Guidance

Rule 2: Projects shall maximise their contribution towards the Single Information Environment (SIE)

Updated 16 October 2023

The rules are under review and subject to change.

1. Rule requirement

Desired Outcome

MOD shall progress towards developing a single Single Information Environment (SIE) which aims to deliver the right information, at the right time, to the right quality, seamlessly in the users’ hands, whatever the source. This is an underpinning enabler for digital transformation and information advantage.

Dependencies

As highlighted in the definitions in the rationale section; the Single Information Environment relies upon the data being provided as described in Rule 13.

Rationale

The SIE seeks to enable the delivery of JCN 2/18 which describes Information as a fully-fledged national lever of power, an enabler for understanding, decision making and a ‘weapon’ to be used to the advantage of defence. Currently, Defence systems and services are not interoperable and do not seamlessly exchange information, making the provision of right information at the right time and place to the user expensive and time consuming.

2. Who to contact

For all queries, email <ISSDes-APM@mod.gov.uk](ISSDes-APM@mod.gov.uk>

3. Rule requirement: detail

There are several gates to go through. The requirements for each element of the rule can be found below.

4. 2.1: Information is provided as a managed service

Initial gate

The project shall outline what information services will be offered as a service to other defence programmes Specific details of the mission threads and information products served should be provided. This should be linked to the Information Requirements capture in Rule 0

Main gate

The project shall confirm what information services will be offered as a service to other defence programmes? Specific details of the mission threads and information products served should be provided. This should be linked to the Information Requirements capture in Rule 0 and included the requirement to produce an information service management plan in the URD/SRD or contract.

PDR

• The project shall have produced a draft service management plan including:
• How to use or subscribe to the service
• Review of event management mechanisms, validity of thresholds
• Effectiveness of Instrumentation, categorisation, correlation, and response
• Reporting and Dashboard presentation
• Change Reports
• Service Levels

CDR

The project shall have produced a service management plan containing everything under PDR.

TRRA

The project shall make Testing and Evaluation reports for:

• How to use or subscribe to the service

• Review of event management mechanisms, validity of thresholds

• Effectiveness of Instrumentation, categorisation, correlation, and response

• Reporting and Dashboard presentation

• Change Reports

• Service Levels

AtO

Projects shall produce an Evaluation report including all of the information under TRRA.

5. 2.2: Information is accessible in a controlled manner

Initial gate

The Project shall outline the information access control mechanisms to ensure that all information generated is available for exploitation by other defence stakeholders whilst complying with the relevant regulations and constraints.

Relevant regulations include:

• The Official Secrets Act (1989)
• The Public Records Act
• The Data Protection Act (2018)
• The Freedom of Information Act (2000)

The project shall also ensure that it has outlined the intellectual property rights to information it will generate outlined as the initial information services in rule requirement 02.1 and also potential future information services exploiting other information generated.

This shall reference JSP 441 and JSP 440 and shall outline the procedural and technical access control mechanisms necessary to ensure controlled access.

Main gate

Battlespace projects shall confirm that any security labelling is in line with STANAG 4774 and STANAG 4778. Access control mechanisims should utilise MOD Federated IDAM solution rather than local mechanisms.

PDR

The Project shall produce a draft implementation plan for the information access control mechanisms to ensure that all information generated is available for exploitation by other defence stakeholders whilst complying with the relevant regulations and constraints.

Access control mechanisms should utilise MOD Federated IDAM solution rather than local mechanisms. Confirmation of MOD intellectual property ownership in line with DEFCON 703 or 705 for all operational information generated by the project, its labelling, structure and metadata generated by the project should be obtained. Any exceptions to this should be agreed. The project should also confirm how past information can be accessed this is specifically required for records and analysis of trends and events.

CDR

The Project shall produce an agreed implementation plan for the information access control mechanisms to ensure that all information generated is available for exploitation by other defence stakeholders whilst complying with the relevant regulations and constraints.

6. 2.3 Information is discoverable

The mechanism for publishing the Information service shall be outlined.

The preference is towards open Application Programming Interfaces (API) registered in the MOD corporate API portal or information products catalogue.

Alternatively, the service may be discovered within the local infrastructure via a federated API management portal. As a minimum a link should be published on the defence intranet, SharePoint or similar corporate tool outlining the information service.

Consideration should be made to provide automated access via publish/subscribe or request/response mechanisms rather than manual requests via email with attachments on demand. Legal and Security requirements may mean that certain services are only discoverable to certain entities (both machines and people) who have the requisite access permissions, the controls outlined in Rule Requirement 2.2 may provide mechanisms to assist with this aspect.

Main gate

Projects will need to supply the information above in greater detail.

PDR

The mechanism for publishing the Information service shall be agreed.

CDR

The mechanism for publishing the Information service shall be agreed and a announcement placed of a service coming soon.

TRRA

An announcement or entry for the availability of the Information service shall be published.

AtO

As above

7. Definitions

Information comes in many forms – it may for example be on paper, in portable electronic devices, in computer centres, or in our heads. It is useful to consider the terms Information, Data and Knowledge which are can be confused, but establishing a common language will assist in understanding this Rule (these definitions are open to debate and are not as clear as one might desire, however, they reflect the main traits associated with the terminology and also the fuzziness of this area):

Data is standardised information which has been recorded on events or objects using a pre-defined template or proforma. Data is often stored in a database. Data is often not immediately meaningful to humans.

Information generally applies to non-standardised artefacts which support or inform human decision-making. Reports, memoranda, sales brochures, sets of accounts for companies or budget holders, presentation slides can all be regarded as information or Information Products (rather than data).

Knowledge or expertise, is that which allows individual human beings or groups to react appropriately in various situations. The characteristics of the situation may be captured by data or information but the various rules, frameworks, sensibilities and so forth that humans or organisations bring to bear in reacting are the stuff of knowledge.