Misplaced Pages

Security vetting in the United Kingdom

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

In the United Kingdom, government policy requires that staff undergo security vetting in order to gain access to government information.

#383616

89-438: The government uses four levels of personnel security controls depending on the level of assurance required. Three of these levels are types of national security vetting clearance. Vetting is intended to assure government bodies that the individual has not been involved in espionage, terrorism, sabotage or actions intended to overthrow or undermine Parliamentary democracy by political, industrial or violent means. It also assures

178-465: A risk assessment , and should consider what the aggregated information is, who needs to access it, and how. OFFICIAL includes most public-sector data, including a wide range of information on day-to-day government business. It is not subject to any special risks. Personal data would usually be OFFICIAL. The data should be protected by controls based on commercial best practice instead of expensive, difficult specialist technology and bureaucracy. There

267-920: A "Collaborative Procurement Programme" in 2007, managing over £18 billion of expenditure falling within eight categories of goods and services frequently purchased across the public sector, namely energy, vehicle fleet, travel, office solutions, information and communications technology, professional services, food and construction. A further category, facilities management , was added at a later date. The National Audit Office (NAO) argues that collaborative procurement begins with standardising specifications , which allows public bodies to aggregate demand and compare unit costs . Lower prices should result either from economies of scale , or from using pricing information to challenge suppliers. Collaboration should result in fewer tendering exercises, leading to lower administrative costs, and allow public bodies to concentrate on more specialised purchases that are unique to them. In

356-641: A "commitment to promote small business procurement", in particular by aiming to award 25% of government contracts (by value) to small and medium sized enterprises . At the same time a policy presumption was made that individual ICT contracts and projects "should be less than £100m lifetime costs". The government promoted and welcomed reform during the period from 2010 onwards, especially the development and implementation of European Commission 's proposals to modernise procurement legislation published in 2011. A "strategic supplier summit" held in February 2011 promoted

445-454: A 2010 review of the use of framework agreements and other forms of collaboration, they noted that there was a "wide variation" among public bodies in the extent to which they were being used. The Public Contracts (Amendment) Regulations 2009 came into effect on 20 December 2009, implementing the EU's Remedies Directive published on 20 December 2007. These regulations introduced the possibility of

534-515: A 2012 Action Note that "it is not against EU procurement law to talk to potential suppliers before starting the formal procurement process", and confirming in 2016 that "pre-procurement engagement ... is now expressly permitted". Since 2011 the UK Government has operated a policy regarding the choice of procurement routes (for example, using the Open or Restricted procedures) and for recording

623-672: A central steering group charged with developing and sharing best practice, but the Public Accounts Committee recommended additional central controls, fearing that the controls then in place were not adequate "to prevent and deter inappropriate use". Of particular concern was the extensive use of cards by staff of the Ministry of Defence , who accounted for just under 75% of all card expenditure but where controls were felt to be weaker than those in place in other departments. The Committee also suggested that lodge cards offered

712-530: A change which was expected to be "particularly advantageous to SMEs in managing their cash flow ". This was a reversal of previous government contracting practice in model contract documents, where assignment of debts was allowed only with the prior consent of the relevant public body. Government suppliers who act as prime contractors for major contracts should also engage with SME's in their supply chains to ensure opportunities are available and fairly awarded. The government noted in 2013 that it did not yet have

801-649: A collaborative food group to review this area of procurement, leading to the launch of the Public Sector Food Procurement Initiative (PSFPI) in August 2003. The PSFPI set out to "encourage public bodies to procure food in a manner that considers the principles of sustainable development ". Its initial aims were to: A more extensive set of objectives was adopted in 2017 to reflect initial learning and revised government priorities. A Select Committee report published in 2021 noted that

890-459: A competitive dialogue request if further pre-market engagement would better support the process of defining the nature or function of the goods or services required. The 2014 Directive and 2015 Regulations introduced some minor variations to the wording on how a CD must be conducted, for example provision for tenders to be "optimised" after they had been submitted was changed so that they could be "fine-tuned", while restriction on changes being made to

