‘Badge’ system intended to help government purchasers identify IL security accredited cloud suppliers
The G-Cloud programme has said that the first suppliers have been awarded Pan Government Accreditation (PGA) to provide services through the CloudStore.
It said that the scheme will show that cloud services have been assessed by information assurance body CESG and approved to operate to a required level.
“This means that we have checked the service and feel that it is safe enough to look after our information,” the G-Cloud team said on its website.
The accreditation scheme is intended to remove the current processes – and associated expenditure – which public bodies have to go through to check the standards of potential cloud computing suppliers.
New ‘badges’ on the CloudStore website will indicate when a service has been accredited. The intention is to make it easier for buyers to identify potential services.
A badge will be awarded after CESG has given the supplier a certificate to mark its accreditation, which includes details of the full business impact level profile, date of validity and information about the evidence used.
“We are looking at designing badges for other parts of the process, including some which may be used by suppliers on their documentation, websites, etc and will make these available as soon as they are ready,” said the G-Cloud team.
A section aimed at helping suppliers understand the accreditation process is available on the G-Cloud website. It says that security accreditation is required for all services which will hold information assessed at business impact level (IL) profiles 11x/22x, 33x and above.
It tells suppliers: “We aim to maximise the benefits of G-Cloud accreditation through the principle ‘do the information assurance once, do it well, and re-use’.”
The Cabinet Office said that nine services from SCC are the first services to achieve PGA for CloudStore.