Welcome back after the New Year!
Since the launch of G-Cloud in February 2011, accreditation has been an integral part of delivering cloud services securely to Government and the wider public sector. During that time we have reviewed the accreditation process once already. We initially took all of the services registered onto a G-Cloud framework and sorted them into tranches for accreditation. In August 2012 we adjusted our approach for accreditation prioritisation in order to give more suppliers the chance to start the process.
We have had some great successes as the first few services have achieved pan-government accreditation. As more services achieve accreditation status, we need to support competition in the marketplace. We must also ensure that our accreditation processes fit with new Government Security Classification. In addition some new guidance for Cloud service security principles was recently published as a public beta. Have a read and give us your feedback. Together with CESG, we are looking at how the accreditation process can be made simpler, clearer and faster.
11 comments
Comment by Kahootz (@Kahootz) posted on
We welcome any move to simplify the security accreditation process for both vendors and buyers. The challenge will be the transition in thinking required as IL services are replaced with a new matrix of security controls that have to be assessed by potential end-users of commodity cloud services.
Comment by A New Year’s resolution, time to look at accreditation – G-Cloud | Public Sector Blogs posted on
[…] Original source – G-Cloud […]
Comment by H. Jass posted on
"simpler, clearer and faster", shame there is nothing there about safer or less risky but then Cabinet Office can be fairly free with other peoples liabilities. Should we be surprised this favors suppliers and not consumers?
Comment by Tony Singleton posted on
Rest assured that security and the safety of people’s data will never be compromised.
Comment by Andy Powell posted on
Hi Tony,
this post links to the accreditation status page at http://gcloud.civilservice.gov.uk/customer-zone/accreditation-status/. Unfortunately, as noted in comments on that page, it was last updated in July last year and is now out of date. Our IL2-accredited Cloud Compute service is not listed but should be and I assume that the situation is the same for other suppliers.
Given that we know that accreditation (or lack of it) is a significant factor in purchasing decisions (as per your own guidance) I suggest that continuing to promote an out of date list of accredited services is unfair on those suppliers who are missing.
Please update quickly or remove this page and any links to it.
Thanks,
Andy
Eduserv
Comment by Raphaelle Heaf posted on
We have been working on updating this and will publish a new list shortly.
Comment by Andy Powell posted on
Thanks
Comment by M Porter posted on
We have a variety of clients who will be applying over the coming weeks, its good to see that you have been working on simplifying the process.
Comment by Andy Morley posted on
Our clients who have cloud based services have been listed, its been great for them and the simplified process allowed them to get listed as you can appreciate, many larger businesses don't always have the time for lengthier processes.
I also have to say the new look gov.uk site is very accessible and a credit to the dev team.
Comment by Paul posted on
Nonw the GCloud 6 is open, where do we go to start the accreditation process off if we are now longer using PGA for IL
Comment by Raphaelle Heaf posted on
This is now integrated as part of the information you submit to the Service Submission Portal when creating your service description.
There are more details about the new accreditation process in this blog post <a href="https://digitalmarketplace.blog.gov.uk/2014/11/04/the-g-cloud-6-security-questions/" rel="nofollow">https://digitalmarketplace.blog.gov.uk/2014/11/04/the-g-cloud-6-security-questions/</a>.