The Cabinet Office maintains protective security policies for government.
This includes the security policy framework which provides central internal protective security policy and risk management for all government departments, associated bodies and partners handling government information. It is the source on which all localised security policies should be based.
The framework was made publicly available for the first time in December 2008; however, it has been necessary to restrict access to some technical and procedural material on security grounds. While security policies will differ according to the range of risks faced by each organisation, the framework sets out a range of mandatory security outcomes. The framework also provides technical information, advice and guidance to support implementation of the policy requirements.
The framework describes how government organisations and third parties handling government information and other assets will apply protective security. This will ensure that government can function effectively, efficiently and securely.