL3 goes the extra mile to provide confidence in the security of our products.

Find out How Maytech Helps Government Suppliers

Take a look at our data transfer solutions for Government and public services – or speak to a member of our team about our PAN Government Accreditation for Official and Official Sensitive transfers connected over the internet, which recently replaced the IL3 Accreditation. Maytech became Pan Government Accredited for Offical “connected over the internet” in April 2015. This replaces the old IL3/IL2 accreditations.