What is the GSC?
The GSC separates government data files into three distinct categories based on sensitivity. The framework requires security classifications to be applied to all government data files. Enacted in 2014 and updated in 2018, the policy replaced its predecessor, the Government Protective Marking Scheme (GPMS).
Who is Required to Comply with the GSC?
All UK government and public sector organizations are required to comply with Her Majesty’s Government Security Policy, as set out by the Cabinet Office Security Policy Division.
The GSC classifications are mandated by the SPF, and failure to comply with the GSC may result in the loss of reputation for the organization and unfavorable press coverage, heavy auditing by the Information Commissioner’s Office (ICO), and the potential for fines, legal action, or loss of funding.
What Are the 3 Levels of the GSC?
The GSC’s three-tier classification system was created for ease of use, and each level carries with it a different security requirement.
- Official | Containing mostly information processed by the public sector, ‘Official’ documents “Includes routine business operations and services, some of which could have damaging consequences if lost, stolen, or published in the media, but which are not subject to a heightened threat profile.” This category encompasses the vast majority of government information.
- Secret | This is highly sensitive information which, if compromised, would “seriously damage military capabilities, international relations or the investigation of serious organised crime.” This level of data warrants a higher level of cybersecurity and is reserved for cases where there is a “sophisticated or determined threat” and the possibility for high impact.
- Top Secret | The most secret information possessed by HMG, Top Secret information faces the most serious threats and therefore requires the top-level of cybersecurity. This classification can be applied to data when its leakage “might cause widespread loss of life or else threaten the security or economic wellbeing of the country or friendly nations.” Information of this type generally relates to matters of national security and security controls must be agreed upon by the Departmental Security Officer.
Meet GSC Compliance with Fortra
Fortra’s Data Classification Suite (DCS) delivers a way for organizations to maintain sensitivity-based security controls that align with data classification policies.
Our Data Classification products automatically locate and identify sensitive data, managing and protecting it with the industry’s most flexible and customizable classification metadata schema; a proprietary feature which gives both us and our clients an edge on the competition.
With Fortra DCS, organizations will be prepared to:
- Leverage ML to automatically detect and protect PII at creation.
- Categorize content with machine learning.
- Scan and analyze unstructured data at rest and apply identification attributes.
- Encrypt sensitive, classified data assets within a single solution.
- Classify across platforms, devices, and the cloud.
While classifying and protecting data under the GSC is required for UK organizations, the work associated with classifying legacy data can be intimidating. For this, Fortra's File Classifier offers a mass classification tool that can classify large quantities of legacy data quickly and consistently.
With the power of Fortra’s Data Classification Suite behind you, achieving GSC compliance is easier than you think.
Get an overview of the GSC classification requirements and an approach to meeting them, in order to adhere to the new scheme and prevent data loss incidents from occurring.