Overview
This PPN applies to central government departments, their executive agencies and non-departmental public bodies (collectively referred to as ‘in-scope organisations’) when awarding public contracts for goods, and or services, and or works, other than special regime contracts. It is also relevant to other contracting authorities which create, process, store and manage government information.
In-scope organisations must ensure that appropriate protective security controls are in place for new and existing contracts in line with the Government Security Classifications Policy (GSCP).
The GSCP sets out the administrative system used by HM Government (HMG) to protect information and data assets appropriately against prevalent threats through the use of ‘classification tiers’.
HMG uses three classification tiers; OFFICIAL, SECRET and TOP SECRET. Each tier provides a set of recommended baseline behaviours and a set of protective controls, which are proportionate to the threat profile for that tier and the potential impact of a compromise, accidental loss or incorrect disclosure of information held within that tier.
Note: This PPN replaces PPN 07/23 for procurements commencing on or after 24 February 2025.