UK Government Security Classifications

How Janusnet can help you comply with the GSCP

In the UK, government departments and agencies must abide by the Security Policy Framework (SPF) issued by the Cabinet Office. Within the Framework, the Government Security Classifications Policy (GSCP) describes how HM Government classifies information assets to:

  • Protect government information
  • Support Public Sector business and the appropriate, secure distribution of information
  • Meet relevant legislation requirements and the obligations of international agreements

Security classification labels or markings identify the confidentiality requirements of the document or piece of information on which they appear. These labels also convey the sensitivity level of the asset to anyone who handles it.

Government security classifications

The GSCP is not a statutory system, but operates within the framework of domestic law. It's an administrative system for the secure, timely and efficient sharing of information.  It sets out four key principles:

  1. Protection. All information that HMG needs to collect, store, process, generates or share to deliver services and conduct business has intrinsic value and requires an appropriate degree of protection. 
  2. Whose responsible. Everyone who works with the government (including staff, contractors and services providers) has a duty of confidentiality and a responsiblity to safeguard any government information that they access, irrespective or whether it is marked or not.  They must be provided with appropriate training.
  3. Sensitive information access. Must only be granted on the basis of a genuine 'need to know' and an appropriate personnel security control.
  4. External assets received from, or exchanged with external partners must be protected in accordance with any relevant legislative or regulatory requirements including any international agreements.

The GSCP identifies three levels of classification. In ascending order of sensitivity, these classifications are:

    • OFFICIAL-SENSITIVE (an additional caveat for OFFICIAL data where it is particularly important to enforce need to know rules)

Email and document classification, using visible and embedded metadata markings, provides a straightforward solution for ensuring compliance with the Government Security Classifications(1) Policy. The Janusseal suite includes pre-configured settings that minimise deployment time and complexity.

Janusseal provides easy-to-deploy Government Security Classification solutions to comply with the marking requirements of the Security Policy Framework.

Reference: (1) Government Security Classifications Version 1.1 - May 2018