979-670: A contract being declared "ineffective" if it has been awarded by a contracting authority "in serious breach of the procurement rules", along with civil financial penalties and contract shortening, two alternative remedies available to the courts. In August 2010, David Cameron , then recently elected as prime minister, invited businessman Sir Philip Green to carry out a review of UK government spending and procurement. Green's summary report, Efficiency Review by Sir Philip Green , published in October 2010, alleged significant failings in government procurement processes. The government published

SECTION 10

#1732771959384

1068-422: A contractor has failed to comply with such laws in its contract performance, confirming that a contract clause to this effect would be compliant with the requirement in law for "appropriate measures to ensure that in the performance of public contracts economic operators comply with applicable obligations in the fields of environmental, social and labour law" (Directive 2014/24/EU, Article 18(2). The OGC introduced

1157-423: A couple", "due to significant changes in financial circumstances" or "due to contact with law enforcement". DV clearance holders also have to report the arrival of new "co-residents" such as a lodger or flatmate. Holders of eSC, DV and eDV must annually complete a "Security Appraisal Form" (SAF) in conjunction with their line management, detailing any areas of concern or changes in circumstances that have occurred in

1246-524: A full understanding of the role played by SMEs in the supply chains for their purchasing, especially their contribution to supplying the Ministry of Defence and the Department for Work and Pensions . The UK public sector relies heavily on the use of framework agreements : the NAO found that 93% of the public bodies they surveyed had used a framework agreement during the financial year 2008–09. However, in

1335-505: A hierarchy of Police Personnel Vetting (PPV) and Non-Police Personnel Vetting (NPPV) levels. Within this there are several levels. For police officers and police staff, there is: For contractors and those with access to certain parts of police systems, there is "non-police personnel vetting": When an actual SC, eSC, or DV is required alongside Force Vetting, it is carried out by UKSV. Government Security Classifications Policy The Government Security Classifications Policy (GSCP)

1424-560: A key aspect of the economic, social and environmental well-being supported by public sector contracting. CCS operated a Mystery Shopper scheme from February 2011 to November 2018, whose remit was to provide a route for suppliers to raise concerns about public procurement practice in England, The service was rebranded as the "Public Procurement Review Service" in November 2018, responding to feedback from suppliers and public bodies that

1513-508: A lower-risk alternative to the standard card. Lodge cards can be used for purchasing travel but not for other use, and allow for one centrally-held card to be used in conjunction with a centralised booking system. Publication of a "procurement pipeline" provides notice of current and planned procurement activity to be undertaken by a purchasing organisation so that prospective suppliers can be made aware of business opportunities for which they may bid . The 2011 Autumn Statement incorporated

1602-505: A recommendation to central government departments and non-departmental public bodies in March 2010 suggesting inclusion within contracts of a clause under which the public body concerned could require the supplier to submit detailed management information . Government policy as announced in the March 2013 budget is to use the procurement process to promote tax compliance . Regulation 57 of

1691-585: A series of supply-side measures which the government was undertaking "to rebalance and strengthen the economy in the medium term", which included extension of the existing pipelines in the construction and ICT fields to cover the publication of plans setting out the procurement needs for other categories by April 2012, "to give suppliers the confidence to invest for the future and compete on a level playing field". Other more specialist procurement pipelines include: Northern Ireland's procurement pipeline arrangements are supported by an industry liaison group, chaired by

1780-437: A small number of government departments. STRAP is a code-word, combined with SECRET or TOP SECRET, to further restrict access to particularly sensitive material. Access is granted to certain holders of Enhanced SC (eSC) or (Enhanced) Developed Vetting (DV/eDV) clearance, allowing them to access SECRET/TOP SECRET STRAP code-word material: This is commonly referred to as holding "STRAP Clearance". Whilst comparatively little

1869-572: A small subset of information marked OFFICIAL that require special handling by staff. "Very sensitive information", which might (for example) seriously harm national defence or crime investigations. Data should only be marked as SECRET if the Senior Information Risk Owner (which is a board level position in an organisation) agrees that it is high-impact and that the data must be protected against very capable attackers. Although some specialist technology might be used to protect

SECTION 20

#1732771959384

1958-483: A survey stated that the 2006 directives had led to more efficient and effective procurement practice, but 54% felt that "the simplicity of the procurement process" had deteriorated. The 2006 directives had created greater legal uncertainty within the local government procurement community. Several responses highlighted the need for better guidance and support from the EU and from the Office of Government Commerce (OGC), which

