Security Information Repository plays a vital role in maintaining the security of an organisation by storing and managing important information in a secure and organised way. The boxes below have links that correspond to the relevant documents/websites.
This advice explains national security vetting and how the process works.
UKSV: Existing Clearance Holders including:
- Industry Personnel Security Assurance: Policy and Guidance – Policy and Guidance for MOD Industry partners to apply for Industry Personnel Security Assurance (IPSA).
- Contractual Process: Placing Contracts or Releasing Assets – Government organisations who are placing contracts or releasing assets must ensure that appropriate protective security controls are in place to protect assets.
- Facility Security Clearance (FSC) Policy and Guidance for UK Defence Contractors and MOD Contracting Authorities.
- Industrial Security: Departmental Responsibilities – Guidance for departments and agencies on protecting classified information when working with contractors.
- Government Supplier Assurance Framework – This framework helps the government to manage supplier risk.
This booklet describes the government’s personnel security and national security vetting policies and how the processes work including:
- Why and in what circumstances personnel security and national security vetting controls may be applied.
- The information you may be asked to provide about yourself, your partner, your family, and other third parties, and the checks that may be made against it
- Decision-making criteria and avenues of appeal.
A statement of HMG’s personnel security and vetting policy and a set of frequently asked questions and answers can be found at the back of this booklet.
The purpose of this government functional standard is to set expectations for the leadership and management of human resources across government, ensuring people are recruited, developed, and deployed to meet the government’s needs.
- Physical security
- Personnel security
- Cyber security
- Technical security
- Industry security
- Security risk management
- Information management
- Critical assets and resources
- Capability, capacity, and resources
- Security culture, education, and awareness
List of national security vetting clearance levels with guidance on who needs it and what checks are completed.
The HMG Baseline Personnel Security Standard (or ‘BPSS’) describes the pre-employment controls for all civil servants, members of the Armed Forces, temporary staff and government contractors generally. Its rigorous and consistent application also underpins national security vetting.
The personnel security controls described in this document must be applied to any individual who, in the course of their work, has access to government assets. Every effort must be made to complete the BPSS, but where it cannot be applied this must be risk-managed and the details recorded for audit purposes.
The Government Security Classifications Policy (GSCP) provides an administrative system for HM Government (HMG) and our partners to protect information assets appropriately against prevalent threats.
The administrative system uses three classification tiers (OFFICIAL, SECRET and TOP SECRET) that each provide a set of protective security controls and baseline behaviours, which are proportionate to the potential impact of a compromise, accidental loss or incorrect disclosure AND the level of interest expected from threat actors. The protective controls must be balanced with the need for utilising those assets to support the effective conduct of government business.
Any information that is created, processed or moved (sent and received) as a part of your work for HMG falls within the GSCP.
Government Security Classifications Policy ‘Quick Read’ – This Quick Read provides a short overview covering the baseline security behaviours for the three classification tiers (OFFICIAL, SECRET and TOP SECRET).
Guidance 1.1 – Working at OFFICIAL – Guidance for working at OFFICIAL.
Guidance 1.2 – Working at SECRET – Guidance for working at SECRET.
Guidance 1.3 – Working at TOP SECRET – Guidance for working at TOP SECRET.
Guidance 1.4 – Working Remotely at OFFICIAL and SECRET – An organisational policy must outline any approvals required for users to access or take classified assets to locations beyond their permanent office, their home address or their organisation’s principal sites.
Guidance 1.5 – Considerations for Security Advisors – This guidance document provides a set of considerations for Security and Senior Security Advisors in relation to the Government Security Classification Policy.
Guidance 1.6 – Contractors and Contracting Authorities – Contracting authorities and their contractors which handle, process, move and store HMG information (inclusive of material assets), need to be aware of the updates to the Government Security Classifications Policy (GSCP).
This risk assessment is crucial in helping security and human resources (HR) managers, and other people involved in strategic risk decisions, communicate to senior managers the risks to which the organisation is exposed. This guidance aims to help risk management practitioners to:
- Conduct personnel security risk assessments in a robust and transparent way.
- Prioritise the insider risks to an organisation.
- Evaluate existing countermeasures and identify appropriate countermeasures to mitigate those risks.
- Allocate security resources (be they personnel, physical or information) in a way which is cost-effective and proportionate to the risk posed.
This document establishes the protective security roles and responsibilities within departments and their organisations, to ensure a risked-based approach to security.
This is a new minimum set of cyber security standards that government expects departments to adhere to and exceed wherever possible.
National Cyber Security Centre, Advice and Guidance
- Access Control
- Active Cyber Defence
- Artificial Intelligence
- Asset Management
- Bulk Data
- Configuration Management
- Critical National Infrastructure
- Cyber Attack
- Cyber Strategy
- Cyber Threat
- Incident Management
- NCSC for Start-Ups
- Operational Security
- Penetration Testing
- People-Centred Security
- Personal Data
- Remote Working
- Research & Academia
- Risk Management
- Secure Design & Development
- Security Architecture
- Security Monitoring Social Media
- Supply Chain
- Video Conferencing
Security Education and Awareness Videos
Classification Overview – a short overview covering the baseline security behaviours for the three classification tiers (OFFICIAL, SECRET and TOP SECRET).
Classification – Official – Guidance for working at OFFICIAL.
Classifications – Secret & Top Secret – Guidance for working at SECRET and TOP SECRET.
Additional Markings – A guide to the Additional Markings that can be used alongside classified markings.
Classifications for Suppliers – A guide for suppliers working with classified information.