Overview
This PPN applies to central government departments, their executive agencies and non-departmental public bodies (collectively referred to as ‘in-scope organisations’). It is also relevant to other contracting authorities which create, process, store and manage government information.
In-scope organisations must ensure that appropriate protective security controls are in place for new and existing contracts in line with the updated Government Security Classifications Policy 2023 (GSCP).
The GSCP sets out the administrative system used by HM Government (HMG) to protect information and data assets appropriately against prevalent threats through the use of ‘classification tiers’.
HMG uses three classification tiers; OFFICIAL, SECRET and TOP SECRET. Each tier provides a set of recommended baseline behaviours and a set of protective controls, which are proportionate to the threat profile for that tier AND the potential impact of a compromise, accidental loss or incorrect disclosure of information held within that tier.
Objective at this commercial stage
Where necessary, contractual provisions should be reviewed and updated to ensure that sensitive information aligns with the appropriate security protections under the GSCP.
Existing suppliers should be notified of the updated GSCP.
Key considerations at this commercial stage
In-scope organisations should:
- ensure that existing suppliers are notified that the GSCP has been updated and set any changes needed to the contract
- ensure they review the procurement and contract documents and apply the GSCP markings, as appropriate.
Legal framework
The PPN should be read alongside the relevant parts of the legal framework, including but not limited to, the following provisions of the Public Contracts Regulations 2015 (which may be particularly relevant to the consideration of this PPN):
- Regulation 15: Defence and security
- Regulation 21: Confidentiality
- Regulation 22 (18) and (19): General principles about the use of electronic and non-electronic means of communication
- Regulation 53: Electronic availability of procurement documents
Additional support and guidance
Make sure you:
- read the PPN and any supporting implementation guidance
- seek legal and commercial advice in the context of specific procurements
