The vast majority of UK government business is conducted at the OFFICIAL classification. This includes routine information supporting business operations and services, much of which would have damaging consequences if lost or stolen.
Security at OFFICIAL is achieved through following good commercial practices, using well configured commodity technologies and by people taking personal responsibility and using their judgement more actively.
Achieving Secure Technology
The Government Security Policy Framework describes government’s overall approach to protective security. Security is achieved through understanding your true security needs and matching these requirements to technology available. It should be focused on meeting outcomes that have been clearly defined, rather than applying prescriptive controls.
Whilst technology risks must always be effectively managed, there are opportunities for organisations to develop innovative solutions and use modern, commodity technologies and tools. Security must be considered when making decisions about technology, and it should be balanced against other needs of the service.
Risk management at OFFICIAL
The links below, and our wider portfolio of risk management products, provide guidance on developing an effective approach to the assessment and management of information risk within technology projects. We also highlight common characteristics that we have observed in technology projects where risk is managed well and enables effective decision making about security.