R-Cloud, Dstl and MOD policy follows the Government Security Classification System which was introduced in April 2014. The fundamental principle behind the system is that it improves the security of government information by encouraging everyone to think about how best to protect it.
There are three classifications in the GSC system:
- top secret
Information within R-Cloud can be classified up to official sensitive
Official sensitive is a security marking, it is not a classification. R-Cloud will be accredited to handle official information with a sensitive marking, this accreditation includes the distribution of material to suppliers who are registered under the terms and conditions of the R-Cloud Framework for use on their own systems.
Official information with a sensitive marking should be given appropriate protection and comply with any handling rules, for example it shouldn’t be circulated to more people than really need to see it. Companies registered under the R-Cloud Framework are expected to understand this and to take care of the information to prevent it from being from unauthorised persons.
Official information with a sensitive marking may be shared with people inside and outside of MOD, provided enough care is taken to prevent it being seen by unauthorised persons. This includes emailing it over the internet and working on it using personal computers. For example, if they download information on to a personal computer, does the computer have up to date antivirus software and a fully patched operating system?
Information without a security marking may still be sensitive and need protection. If you fail to take reasonable care of information, it will not be a defence simply to argue it was unmarked.
You can find out more information regarding security by visiting Government Security Clarifications .