Skip to main contentGovernment Connect | contact us | faqs | events | about us |

0845 838 2945

Technical Introduction

  • Government Secure Intranet The GSi is the umbrella name for the Government Secure Intranet and within this arrangement there are currently five communities (GSI, GSX, xGSI, GCSx and GSE). GSi customers must belong to one or more of these communities, according to the nature of the information the organisation typically handles.
  • The GCSx network is fully accredited by the CSIA for the carrying of secure electronic traffic up to and including material protectively marked as “RESTRICTED”.
  • LA networks are not accredited. GCSx (and GSX in Scotland) is for organisations whose connecting system and subsequent security management processes and procedures adhere to commercial best practice). This grouping is for organisations that occasionally need to receive and securely store and process information at the protective marking of up to RESTRICTED. These are typically English and Welsh Local Authorities.
  • LAs must comply with the Code of Connection (CoCo), drawn up between GC, OGC Buying Solutions, CSIA and Communications Electronics Security Group (CESG), prior to connection. The LA CoCo submission is authorised by OGCbs as advised by CESG. Without the compliance, enforcement and maintenance of the requirements of the CoCo, the Community of Trust will not be established. Security controls around the GCSx network maintain the Confidentiality, Integrity and Availability of the network as a whole.

Differences between GCSx and GSi

  • GCSx is a Cable and Wireless service like the GSi and is the same design apart from the virus checker (due to cost implications), directory and firewalls.
  • The GCSx virus checker is a lower cost alternative to GSI, but provides similar capabilities. Using different Virus check products adds ‘defence in depth’ to the overall protection.

Figure 1 - AV Checking

  • GCSx uses a different Directory design to the GSI but is currently being reviewed.
  • GCSx connections are ordered via OGCbs under the same framework but using a different Register of Service (ROS).

GCSx Connection to the GSi

  • GCSx is linked to central government secure networks via the Public Sector Interconnect (PSI) secure bridge (ENIX).This allows electronic connection of GCSx to the GSi, NHS N3, CJIT Criminal Justice exchange (CJX), Police National Network (PNN) and other Central Government secure networks, subject to agreement and policy of the governing agencies of those secure networks. The PSI controls network activity between GSi communities.
  • The GSI Code of Connection is designed to connect one accredited network to another. The GCSx Code of Connection is based on the GSI Code of Connection with modification appropriate to connecting Local Authorities (unaccredited networks). In general, the differences are that the GCSx Code of Connection is reduced in a few areas where ‘MUST’ criteria are reduced to ‘SHOULD’.
  • Authorisation of a GCSx circuit is dependent on all the ‘MUST’ criteria being satisfied. OGCbs, advised by CESG, oversee this process based on recommendations of qualified security experts in the Government Connect team. The local authority Section 151 Officer validates the status of the authority’s Code of Connection submission. No circuit is authorised without a declaration from the Local Authority Section 151 Officer.
    Why are Local Authority Networks Unaccredited?
  • The GSI is provided for organisations that need to regularly communicate at RESTRICTED level. Organisations wishing to be part of the GSI community must adhere to the Central Government Security Standards.
  • Historically, LAs have not handled protectively marked material and hence have not been subject to the Central Government Security Standards. Whilst Local Authorities should work to similar guidelines and standards, it would be inappropriate to impose these standards at this moment in time
    Is it appropriate for Data Owners of Restricted data to allow their data to be transmitted over GCSx?
  • Yes - the GCSx network is fully accredited by the CSIA for the carrying of secure electronic traffic up to and including material protectively marked as “RESTRICTED”. The Bulk Data Transfer guidelines that the preferred bearer for bulk transfers should always be an accredited infrastructure such as the GSi. Data owners should therefore insist on using GCSx, as it becomes available, to enable secure transmission of data to LAs. Data Owners who are currently tolerating Local Authorities accessing their data encrypted over the internet would reduce the risk by moving to GSi (GCSx).
  • The key difference of accredited networks is the assurance in the ability of the end point/user to handle the data appropriately. Therefore Data Owners wishing to share their data with local authorities should enter into Memorandum of Agreement with the Local Authority concerning handling of their data.
  • As part of the Data Handling guidance, Local authorities are advised to appoint a Senior Information Risk Owner (SIRO) - an executive (Board Member) who is familiar with information risks and the organisation’s response. They own the information risk policy and risk assessment, act as an advocate for information risk on the board and in internal discussions, and provide written advice to the accounting officer (S151 Officer in LAs) on the content of their Statement of Internal Control relating to information risk.
Department for Work and Pensions

Department for children, schools and families

Communities and Local Government

Local Government Association

Government Connect©2008 Government Connect     | site map | privacy | accessibility |