2047-453: Is Developed Vetting and very occasionally Enhanced Security Check. It is possible to pass vetting with one department yet fail it with another as vetting is tailored to the role/department. Clearances can be transferred between departments. Holders of vetting clearance may face travel restrictions on private travel to high-risk countries. Vetting in the UK is currently undergoing change as part of

2136-497: Is a presumption in favour of contractual information being made publicly available (except in matters of commercial confidentiality such as pricing, intellectual property and business plans). The 2015 guidance made provision for a "safety valve" allowing suppliers to raise concerns if they felt that contractual information was being requested which did not add value, represented poor contract management practice or otherwise seemed unreasonable. The Scottish Government has also referred to

2225-647: Is a system for classifying sensitive government data in the United Kingdom . Historically, the Government Protective Marking Scheme was used by government bodies in the UK; it divides data into UNCLASSIFIED, PROTECT, RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET. This system was designed for paper-based records; it is not easily adapted to modern government work and is not widely understood. The GSCP uses three levels of classification: OFFICIAL, SECRET and TOP SECRET. This

2314-468: Is also required for individuals who: The process for DV clearance includes: A DV security clearance must be reviewed every seven years or at any time up to those points at the discretion of the vetting authority. Enhanced Developed Vetting requires additional in-depth interviews, beyond that of DV, including a full list of all foreign travel within the last 10 years. It is required for a limited number of highly sensitive roles and can only be requested by

2403-420: Is completely risk-free. People with routine access to TOP SECRET information should usually have DV clearance . TOP SECRET information is assumed to be exempt from FOIA disclosure. Disclosure of such information is assumed to be above the threshold for Official Secrets Act prosecution. Special handling instructions are additional markings which used in conjunction with a classification marking to indicate

2492-406: Is known of the requirements to obtain such a level of clearance, it is mentioned by UK government bodies on occasion in recruitment, policy and procurement documents. A clearance of any level can be granted with "caveats" which may restrict the holder from accessing certain types of material, for example relating to specific countries, regions or projects. Where there is an explicit requirement for

2581-449: Is no requirement to mark every document as "OFFICIAL" – it is understood that this is the default for government documents. Organisations may add "descriptors" to highlight particular types of official data, for instance commercially sensitive information about contracts, or diplomatic data which should not be seen by locally hired embassy staff. These descriptors do not automatically require special controls. "OFFICIAL" will usually include

2670-511: Is not necessary to protect this from an attacker who has the capabilities of a Foreign Intelligence Service or Serious and Organised Crime. Conversely some data with much lower consequences (for example ongoing Police investigations into a criminal group, or intelligence information relating to possible prosecutions) but where the business will not accept compromise from such an attacker could be classified as SECRET. Guidance issued in April 2014 at

2759-562: Is now about £40 billion a year and, in addition, purchasing authorities in the national health service internal market spend more than £20 billion. These policies have brought immense benefits to the country. Their full potential has still to be realised. The more procurement there is, the more important it becomes that Government Departments should make a first-class job of it. Peter Gershon , in his 1999 Review of Civil Procurement in Central Government , referred to and followed

Security vetting in the United Kingdom - Misplaced Pages Continue

2848-620: Is now arguably somewhat reduced as a published standard. Higher classifications still tend to require stricter personnel vetting . The Government Security Classifications Policy was completed and published in December 2012; additional guidance and supporting processes were developed over time. The policy came into effect on 2 April 2014. Government procurement procedures took account of the new policy from 21 October 2023 so that new security requirements could be taken into account in contracts let from that date. Government procurement in

2937-566: Is required for police officers and many associated staff. A Security Check (SC) is the most widely held level of security clearance. SC is required for posts involving regular and uncontrolled access to SECRET assets and/or occasional, supervised access to TOP SECRET assets, and for individuals who: The process for SC clearance includes: Checks may extend to third parties included on the security questionnaire. An SC security clearance must be formally reviewed after ten years (seven years for non-List X contractors) or at any time up to that point at

3026-402: Is responsible for protecting information they work with, regardless of whether it has a protective marking. Aggregation does not automatically trigger an increase in protective marking. For instance, a database with thousands of records which are individually OFFICIAL should not be relabeled as a SECRET database. Instead, information owners are expected to make decisions about controls based on

