How organisations can report and manage operational issues on PSN.
Escalate a PSN incident or problem, or help resolve one
Contact us to escalate an operational issue on PSN.
We can raise the issue directly with your service providers’ senior operations staff and get different providers to work together. The type of incident or problem helps us understand the urgency.
This is an office-hours service. Outside of office hours the service is best endeavours.
If we contact you to help resolve an incident or problem, we expect you to respond as you would for one of your own customers or users.
We can’t take ownership of incidents or problems reported to us because it’s the service providers who are responsible for them, and we don’t know the services as well as they do. However, we will raise our own PSN problem if there is a root cause that we can help with.
The PSN team needs your up-to-date operational contact details so everyone can respond to your issue quickly. If you didn’t provide these with your PSN compliance submission - or need to update them - complete the contacts details form.
We expect organisations to manage their own communications and updates, but we may also issue our own.
Our role is operational, not commercial. We will inform contractual and framework authorities where commercial engagement is required.
All PSN-connected organisations are expected to follow our service management good practice.
PSN incident and problem types
We classify the incidents reported to us so that we know how we should respond. The different classifcations are:
- system-wide incidents or problems impact PSN connectivity services, impairing several customers’ ability to perform critical government business
- major incidents or problems impair a customer’s ability to perform critical government business
- emergency security incidents are system-wide or major incidents where a security vulnerability is being exploited
- security incidents are any other incident where a security vulnerability is being or has been exploited
Problems raised by the PSN team
We will analyse all incidents and problems reported to us and raise our own separate PSN problem if the suspected root cause is:
- PSN design related
- PSN core service related
- PSN team issue
- compliance failure
- persistent supplier service issue
- persistent customer issue
We will not raise a separate PSN problem if the suspected root cause is:
- isolated supplier service issue
- isolated customer issue
- malicious activity Any reported problems caused by these can be managed without our involvement.
We will contact the organisations that can help in the resolution of a PSN problem and track any actions agreed.
If we contact you to help resolve a PSN problem, we expect you to respond as you would for one of your own customers or users.
We will issue our own communications and updates for the PSN problems that we are managing.
We will monitor the root causes of PSN problems to look for trends and improve PSN.
Report an emergency security incident
You should report emergency security incidents to GovCertUK, the government’s Computer Emergency Response Team (CERT). They assist public sector organisations in responding to computer security incidents and provide advice to reduce your threat exposure. When reporting an emergency security incident to GovCertUK, please also contact us. CERT UK will provide national cyber-security incident management.
Alert other GCN or IPED providers directly about an operational issue, or respond to an alert
Both the GCN and IPED require different service providers to work together operationally to deliver an integrated service. The providers of these services are dependent upon one another, and need to know quickly about one another’s operational issues.
If you are a GCN service provider, or if you are an IPED service provider, you need to tell the other GCN/ IPED service providers quickly about the following if they have a potential to impact the broader GCN or IPED service:
- overloaded or degraded performance
- scheduled and unscheduled changes
GCN service providers should alert one another by emailing the GCN group firstname.lastname@example.org. IPED service providers should alert one another by emailing the IPED group email@example.com. You can only email these groups if you are a member. Contact us to become a member.
If you email these groups, there is no need to report an incident or problem to the PSN team separately.
If you are a GCN or IPED service provider you should review the alerts received and assess whether the issue impacts the service being delivered to your customers. You should tell the group what you plan to do by emailing a response.
You should make your own decisions about how to respond to these alerts, but you need to inform your customers if there is any risk of degradation of service.
Alert the GCN providers about a significant step-change in capacity demand, or respond to an alert
If you are a GCN, DNSP or an IPED service provider you need to alert the GCN group by email firstname.lastname@example.org about any potential or confirmed step changes in demand for your service, to give GCN service providers as much notice as possible to respond to the new capacity demand.
You can only email the GCN group if you are a member. Contact us to become a member.
If you are a GCN service provider you should assess the capacity alerts received and adjust your own capacity if is appropriate to do so. You should make your own investment decisions and capacity plans, but you need to inform your customers if there is any risk of degradation of service.
Report an operational issue to the PSN team that might impact critical government business
Impacted customers should, in the first instance, feed back down their supply chain any concerns they have about operational issues such as maintenance or service changes causing disruption.
If you have tried your supply chain and you still have a concern, then you should escalate this to the PSN team.
PSN root cause types
A problem raised by the PSN team will have a root cause. We classify the root causes into the types listed below to clarify where the responsibility lies to address the cause.
PSN design related
A feature of the design of PSN is causing the problem. The PSN design includes all technical interoperability, security, governance, service management and commercial standards.
PSN core service related
A PSN core service is causing the problem. The problem might be how the service is specified or built, or that the service might be degraded, overloaded or have failed.
PSN team issue
The way the PSN team is working is causing the problem. The problem might be process failure, resourcing or training related.
A connection’s failure to meet PSN compliance conditions is causing the problem. The failure might be due to a connection failing to meet any of the technical interoperability, security, governance, service management or commercial standards.
Supplier service issue
The problem is being caused by a service failing, degrading or overloading, or not meeting the expectations of its customers.
The problem is being caused by a customer service organisation not meeting the expectations of its own users.
Nefarious cyber activity is causing the problem. Such activity includes information gathering, intrusion attempts, fraud, abusive content or malicious code.
Published: 7 January 2015
From: Cabinet Office