https://digitalmarketplace.blog.gov.uk/2014/07/21/security-update-from-g-cloud/

Security update from G-Cloud

The transition to the new G-Cloud Security Approach, which asks for self-assertion, and the Digital Marketplace will be soon coming into effect. This means that suppliers on G-Cloud will no longer need to get Pan Government Accreditation (PGA).

G-Cloud will stop accepting submissions for PGA from 30th of July 2014. If you want your service to achieve Pan Government Accreditation, please submit your application with this template before this date.

Guidance for the new approach will be out for comment in the next few weeks.

Accreditation submissions for cloud services connected to the Public Services Network (PSN), will continue to require PGA. These will need to be submitted to the PSNA.

5 comments

  1. Matt Eddolls

    Please could you confirm when the guidance for the new approach will be made available? We are keen to progress accreditation asap.

    Link to this comment Reply
    • Raphaelle Heaf

      We are hoping to have this published for comment in the next few weeks.

      Link to this comment Reply
  2. Ronald

    Will the accreditation process change in any way after the new Cloud Principles go live?

    My understanding is that the current accreditation process is based on the IS 1 document, which requires an RMADS. However, the new Cloud Principles do not require a RMADS.

    Link to this comment Reply
    • Raphaelle Heaf

      There is more information on the changes here https://digitalmarketplace.blog.gov.uk/2014/03/06/security-accreditation-whats-changing/
      We will publish an updated draft guidance shortly.

      Link to this comment Reply
      • Ronald

        Thanks for the pointer. I understand that current G-Cloud IL2/IL3 non-PSN PGAs can serve OFFICIAL.

        1. Will previously PGA'ed G-Cloud services still have "accreditation" into G-Cloud 6 and beyond? Or will future G-Clouds only use the Cloud Principles, i.e. the existing service's PGA won't mean anything anymore?

        2. It was previously mentioned that there will still be an "accreditation" process done by a buyer if necessary, just not by the PGA. Will there be a new document like IS 1, that is based on the Cloud Principles, that will be used by the buyers to accredit a G-Cloud system? Or is that "accreditation" based on the department's own judgement?

        Thanks!

        Link to this comment Reply

Leave a comment