Policy paper

Security policy framework: protecting government assets

The standards, best practice guidelines and approaches that are required to protect UK government assets.



The security policy framework describes the standards, best-practice guidelines and approaches that are required to protect UK government assets (people, information and infrastructure). 

It focuses on the outcomes that are required to achieve a proportionate and risk-managed approach to security that enables government business to function effectively, safely and securely.

Published 1 April 2013
Last updated 8 February 2022 + show all updates
  1. National Security Vetting levels updated to include Accreditation Check (AC).

  2. 'HMG Security Policy Framework' document and HTML updated with new GDPR legislation

  3. Contractual process document updated.

  4. Added 'Contractual process - forms' document.

  5. Added HTML version of the Security Policy Framework.

  6. Updated (April 2014) Security Policy Framework published; 'Understanding the Security Policy Framework' removed as it related to the old version of the Framework.

  7. The following documents have been updated with the latest (April 2014) versions: HMG Baseline Personnel Security Standard (previous update: Oct 2013) HMG Security Policy Framework (previous update: Oct 2013) Contractual process (previous update: April 2013) Industrial security: departmental responsibilities (previous update: April 2013) Security requirements for list x contractors (previous update: April 2013)

  8. Updated HMG Security Policy Framework and associated documents with October versions

  9. Added 'Supplier Assurance Framework' - a good practice guide for departments.

  10. First published.