Government Security Classifications Policy
On the 2nd of April 2014 the Government Security Classifications Policy, was implemented by the Cabinet Office. This replaced the old Government Protective Marking Scheme (GPMS) and is applied to ensure that information is appropriately “labelled” as to the level of its sensitivity.
This system is organised by the Cabinet Office and was implemented throughout central and local government in addition to other organisations such as those providing electricity generation, oil and gas production, agriculture, health and security services. The Government Security Classifications Policy is also used by private sector bodies who provide services to the public sector.
In May 2018 this policy was updated to reflect changes incorporating Data Protection legislation.
Policy
The Policy describes how the Government classifies information assets to ensure they are appropriately protected, as well as meeting the requirements of relevant legislation, international agreements and obligations. It applies to all information that the government collects, stores, processes or shares to deliver services and conduct business, including information received from or exchanged with external partners.
Security classifications indicate the sensitivity of information in terms of the likely impact resulting from compromise, loss or misuse, and the need to protect against applicable threats.
The new classification system has 3 levels as follows:
Top Secret
Information marked as Top secret is information that if released is liable to cause considerable loss of life, international diplomatic incidents, or severely impact ongoing intelligence operations. Disclosure of such information is assumed to be above the threshold for Official Secrets Act prosecution.
Secret
This marking is used for information which needs protection against serious threats, and which could cause serious harm if comprised – such as threats to life, compromising major crime investigations, or harming international relations.
Official
All routine public sector business, operations and services is treated as OFFICIAL. Many departments and agencies operate exclusively at this level. As of April 2014 the OFFICIAL classification replaces the Confidential, Restricted and Protect categories of the former Government Protective Marking Scheme.
The classification system operates within the framework of domestic law, the Official Secrets Act 1989, Data Protection Act 1998, Freedom of Information Act 2000, and the Public Records Act 1967.
If you, or the organisation for which you work, is a service provider working with the public sector, it would be advisable to familiarise yourself with the new policy and wherever possible ensure shared documentation is aligned with and reflects the changes described. More information can be found at https://www.gov.uk/government/publications/government-security-classifications