Service Description
Infrastructure and services are increasingly shared by multiple government departments as a way of reducing costs. The accreditation of these systems can be complex, since different departments will have different threat profiles and risk appetites.
The Pan Government Accreditation (PGA) service is provided by CESG to manage the combined risks efficiently on behalf of all public sector organisations involved.
The PGA will take account of the risk appetites and business drivers of a customer organisation involved in a Shared Service and make recommendations to the Senior Information Risk Owner (SIRO) as appropriate.
Accreditation is normally issued on a 12-monthly basis, and is seen as an ongoing process throughout the system's life cycle.
Customers
Accreditation
Where there is no clear lead department for a Shared Service, or where the lead department is not best placed to accredit from a pan government perspective, Accreditation is provided. The PGA service currently carries out this role for numerous projects, including GSi and PSN.
Accreditation is always carried out on behalf of an identified SIRO, either in Cabinet Office or from a lead department. The PGA will give direction and guidance on risk management requirements, assess whether risks have been mitigated , issue Accrediation statements, and report residual risks to SIROs or their representatives.
Accreditation Advice
When a lead department is accrediting a project, but where input is required from an independent accreditor who can take a pan government view, Accreditation Advice is provided. Most commonly this involves contributing to an accrediation panel, but in some cases this can involve carrying out an independent review of accreditation on behalf of other stakeholders.
Service Costs
The PGA Service does not seek repayment directly from customer, but an agreement must be put in place between CESG and the public sector organisation acting as the SIRO for the Shared Service.
Work is accepted on a priority basis, and prospective public sector customers should consult their CESG Customer Account Manager (CAM).
Service Pre-requisites
Your CAM may send you a questionnaire to complete. This will ask you to tell us who is sponsoring the PGA request, and who the SIRO will be.
Delivery Timescales and Lead Time
There is no standard duration for the PGA service. It will vary depending on the complexity of the Shared Service, and the number of stakeholders involved. The earlier CESG can be notified of the need for PGA services, the sooner we can respond with confirmation of our availability.
To order the PGA service please contact your CAM in the first instance. They will be pleased to discuss your requirement and, if necessary, send you an Expression of Interest Questionnaire.
Note: For PSN related projects, all accreditation enquiries should be directed through the PSN Authority in Cabinet Office. Please email psna.compliance@cabinet-office.gsi.gov.uk