The GSCP is part of the Civil Service Reform Plan and was devised to reduce the complexity and costs of sharing and protecting data. The current Government Protective Marking System (GPMS) will be superseded by GSCP, with the six tiers of TOP SECRET, SECRET, CONFIDENTIAL, RESTRICTED, PROTECT and UNCLASSIFIED due to be replaced by TOP SECRET, SECRET and OFFICIAL. Government Departments and Agencies are obliged to apply the policy and ensure that consistent controls are implemented throughout their public sector delivery partners (i.e. NDPBs and Arms Length Bodies) and wider supply chain and users are personally accountable for safeguarding marked assets in line with the policy.
GSCP will streamline the classification process with up to eighty percent of data expected to be classified under the lowest OFFICIAL tier. There is also no requirement to mark routine OFFICIAL data. Legacy data can continue to stored and classified under the previous GPMS system unless it is amended or incorporated into another data set. HMG departments, agencies and their suppliers must therefore accommodate both the new and legacy marking systems and seek to develop any risk management processes that were reliant upon the classification system to assign risk.
“Data classification is just the tip of the iceberg; we must address the management processes that lurk beneath the waterline. HMG departments, agencies and suppliers will need to ensure data management is robust enough to accommodate both classification systems for some time to come and that means unpicking mistakes. Regrettably many have been ill advised in the past and have relied upon prescribed Impact Levels to determine information assessments. Consequently, what should have been a relatively simple transition to a new scheme can become a complete overhaul of the data management process,” cautions Louise T. Dunne, Managing Director, Auriga. “Recognising the need for guidance we have developed the GSCP Transition Service (http://www.aurigaconsulting.com/
Auriga is one of the first to market with a dedicated solution and has developed the GSCP Transition Service to assist Government Departments, Agencies and their suppliers as they seek to adjust to and implement the new classification system. The GSCP Transition Service is a risk management package that fulfils current and future requirements by using data life cycle management to manage data assets. Offered as a modular service, the GSCP Transition Service can be implemented end-to-end or used to augment existing data lifecycle processes and is delivered by a team of CLAS and CESG Certified Professional (CCP) consultants, Business Analysts and Technical Architects with risk management expertise and is available on the G-Cloud Cloudstore.
Auriga Consulting Ltd (Auriga) is an expert consultancy specialising in Data Management, Information Assurance, Corporate Governance, Business Process Modelling, Analysis, ICT and Security. We advocate data as the most valuable part of your business and combine superior security and assurance knowledge with a wealth of business management consultancy and efficiency skills. Using a unique set of methodologies we embed security by overlaying it onto business process and analysing data.
Auriga reported a turnover of more than £1million in its first full year of trading, cementing its reputation as one of the most dynamic and versatile solutions providers in the marketplace today. We have worked on some of the most demanding projects in the UK for customers from the public and private sectors, advising upon the architectures and business processes adopted for the G-Cloud project, NHS and social services databases, and leading the BSi’s largest audited UK organisation successfully through ISO 27001. To find out more, please go to www.aurigaconsulting.com or follow us on Twitter @AurigaConsult.