New Government Security Classifications

Apr 04, 2014

The UK government has replaced its 7-tiered security classification system in favour of a simpler, 3-tiered group.

“Official,” “secret,” and “top secret” in increasing levels of importance will replace the old “Business Impact Levels” that went from BIL0 to BIL6.

The Cabinet Office has explained that the Official category applies to most public sector data and covers routine business operations and services.

It says that this information could have “damaging consequences” if lost, stolen or published, but it does not constitute a heightened threat.

The National Technical Authority for Information Assurance, or CESG, has said that Secret level information should be viewed as just below Top Secret, rather than just above Official.

Secret applies to information that is “very sensitive” and requires protective measures to defend against attacks as if compromised, military capabilities, international relations or the investigation of serious organised crime could be compromised.

In turn, Top Secret data is applicable to the government’s most sensitive information and warrants the highest level of protection from the most serious of threats.

If this Top Secret information were to fall into the wrong hands, it could result in widespread loss of life or compromise the security and/or economy of the country or friendly nations.

Changes Applicable Across Wider Public Sector

“All information” that the government collects will be covered by the new classification policy and Whitehall hopes the changes will improve productivity, security and working practices.

CESG has noted that the Official level essentially amalgamates the old impact levels up until BIL3 into one category that can be described as “good business practice.”

The plan was first documented in the June 2012 Civil Service Reform Plan.




Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now




Sign up to receive latest news