The transition to the new G-Cloud Security Approach, which asks for self-assertion, and the Digital Marketplace will be soon coming into effect. This means that suppliers on G-Cloud will no longer need to get Pan Government Accreditation (PGA).
G-Cloud will stop accepting submissions for PGA from 30th of July 2014. If you want your service to achieve Pan Government Accreditation, please submit your application with this template before this date.
Guidance for the new approach will be out for comment in the next few weeks.
Accreditation submissions for cloud services connected to the Public Services Network (PSN), will continue to require PGA. These will need to be submitted to the PSNA.
5 comments
Comment by Matt Eddolls posted on
Please could you confirm when the guidance for the new approach will be made available? We are keen to progress accreditation asap.
Comment by Raphaelle Heaf posted on
We are hoping to have this published for comment in the next few weeks.
Comment by Ronald posted on
Will the accreditation process change in any way after the new Cloud Principles go live?
My understanding is that the current accreditation process is based on the IS 1 document, which requires an RMADS. However, the new Cloud Principles do not require a RMADS.
Comment by Raphaelle Heaf posted on
There is more information on the changes here https://digitalmarketplace.blog.gov.uk/2014/03/06/security-accreditation-whats-changing/
We will publish an updated draft guidance shortly.
Comment by Ronald posted on
Thanks for the pointer. I understand that current G-Cloud IL2/IL3 non-PSN PGAs can serve OFFICIAL.
1. Will previously PGA'ed G-Cloud services still have "accreditation" into G-Cloud 6 and beyond? Or will future G-Clouds only use the Cloud Principles, i.e. the existing service's PGA won't mean anything anymore?
2. It was previously mentioned that there will still be an "accreditation" process done by a buyer if necessary, just not by the PGA. Will there be a new document like IS 1, that is based on the Cloud Principles, that will be used by the buyers to accredit a G-Cloud system? Or is that "accreditation" based on the department's own judgement?
Thanks!