3115-675: Is simpler than the old model and there is no direct relationship between the old and new classifications. "Unclassified" is deliberately omitted from the new model. Government bodies are not expected to automatically remark existing data, so there may be cases where organisations working under the new system still handle some data marked according to the old system. Information Asset Owners continue to be responsible for information. The new policy does not specify particular IT security requirements – IT systems should be built and used in accordance with existing guidance from CESG . Everybody who works with government – including contractors and suppliers –

3204-481: Is subject to separate regulatory requirements, such as the Data Protection Act (personal data) or PCI DSS (card payments). OFFICIAL-SENSITIVE is an additional caveat for OFFICIAL data where it is particularly important to enforce need to know rules. OFFICIAL-SENSITIVE documents should be marked, but they are not necessarily tracked. It is not a classification. ‘Sensitive’ is a handling caveat for

3293-409: Is under review too and in most practical contexts have now fallen into disuse. It is therefore no longer strictly the case that the greater the consequences if the data confidentiality were to be compromised, the higher the classification, since data with a high impact (including material which could result in threat to life) may still be classified as OFFICIAL if the relevant business owner believes it

3382-663: Is usually carried out by United Kingdom Security Vetting (UKSV), a department within the Cabinet Office . UKSV was created in January 2017 by combining DBS National Security Vetting (DBS NSV) and FCDO Services National Security Vetting (FCDOS NSV). This change was an outcome of the Strategic Defence and Security Review 2015 . Security and intelligence agencies such as MI5 , MI6 and Government Communications Headquarters carry out their own vetting. The minimum

3471-565: The Government Procurement Card (GPC), was introduced in 1997 and can be used by central government departments, local government and other public bodies. Cards are issued by Barclays Bank , HSBC , Lloyds and National Westminster Bank . The House of Commons Committee of Public Accounts noted in a report issued in 2012 that at that time, all seventeen central government departments were operating their own procurement card programmes. The Cabinet Office has established

3560-479: The "basic features" of a tender was changed to a reference to its "essential features". Noting that the public sector spent over £2 billion per year on the purchase of food and catering services (England and Wales) and that more than 30,000 public sector organisations were involved in food procurement, including schools and social services providers, the OGC and the Department for Children, Schools and Families launched

3649-427: The "best example" of where different government departments had separate contracts in place with different suppliers, so that overall government scale could not be levered effectively. Green suggested that an "urgent review" could lead to savings of 30-40% in this category of expenditure. "Poor negotiation " was further identified as a cause of inflexibility in contracts. The coalition government of 2010 also made

Security vetting in the United Kingdom - Misplaced Pages Continue

3738-423: The "mystery shopper" title did not properly reflect the role of the service. The Public Contracts Regulations 2015 provide that public sector buyers must pay prime contractors within 30 days and must ensure that any subcontracts through the supply chain include a similar provision. In 2014–15 at least 33 NHS trusts paid fewer than half of their trade invoices on time, up from 23 in 2015–16 and 11 in 2014–15. Under

3827-426: The "new employing sponsor". Transfers can be the same level of clearance or a lower level clearance can be "extracted" from a higher level clearance (usually SC extracted from DV). No more than twelve months must have elapsed since the holder left the organisation for which the clearance was originally granted and no more than six months spent living overseas. New completed change of circumstances questionnaires, to bring

3916-492: The "particularly complex" threshold, where pre-market engagement with suppliers would be more appropriate. The government therefore adopted a presumption against competitive dialogue, implemented from May 2012 through a requirement that within central government, departments wishing to use this procedure required approval from their Accounting Officer, or a Commercial Director in cases where the authority has been delegated. Guidance states that Accounting Officers should not sign off

4005-463: The 2019-2020 coronavirus pandemic were published in March 2020 and remained in effect until 31 October 2020, allowing public bodies to make advance payments and retention payments for contracts which have been interrupted by the measures taken to reduce the spread of the coronavirus. Since 1 January 2021, the social value model in use among central government public bodies has included COVID-19 recovery, employment and social and community support as

