About Information assurance
The National IA Strategy (NIAS) developed by GCHQ was launched in June 2007. Socitm has been working with GCHQ and CESG on the approach and vision for IA in local government and on the delivery approaches for the NIAS up to 2012 announced in June 2008. A CESG liaison officer is working with Socitm to on local government needs and requirements. As part of this work, Socitm co-chairs the National IA Forum, (NIAF) a pan-government independent think tank on Information Assurance. One of the key deliverables from NIAF are the CIPCOG security conferences. Socitm chaired the September event on standards and policy.
Socitm is much engaged with the overall programme for the future development of the Public Service Network. One facet of the Public Services Network is Government Connect but there are others and Socitm is playing a role to ensure the Cabinet Office and OGC are aware of the needs and issues affecting Local Government as this policy is delivered.
Socitm is a key partner and trusted advisor to the DWP-run Government Connect work programme, and is represented on the Government Connect Board. The LG CIO Council has wholly supported Government Connect and the programme is now moving forward with Socitm advising on and supporting implementation. Government Connect is a variant of the Government Secure Intranet (GSI) to rolled out to all local authorities in England and Wales by April 2008. This will enable the secure transfer of local government data through government-controlled networks, avoiding situations where data is put at risk when devices like memory sticks, CDs and laptops are lost in transit. In June 2008 Socitm undertook a piece of key research with local authorities on issues with completing the Code of Connection document. Our report was well received and its recommendations accepted. This activity directly shaped the £2.5m support package for local authorities announced at the Socitm conference in October 2008.
Socitm has led the work nationally on the Data Handling approach for Local Government, working in partnership with the LGA to produce the Local Government Data Handling Guidelines issued on 18 November. The guidelines are local government's response to the Government's Data Handling Review. They provide local authorities with an essential checklist of actions, highlights best practice in secure data handling, and sets the standard for local government around a topic that has been much in the news in recent months. An article on the guidelines was published in the SOLACE newsletter in September.
Socitm is working with CLG/DWP on aspects of identity management linked to the Tell Us Once (TUO) project. This will inform the future shape of TUO services and indirectly towards work in the National Identity Strategy due for publication in the Spring of 2009. Socitm has recently distributed a survey on identity management to local authorities, which will be used by CLG to identify early adopters that CLG/DWP can work with as trailblazers.
Socitm is also working with DCSF to help promote an understanding among Socitm members of its Employee Authentication Service (EAS). More information can be found in a video about the EAS available on YouTube.
CESG is working in a Government Security Framework which details aspects of identity management and authentication. Socitm is part of the pan-government working group helping to shape and write the document, which will align to GC and NIAS.
The Security Policy Framework is the replacement for the Government's Manual of Protective Security(MPS). The MPS is now 30 years old and has been revised many times. A complete overhaul is required. Socitm is lobbying to ensure that the requirements of local government are fully recognised in the new framework, especially in support of GC and the CoCo.
The Head of Information Assurance represents Socitm on a number of key boards, committees and groups, which drive forward IA. Socitm also supports the National Local Authority WARP Programme. This service is offered to local authorities through regional WARPS to help them implement national IA standards and requirements, such as the Code of Connection. Through the Head of IA, Socitm has been instrumental in the development of the Local Government Data Handling guidelines and the Local Government Delivery approach of the National Information Assurance Strategy.
- Cabinet Office: CTO council IA domain; GSi AWG (Accreditor's working group) ; PSN Security work stream; PSN Accreditation work stream
- CESG: Co-Chair National IA Forum; IT Security Officers Forum (ITSOF)
- CPNI: WARP Operators forum
- LGA: Local Government Information Assurance Advisory board
- TigerScheme: Management Committee
The following chart shows all of the relevant groups and connections in which the Head of IA plays a role, along with an explanation of the acronyms.
- CLAS - CESG Listed Advisor Service
- ITSOF - IT Security Officers Forum
- IAEB - IA Events Board
- NIAF - National IA forum
- Govcert - Government Computer emergency Response Team
- CESG - Communications and Electronic Services Group (Part of GCHQ)
- ICM - Intelligent Customer Mechanism
- IATP - Information Assurance Technical Programme
- CCTM - Claims Test Mark
- OCS - Office of Cyber Security
- SIA - Security Information & Assurance (Formerly CSIA)
- LGA - Local Government Association
- PSN - Public Services Network
- GC - Government Connect
- LGIAAB - Local Government Information Assurance Advisory board
- LGDC - Local Government Delivery Council
- NSG - National School of Government
- IISP - Institute of Information Security Professionals
- SFIA - Skills Framework for the Information Age Council
- NLAWARP - National Local Authority Warning, Advice and Reporting Point