The OFFICIAL classification is used to manage the majority of information that is created or processed by the public sector. This includes routine information about business operations and services, some of which could have damaging consequences if lost or stolen.
Security at OFFICIAL is achieved through commercial good practice, using commodity technologies and people taking personal responsibility and using their judgement actively. Government-wide security standards are met through meeting clearly defined outcomes and working within common frameworks rather than applying prescriptive controls. The Government Security Policy Framework describes government’s overall approach to protective security.
Whilst technology risks must always be effectively managed, there are opportunities for organisations to develop innovative solutions and use modern, commodity technologies and tools. Security should always considered when making decisions about technology, and it should be balanced against other aspects of the service.
This page will be updated with new guidance as it is issued by the Cabinet Office and CESG, the Information Security arm of GCHQ, and the UK National Technical Authority for Information Assurance.