4094-482: The BPSS check. A Counter Terrorist Check (CTC)/Level 1B is required for individuals who are employed in posts that: The process for CTC clearance includes: A CTC/Level 1B clearance must be formally reviewed after ten years (five years for non-List X Contractors). In the transport sector security vetting requirements, including for Counter Terrorist Check, is regulated by the Department of Transport . A CTC/Level 1B

4183-628: The Better Payment Practice Code, they should pay at least 95% of non-NHS invoices within 30 days. Within the context of local government , many local authorities have adopted the National Procurement Concordat for Small and Medium-Sized Enterprises to encourage SMEs to engage in procurement and supply for local public services. Examples include the City of Wakefield 's Concordat agreed in 2005, and

4272-609: The Cabinet Office is the minister with overall responsibility for procurement policy, which is delivered through the Crown Commercial Service , an executive agency sponsored by the Cabinet Office. The Crown Commercial Service (CCS) publishes Procurement Policy Notes from time to time, which advise procurement staff in the public sector of government policy developments and best practice in relation to procurement. Procurement Policy Notes on responding to

4361-682: The Concordat agreed by East Suffolk Council in 2019. The UK government requires all government departments and their related organisations to ensure that they meet the minimum mandatory Government Buying Standards (GBS) when buying goods and services. Organisations in the wider public sector are also encouraged to specify the minimum mandatory standards in their tenders. As of 2023 , many aspects of government policy pertaining to procurement have been brought together in The Sourcing Playbook . The competitive dialogue (CD) procedure

4450-475: The Department of Finance and Personnel's Central Procurement Directorate (CPD). Guidance issued in 2015 and 2016 confirmed that rules and good practice provisions intended to ensure that business opportunities were available for small and medium sized enterprises were not intended to offer small businesses any preferential treatment. In November 2016 an advisory panel of 24 entrepreneurs and business figures

4539-655: The Exchequer , published a Government procurement strategy White Paper in 1995 called Setting New Standards: A Strategy for Government Procurement (Cm 2840). In his statement to the House of Commons , Clarke observed that With the development of the Government's policies for private finance , market testing, contracting out and internal markets, Departments are doing more of their business than ever before through procurement as against in-house provision. The annual spend

SECTION 50

#1732771959384

4628-752: The Lord Young Rules when procuring clinical services and these rules do not apply in Wales (i.e. to wholly or mainly devolved functions). Before the United Kingdom joined the European Communities in 1973 there was no significant legislation governing public procurement. New legislation, the Procurement Act 2023 , received royal assent on 26 October 2023, with implementation planned for 24 February 2025. In 2021,

4717-575: The Public Contract Regulations provides for contracting authorities to exclude a supplier if they are aware that it is in breach of its obligations relating to the payment of taxes or social security contributions, and where the breach has been established by a judicial or administrative decision having final and binding effect. Suppliers bidding for contracts over £5,000,000 in expected value are required to self-certify their status regarding tax compliance. A revised policy statement

4806-530: The UK EYES ONLY national caveat are not sent overseas. As per the previous GPMS model, the choice of classification relates only to the data's confidentiality. Unlike the old model it replaces however, the GSCP does not consider the consequence of a compromise as the primary factor, but instead is based on the capability and motivation of potential threat actors (attackers) and the acceptability of that risk to

4895-446: The UK Government. This policy is intended to prevent public sector organisations, including local councils, from adopting their own boycotts, including boycotting Israeli suppliers in particular. Then- Labour Party leader Jeremy Corbyn criticsed the introduction of the policy as "an attack on local democracy". The government encourages departments to consult with potential suppliers before commencing formal procurement, noting in

4984-556: The UK as the originating country and that the British Government should be consulted before any possible disclosure. National caveats follow the security classification. Unless explicitly named, information bearing a national caveat is not sent to foreign governments, overseas contractors, international organisations or released to any foreign nationals. Example With the exception of British Embassies and Diplomatic Missions or Service units or establishments, assets bearing

5073-411: The UK prior to Brexit , and also contain rules known as the "Lord Young Rules" promoting access for small and medium enterprise (SMEs) to public sector contracts, based on Lord Young 's Review Growing Your Business , published in 2013. The Defence and Security Public Contracts Regulations 2011, also derived from EU law, apply to defence procurement. Health commissioners in England are exempt from

