This update asks for supplier self-assertion and removes the need for providers using the framework to get Pan Government Accreditation (PGA).
This accreditation was intended to manage combined risks efficiently on behalf of all public sector organisations involved in a procurement effort.
G-Cloud PGA submissions will no longer be accepted from 30th July 2014, according to a recent GDS blog post and providers are advised to submit their applications before this date if they wish to hold the accreditation.
GDS adds that guidance relating to the new security approach will be available to comment on in the “next few weeks.”
Accreditation submissions for cloud services connected to the Public Service Network (PSN) will still require PGA and need to be submitted separately to the PSNA – the body responsible for governing certification related to the Network.
According to a separate GDS blog post, the G-Cloud security approach will now take into account the recent government security classification scheme changes.
Rather than security assurances falling under “Impact Levels,” information is now classified as “Official,” “Secret,” and “Top Secret,” in increasing levels of severity.
As with many updates to government processes, the aim of the new security approach is to make things clearer, simpler and faster.
GDS claims the new system will allow public sector buyers to assess and compare services based on their specific requirements.