Apply to have your GCN connectivity service accredited
If you’re a supplier and want to provide a GCN connectivity service you need get accreditation by getting it security accredited and confirming that it meets certain obligations. GCN connectivity accreditation was previously known as GCN compliance. Your connectivity accreditation certificate is awarded by the PSN Connectivity Accreditation Panel (PCAP).
A GCN connectivity service is a type of PSN connectivity service, but the the accreditation process is different because it is governed by the PSN Deed of Undertakings (DoU).
There are 4 steps to renewing GCN connectivity accreditation or getting your it accredited for the first time.
- Complete Annex A of the CoICo
- Update your contact details
- Submit your application documents
- Complete your accreditation with PGA and PCAP
If you’re applying for a GCN connectivity accreditation certificate for the first time you need to meet the requirements in the PSNDoU. Email us at public-services-network@digital.cabinet-office.gov.uk for further details.
A GCN connectivity service’s accreditation may be withdrawn at any time if it’s found that the service no longer meets the agreed standard.
Step 1: Complete Annex A of the CoICo
The PSN Code of Interconnection Annex A spreadsheet lists the requirements that your service must meet in order to achieve connectivity accreditation. The requirements are divided into three categories:
Governance
The governance requirements outline how the PSN is governed. They explain how we expect you to operate as a PSN connectivity provider.
Technical interoperability
The technical interoperability requirements provide us with assurance that your network service will work seamlessly at a technical level with other PSN networks. The technical interoperability requirements focuses on Multiprotocol Label Switching (MPLS) configuration, Asynchronous System (AS) deployment, Quality of Service (QoS) classes, IP addressing and Domain Name Services.
Service management
The service management requirements provide us with assurance that your service will work seamlessly at an operational level with other PSN services. The service management requirements focus on incident, problem, change and release management.
Notes on completing the Annex A
You must complete the Annex A spreadsheet by answering the ‘compliant (Y/N/NA)’ and ‘supporting evidence’ columns. You should provide as much evidence as you can, and reference out to supporting information where necessary.
Please note: depending on the type of service you are intending to provide, not all of the technical interoperability requirements will apply. Where you feel that a requirement (or set of requirements) do not apply, please state ‘NA’ in your response.
Where you reference out to supporting information, you must ensure that it is clearly referenced in order to enable us to ascertain which evidence applies to which requirement(s).
Step 2: Update your contact details
You will need to send us the contact details for important roles in your organisation. Providing these details allows the PSN team to make sure the right people are informed about service and security issues that may occur both in the PSN community and more widely. It’s important to keep these details updated and ensure the PSN team are informed of any changes.
You can use this form to provide the contact details or update the details that you have already sent us.
Step 3: Submit your application documents
When you’ve completed the above steps set out in this guide, your final step is to send the documents to us. To do this just simply email the documents including any supporting material to the PSN team at public-services-network@digital.cabinet-office.gov.uk. These documents make up your PSN compliance submission.
What happens to your connectivity submission
The PSN team will validate and review your application. You might be contacted if your submission is incomplete or to confirm details in your application.
If the PSN team identify any issues in your application you may need to address these and resubmit. When the PSN team has validated your application it will be passed to the PGA for accreditation.
Step 4: Complete your accreditation with PGA and PCAP
If your documents have been satisfactorily completed, your application will be passed to the PGA for security accreditation.
You should now contact the PGA and work with them directly. The PGA will need architectural diagrams sufficient to enable a security assessment.
You can expect the PGA to conduct a detailed review of your service architecture and management. Depending on the nature of your service, the PGA may request that you carry out additional assurance activities. For example, if you are providing network services you may be asked to undergo CESG Assured Service - Telecomms (CAS(T)) certification. You may be asked to undergo ISO/IEC 27001 certification in order to assure the PGA that you have a robust information security management system in place.
You must clearly define and agree the security accreditation scope and the ISO/IEC 27001 or CAS(T) certification scope of the service with the PGA before embarking on any assurance activities.
When the PGA has concluded its security accreditation review, they will issue a security accreditation and residual risk report to PCAP. PCAP will consider the PGA’s report and make a final decision as to whether your service will receive connectivity accreditation or not.
After PCAP confirms your connectivity accreditation, we’ll let you know and will include your connectivity accreditation certificate. At that point, you may connect to the PSN and start to provide your service. Your accreditation certificate is normally valid for 12 months.