5162-720: The UKSV and departmental records up to date, may be required. The new sponsor reviews the details of the clearance and decides if it is acceptable for the specific new role. In addition to national security clearances, other types of roles and organisations stipulate a need for background checks, these are often required for vulnerable group access (including children), as operated by the Disclosure and Barring Service (DBS), replacing former Criminal Records Bureau (CRB) and Independent Safeguarding Authority (ISA) checks. The police service has its own system of vetting: Force Vetting with

5251-824: The United Kingdom At around £290 billion every year, public sector procurement accounts for around a third of all public expenditure in the UK. EU-based laws continue to apply to government procurement : procurement is governed by the Public Contracts Regulations 2015, Part 3 of the Small Business, Enterprise and Employment Act 2015 , and (in Scotland ) the Public Contracts (Scotland) Regulations of 2015 and 2016. These regulations implement EU law , which applied in

5340-496: The Vetting Transformation Programme. This will see a series of "Levels" introduced and the phasing out of the current nomenclature. These new levels will be broadly: Note: Baseline Personnel Security Standard (BPSS) is not considered a formal security clearance level but this, or an equivalent background check, is used to underpin all vetting. The target date for this transformation is 2025. Level 1B

5429-496: The White Paper's definition of procurement as inclusive of "conventionally funded projects" and also those supported by "more innovative types" of funding such as PFI. Gershon noted in his findings that previous governments had decentralised procurement and delegated expenditure decisions to Departments without creating a framework for controlling how they spent public funds. The Office of Government Commerce (OGC) set up

SECTION 60

#1732771959384

5518-443: The business. Where a capable and motivated attacker such as a Foreign Intelligence Service, or Serious and Organised Crime are considered to be in scope of the data to be classified, the business must implicitly accept this risk to classify the data as OFFICIAL. If they do not or cannot accept this risk they must at least initially consider the data to be SECRET, though it may be reduced to OFFICIAL or increased to TOP SECRET later when

5607-605: The consequences of a compromise are also considered. The implication of this approach and the binary nature of determining if a risk from capable and motivated attackers is acceptable or not, means that data cannot easily progress through the GSCP in a linear fashion as it did through GPMS. This is a complexity often lost on Information Asset Owners previously used to the strictly hierarchical tiered rising structure of GPMS (e.g. UNCLASSIFIED, PROTECT, RESTRICTED, CONFIDENTIAL, SECRET, TOP SECRET). By contrast GSCP data starts either with an OFFICIAL OR SECRET classification depending on

5696-806: The data, there is still strong emphasis on reuse of commercial security tools. SECRET is a big step up from OFFICIAL; government bodies are warned against being overcautious and applying much stricter rules when OFFICIAL would be sufficient. People with routine access to SECRET information should usually have SC clearance . SECRET data may often be exempt from FOIA disclosure. Data with exceptionally high impact levels; compromise would have very serious impacts – for instance, many deaths. This requires an extremely high level of protection, and controls are expected to be similar to those used on existing "Top Secret" data, including CESG-approved products. Very little risk can be tolerated in TOP SECRET, although no activity

5785-404: The department that the individual has not been a member of, or associated with, an organisation which has advocated such activities or has demonstrated a lack of reliability through dishonesty, lack of integrity or behaviour. Finally, the process assures the department that the individual will not be subject to pressure or improper influence through past behaviour or personal circumstances. Vetting

5874-579: The discretion of the vetting authority. This is similar to an SC but also includes a financial questionnaire and may include an interview with a vetting officer. It is a pre-requisite for the granting of access to STRAP codeword material at the SECRET level. DV is one of the most detailed and comprehensive form of security clearance in UK government. It is needed for posts that require individuals to have frequent and uncontrolled access to TOP SECRET assets, or require any access to TOP SECRET codeword material. It

5963-543: The government announced that it wanted to see small and medium-sized enterprises (SMEs) "compete more effectively for public sector contracts". A review of progress with this initiative published in 2013 found that "against a backdrop of falling procurement spend", there had been a slight increase in direct expenditure with SMEs between 2011/12 (£4.4bn) and 2012/13 (£4.5bn). The 2008 budget statement also announced that businesses supplying services to Government would be able to sell their public sector invoices to debt specialists,

