The UK Government continues to promote its “Cloud First” policy, with most cloud-related business being conducted via the Digital Marketplace. Regular iterations of the content of the Digital Marketplace take place relatively frequently – we’re currently in G-Cloud 8, although the next release (G-Cloud 9) will soon be upon us, and applications need to be completed and submitted by 11th April.
Several InfoSaaS customers and partners have commented that this latest iteration has a greater focus on information security than previously, with questions being asked about:
- The supplier’s information security related standards and certifications
- The governance framework implemented by the cloud service supplier
- Data in transit protection
- Asset protection and resilience – including the location of the underlying hosting facilities
- Details of operational security processes
- How secure development activities are undertaken
- Details of personnel security processes
- Identity and authentication of users/management into the cloud service
- Availability of audit information for buyers/from the supply chain
For those organisations who have already implemented an Information Security Management System, and proceeded through successful external certification such as ISO27001:2013, all of these requirements will already be familiar, and in a well implemented and managed system will be sufficient to allow a comprehensive, positive response against these G-Cloud questions.
Every organisation supplying cloud services to the public sector needs to remain aware of the associated risks against an ever increasing threat landscape, and safeguarding valuable public sector data is paramount. Not only do potential public sector customers require it, but citizens will expect no less. At InfoSaaS, we are pleased to have supported a number of successful cloud businesses with their risk management activities, using InfoSaaS Assure, our on-line, secure cloud solution.
Having the right information security and risk management framework is key to attracting business through G-Cloud. Maintaining and delivering security best practice is essential for retaining it.
If you’re seeking a comprehensive and effective solution for risk management, visit our website, watch our video or take a test drive.