The CESG Listed Adviser Scheme was a programme run by CESG , to provide a pool of information assurance consultants to government departments and other public-sector bodies in the UK .
15-400: CLAS consultants advised on systems that handle protectively marked information , up to and including SECRET; for instance, they may have advised on GSI accreditation. CLAS consultants held a security clearance, at least SC . CLAS consultants developed risk assessments in line with IS1 , and risk management and accreditation document sets (RMADS) in line with IS2 . In 2011, entry to CLAS
30-476: A manner appropriate to its classification level and disposal must be in accordance with the SPF. The act of destruction or disposal is included in the accounting process. Protectively marked material may also be marked with a descriptor, or privacy marking, which identifies sensitivities around distribution and handling. Examples of descriptors include, but are not restricted to: Protectively marked material may bear
45-639: A nationality caveat , a descriptor defining to which nationality groups it may be released. By default, material in the UK is not caveated by nationality, the classification being sufficient protection. Examples of nationality caveats include, but are not limited to: Dissemination of already protectively marked material may be further limited only to those with a legitimate need to know using compartmentalisation by use of codewords. Examples of compartmented material would include information about nuclear warheads, fusion , and naval nuclear propulsion . In some cases,
60-456: A need to know principle is identified data may be marked as "OFFICIAL-SENSITIVE"; "OFFICIAL-SENSITIVE COMMERCIAL"; "OFFICIAL-SENSITIVE LOCSEN" or "OFFICIAL-SENSITIVE PERSONAL". All OFFICIAL-SENSITIVE data must be marked and contain handling instructions identifying why the data is deemed sensitive, how it must be held, processed and transferred. The older system used five levels of classification, supplemented with caveat keywords. The keyword
75-623: A public body in the UK must be presumed to be OFFICIAL unless it is otherwise marked. Like the GPMS, which it superseded, the GSCP classifications are applied only to the confidentiality of the data under classification. It is often incorrectly assumed that the OFFICIAL classification replaces the GPMS markings of PROTECT, RESTRICTED and CONFIDENTIAL, however this is not the case, since the criteria on which GPMS markings were applied bear no relationship to
90-688: The United Kingdom#Government Protective Marking Scheme Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure . The system is also used by private sector bodies that provide services to
105-580: The content of the MPS as appropriate to their operational needs. The Cabinet Office issued the Government Security Classifications Policy (GSCP) in 2013; it came into effect in 2014. It replaced the old Government Protective Marking Scheme (GPMS). Classifications must be capitalised and centrally noted at top and bottom of each document page, save at OFFICIAL where the document marking is optional. All material produced by
120-548: The criteria used for GSCP classifications. It is quite possible, and not uncommon, for data within an OFFICIAL classification to have serious impacts including serious injury in the event of unauthorised disclosure. This is one of the characteristics of the GSCP which differs significantly from the Protective Marking Scheme which it replaced. At the OFFICIAL classification there is a general presumption that data may be shared across Government, however where
135-452: The department that the individual has not been a member of, or associated with, any organisation which has advocated such activities or has demonstrated a lack of reliability through dishonesty, lack of integrity or behaviour. Finally, the process assures the department that the individual will not be subject to pressure or improper influence through past behaviour or personal circumstances. Protectively marked material must be accounted for in
150-512: The primary internal protective security policy and guidance on security and risk management for His Majesty's Government (HMG) Departments and associated bodies. It is the source on which all localised security policies are based. The classification system was formerly included in the Manual of Protective Security (MPS) which specified the impact of release and protection level required for each classification. Departments issued localised versions of
165-422: The procedures may still be of interest to historians. Access to protectively marked material is defined according to a vetting level which the individual has achieved. Vetting is intended to assure the department that the individual has not been involved in espionage, terrorism, sabotage or actions intended to overthrow or undermine Parliamentary democracy by political, industrial or violent means. It also assures
SECTION 10
#1732779624851180-456: The public sector. The current classification system, the Government Security Classifications Policy , replaced the old Government Protective Marking Scheme in 2014. Since classifications can last for 100 years many documents are still covered by the old scheme. Policy is set by the Cabinet Office . The Security Policy Framework (SPF) superseded the Manual of Protective Security and contains
195-467: The standard for IA professionals working in this sector and provides a rigorous and independent assessment of the competence of IA professionals. CCP status is an endorsement of IA expertise and confirms that information risk in support of your business is managed in a balanced and pragmatic way. Now that CLAS has closed, CCP is the only CESG-approved credential that applies to individual professionals rather than companies. Classified information in
210-462: Was closed while a replacement system was being designed. By 2013 'new' CLAS was implemented and open for membership. 'New' CLAS required that members were CESG Certified Professionals. CLAS was closed in January 2016. The CESG Certified Professional (CCP) scheme recognises the expertise of those working in the information assurance and cyber security arenas in both government and industry. It sets
225-424: Was placed in all capital letters in the centre of the top and bottom of each page of a classified document and described the foreseeable consequence of an unauthorised release of the data (a ‘breach of confidentiality’). In descending order of secrecy, these are: Documents classified under the Protective Marking Scheme still exist and need correct handling. After 100 years all the classifications will have run out but
#850149