6052-467: The government continued to expect that "food procurement should provide value for money while also ensuring 'high standards of production, animal welfare , traceability and sustainability to support our agricultural industry '. The government argues that Public procurement should never be used as a tool to boycott tenders from suppliers based in other countries, except where formal legal sanctions, embargoes and restrictions have been put in place by

6141-535: The government estimated the value of public sector expenditure on goods and services at around £290 billion per year, an increase of around £70 billion from a National Audit Office estimate for 2008–09. Both estimates suggest that one third of all public sector spending was devoted to the acquisition of goods and services. Central government expenditure on third party goods and services was estimated at £54 billion in 2009-10 and £45 billion in 2011–12. The UK Government's first major statement on procurement strategy

6230-563: The government's intention to introduce more openness in relation to "the contracts it signs, the goods and services it purchases and the way it purchases them". The Cabinet Office was responsible for leading on UK engagement with the EU. In research undertaken by the Local Government Association (LGA) in 2010 to inform the LGA's views on the proposed modernisation legislation, 36% of local government officers responding to

6319-644: The implementation of the GSCP and still available on Gov.UK sources suggested that UK Government information systems would continue to be accredited much as before, normally using CESG Information Assurance Standard 1 & 2 . This has however been progressively discarded through GDS and NCSC blog statements since May 2014 and the IS1 & 2 standard itself is no longer maintained or mandated. Accreditation has also been largely replaced by alternative models of assurance aligned to various commercial practices. The NAO report "Protecting Information across Government" (Sep 2016)

6408-735: The kinds of data that were previously UNCLASSIFIED, RESTRICTED, or CONFIDENTIAL; but this may vary. The threat model for OFFICIAL data is similar to typical large private-sector organisations; it anticipates that individual hackers, pressure groups, criminals, and investigative journalists might attempt to get information. The threat model does not guarantee protection against very persistent and skilled attacks, for instance by organised crime groups or by foreign governments; these are possible, but normal controls would make them more difficult, and much stronger controls would be disproportionate. People with routine access to OFFICIAL information should be subject to BPSS screening. OFFICIAL may include data which

6497-431: The light of the economic downturn of 2008 onwards, sometimes referred to as the " Great Recession ", the UK government adopted a series of ten "procurement for growth" principles, intended to ensure that UK government procurement would "take account of supply chain opportunities for UK companies in policy and delivery planning" and "analyse markets to assess where growth is achievable". In the March 2008 budget statement ,

6586-578: The nature of threat and its acceptability to the business, and thereafter moves up or down accordingly based on consequence of compromise. OFFICIAL data may therefore rise to TOP SECRET, but cannot be SECRET unless the risk previously accepted for a capable attacker is revised. SECRET data may be reduced to OFFICIAL where no serious consequences can be identified from a potential breach, or SECRET can also rise to TOP SECRET if serious consequences could arise. Impact levels also consider integrity and availability, but CESG's system of Business Impact Levels (BIL)

6675-411: The nature or source of its content, limit access to designated groups, and / or to signify the need for enhanced handling measures. In addition to a paragraph near the start of the document special handling instructions include Descriptors, Codewords, Prefixes and national caveats. A DESCRIPTOR is used with the security classification to identify certain categories of sensitive information and indicates

6764-556: The need for common sense precautions to limit access. The normal descriptors are 'COMMERCIAL’, 'LOCSEN’ and 'PERSONAL’. A Codeword is a single word expressed in CAPITAL letters that follows the security classification to providing security cover for a particular asset or event. They are usually only applied to SECRET and TOP SECRET assets. The UK prefix is added to the security classification of all assets sent to foreign governments or international organisations. This prefix designates

6853-408: The previous year which have yet to be notified to UKSV. Any issues that require immediate notification to UKSV during the year are either self-reported as a change in circumstances, or if caused by a security issues filed as an "Aftercare Incident Report". A request can be made to transfer national security clearances between organisations, providing they have not expired. Transfers are requested by

6942-451: The rationale supporting such choices. A "Procurement Route Decision Tree" was put in place to support this policy. The decision tree was updated on 30 July 2015 to accommodate the revision to procurement routes available under the Public Contracts Regulations 2015. Government departments use procurement cards to support prompt payment objectives; these can be used to pay for goods and services of any value. A dedicated form of payment card,

