GDS reaffirms commitment to PSN compliance approach
Whitehall will look at re-framing the compliance standards developed for PSN as it looks to migrate away from using the secure network in favour of internet services
The Government Digital Service (GDS) has said it has no intention of abandoning current reliance on the Public Services Network (PSN’s) compliance standards, at least for the immediate future, as it contemplates a revised communication security approach based on using internet services.
The claims were made in response to a blog published earlier this year announcing that the government was “now on a journey away from using the PSN” with Internet-based services being viewed suitable for communications to support the vast majority of work undertaken by the public sector. PSN functions as a secure high performance network for public sector organisations.
Mark Smith, head of PSN compliance with GDS, said there was no timeline for moving away from using the private network due to a need for significant work to prepare for the required changes.
“For the people and organisations that we talk to across the PSN community, the news didn’t come as much of a surprise: there’s been a world of change in IT trends since the PSN was originally set up more than 10 years ago,” he said.
“However, the same people told us that they were worried that the PSN compliance process was also set to disappear and, if it did, then that would raise big questions.”
Smith noted that particular concerns had been raised with GDS from stakeholders around ensuring communications were still secure in the absence of using the PSN, as well as obligations about data handling.
He argued that while the internet was being viewed as a sufficient channel for communications, it would still be important to implement the same security standards whether organisations were connected to the PSN or not.
“It’s going to take some time for the public sector to get to a point when the services it needs to use and the information it needs to access each day can be done over the internet,” said the post.
“We’re working with organisations across government and the public sector and the PSN community, as well as suppliers and service providers, to ensure issues are identified and we’ll work together to provide common solutions.”
At a time of significant change in the communications environment for public sector organisations, GDS said it is focused on expanding and reframing the existing PSN compliance requirements “in a new context” that will retain the current assurance principles in place.
“A new context that can tap into the methodology we’ve built for collecting security data,” said the organisation.
“[A process] that can make use of the historical data we hold; that can build on the co-operative relationships that we’ve nurtured across the public sector; and, most importantly, make it simpler, quicker and more valued to those who achieve it.”
Smith added that the compliance process for PSN was devised under the principle of government departments understanding who is using their data and ensuring trust among users.
He added that this need for trust and data governance would still be required even after the government migrates services from the PSN network.
Smith’s blog post follows a roundtable discussion about the PSN held last week, organised by the network providers’ association Innopsis, which saw GDS playing up the importance of the standards and wider community that had been built up around the network.
Simon Foster, PSN Operations Manager at the Cabinet Office, told the roundtable discussion that there were aspects of the ecosystem around PSN that it hoped to preserve even once the network is defunct.
“The first thing that we got was a set of common standards that we could agree on that was a way of describing what a network for government ought to look like. That is extraordinary because prior to that we had hundreds of different networks all built to different standards,” he said at the time.