Skip to main content

Security update from G-Cloud

Posted by: , Posted on: - Categories: G-Cloud

The transition to the new G-Cloud Security Approach, which asks for self-assertion, and the Digital Marketplace will be soon coming into effect. This means that suppliers on G-Cloud will no longer need to get Pan Government Accreditation (PGA).

G-Cloud will stop accepting submissions for PGA from 30th of July 2014. If you want your service to achieve Pan Government Accreditation, please submit your application with this template before this date.

Guidance for the new approach will be out for comment in the next few weeks.

Accreditation submissions for cloud services connected to the Public Services Network (PSN), will continue to require PGA. These will need to be submitted to the PSNA.

Sharing and comments

Share this page


  1. Comment by Matt Eddolls posted on

    Please could you confirm when the guidance for the new approach will be made available? We are keen to progress accreditation asap.

    • Replies to Matt Eddolls>

      Comment by Raphaelle Heaf posted on

      We are hoping to have this published for comment in the next few weeks.

  2. Comment by Ronald posted on

    Will the accreditation process change in any way after the new Cloud Principles go live?

    My understanding is that the current accreditation process is based on the IS 1 document, which requires an RMADS. However, the new Cloud Principles do not require a RMADS.

    • Replies to Ronald>

      Comment by Raphaelle Heaf posted on

      There is more information on the changes here
      We will publish an updated draft guidance shortly.

      • Replies to Raphaelle Heaf>

        Comment by Ronald posted on

        Thanks for the pointer. I understand that current G-Cloud IL2/IL3 non-PSN PGAs can serve OFFICIAL.

        1. Will previously PGA'ed G-Cloud services still have "accreditation" into G-Cloud 6 and beyond? Or will future G-Clouds only use the Cloud Principles, i.e. the existing service's PGA won't mean anything anymore?

        2. It was previously mentioned that there will still be an "accreditation" process done by a buyer if necessary, just not by the PGA. Will there be a new document like IS 1, that is based on the Cloud Principles, that will be used by the buyers to accredit a G-Cloud system? Or is that "accreditation" based on the department's own judgement?