Cheltenham Borough Council receives Public Services Network Certificate of Compliance

The Gloucestershire Echo recently reported that Cheltenham Borough Council (CBC) had been put into a tight corner by the Cabinet Office with regard to its acceptance as a connecting party on the Government’s Public Services Network (PSN).

CBC is not alone and will indeed have Local Authorities across the country following in its footsteps trying to satisfy the new ‘Zero Tolerance’ scrutiny of the Cabinet Office.

The news report picked up on the statement by the CBC’s Director of Resources, that the Local Authority had been working with the Cabinet Office to address compliance issues such as the requirements for information risk management and the Baseline Personnel Security Standard (BPSS). Although the reporter painted this bleak picture, he was fully aware that the PSN Certificate of Compliance had been issued 24 hours prior to the article’s publication.

As a result of cautionary advice from the Cabinet Office the Council’s Chief Executive contacted Regency ITC to commission specialist support; the company reacted by providing a CLAS consultant within an hour of the invitation.

The consultant, with the full support of Local Authority’s senior officers, agreed an Information Assurance governance framework in the form of a Security Working Group (SWG) and commenced work on a suitable (and Cabinet Office-recognised) risk assessment and treatment approach. In order to maintain smooth progression, the consultant also helped with written and verbal communications with the Cabinet Office in order to agree a satisfactory information risk management strategy.

CBC has undergone a review of a number of its policies, made some adjustments to its IT infrastructure, and has programmed the meeting of the SWG into business-as-usual in order to progressively identify options to remediate, mitigate or appropriately own information risks. As a result of our consultant’s assistance, the CBC SWG members now feel more equipped to manage their PSN Compliance programme.

CBC wrote of our consultant: “When we were informed by the Cabinet Office that our credibility as an organisation had been called into question as a result of our lack of understanding of the information security requirements and the Zero Tolerance approach by the assessors underlying PSN accreditation I was in need of urgent assistance from someone with a high level of expertise in the information security field. Your support – given immediately upon receipt of my request – was thus timely but in the weeks since then has also proved highly professional leading us through the complexities of PSN security and business impact assessment. You have also enabled and assisted knowledge transfer so that my colleagues in internal audit and the governance and risk manager can now pick up the issues and deal with them for the future.”

Local Authorities aren’t directly mandated by the Government’s Security Policy Framework (SPF); however, they are tied to a large proportion of its conditions under the PSN Code of Connection (CoCo); failure to comply can lead to disconnection from the network. If you require specialist technical advice and support from a company that has consultants that understand the technical and practical issues facing Local Authorities and one that has delivered a successful PSN accreditation application during 2013 in the wake of the Cabinet Office’s ‘Zero Tolerance’ instruction, then contact Regency ITC on 01242 225699 or email us at clas@regencyitc.co.uk.