7031-452: The review identifying its main finding as "the Government is failing to leverage both its credit rating and its scale". Green argued that the report gave "a fair reflection" of government waste and inefficiency in practice, for which "very poor data and process" were seen as the main causes. Cameron welcomed the report, saying "I think it's a good report, it will save a lot of money and it's important we do it." Landline telephones offered

7120-655: The suppliers available to public sector purchasers via their commercial agreements were micro -, small and medium sized enterprises. UK procurement policy in line with its EU background allows for social and environmental considerations to be taken into account in procurement decision-making. Government guidance on this topic has noted that tenders which are "abnormally low" may hide practices of " social dumping " and must be rejected if it has been proved that low costs reflect non-compliance with environmental, social or labour laws. The government has also recommended that public bodies make provision in contracts for later termination if

7209-423: The verification of the following four elements: A reasonable account of any significant periods (a total of 6 months or more in the past 3 years) spent abroad. Prospective employees who have recently come to the UK or lived abroad may be asked to provide overseas police certificates of good conduct. BPSS Employers may initiate the following incremental national security vetting checks on recruits after performing

7298-463: The viewer of a document to be a UK Citizen, the individual must hold a clearance with no "caveats" and be deemed to meet "UK Eyes Only". Further restrictions can include "No Dual Nationals". A change of personal circumstances (CPC) questionnaire has to be submitted when a CTC, SC, eSC, DV, eDV, STRAP clearance holder is "marrying, remarrying, entering into a civil partnership, setting up a stable unmarried relationship which includes living with someone as

7387-403: Was formed to advise the government on purchasing goods and services from SMEs, and a campaign was launched to demonstrate that "government is open for business", with a target of increasing government spending with SMEs to 33% of all third-party public expenditure by 2020. As of May 2023 the advisory panel includes 20 business leaders. In 2024, Crown Commercial Services stated that 72% of

7476-694: Was introduced October 2022 and is currently the only "new" level operating. The Baseline Personnel Security Standard (BPSS) checks are normally performed when a person is recruited. All those with access to government assets are subject on recruitment to the requirements of the Baseline Personnel Security Standard. This includes all applicants for employment in the civil service and armed forces and applies to both permanent and temporary staff and private sector employees working on government contracts, with access to government assets. The Baseline Personnel Security Standard requires

7565-442: Was introduced into EU procurement law by the 2004 Directive "on the coordination of procedures for the award of public works contracts, public supply contracts and public service contracts" as a procedure available to Member States "in the case of particularly complex contracts". In 2011, Francis Maude , then Minister for the Cabinet Office , raised concerns that public procurers were using this procedure in cases which did not meet

7654-687: Was issued in February 2014 in order to clarify certain definitions. A case raised by Turning Point Ltd. against Norfolk County Council in 2012 confirmed that it is legitimate and fair to include a requirement in a tender barring caveats and qualified bids. A short form of terms and conditions for the acquisition of low value goods and services was published by the Cabinet Office in April 2014, allowing government departments to adopt consistent, appropriate and proportionate terms which did not over-burden suppliers. General transparency principles applicable to government procurement were published in March 2015, and updated in February 2017, stating that there

7743-633: Was published in 1984. In local government, a policy of compulsory competitive tendering (CCT) was first applied to construction, maintenance and highways work under Part III of the Local Government, Planning and Land Act 1980 . CCT was then extended to "blue-collar" services such as refuse collection by the Local Government Act 1988, sports and leisure management in 1989, and to "white-collar" services such as housing management in 1994/95. Kenneth Clarke , then Chancellor of

7832-436: Was somewhat critical of the move to this model and the adoption of GSCP overall Existing published guidance continues to suggest that storage media which hold UK government data should still be destroyed or purged according to HMG IA Policy No. 5 , however terminology in this guidance and other material has not been updated fully to reflect the changes from GPMS protective markings to GSCP classifications and as such its value

7921-528: Was then responsible for procurement policy. In February 2011 the UK Government stated its view that "the public procurement regime needs to be radically simplified to reduce red tape and improve value for money ". Part 3 of the Small Business, Enterprise and Employment Act 2015 allows the Minister for the Cabinet Office or relevant Secretary of State to impose further regulations on public bodies regarding how they undertake procurement. The Minister for

#383616