Business Challenges |
Code of Connection
GCSX Code of Connection
NETconsent helps with GCSX Code of Connection
One of the most important pillars of the UK government’s increasingly rigorous approach to information assurance is use of the Government Connect Secure Extranet (GCSx). All users must sign a Personal Commitment Statement to indicate their agreement to abide by the security requirements of the Code of Connection. NETconsent is used by many local authorities to manage and report on this requirement.
- NETconsent electronic acceptance of policies at logon is by far the most practical, reliable and cost-effective method of ensuring that all users have read and accepted the Code of Connection AUP and other related policies.
- NETconsent records information about when a user accepted or declined a policy, so there is no ambiguity over policy version control.
- NETconsent shows how well someone has understood each policy by testing understanding.
- NETconsent reports shows who has yet to sign up to policies without the administrative burden associated with more traditional record keeping.
- NETconsent provides real-time management reports showing overall levels of compliance crucial to improving governance.
- NETconsent is proven technology chosen by 12% of Local Authorities and the only policy management software to be showcased in the EDT Innovation Centre.
Challenges of GCSx Code of Connection
Code of Connection compliance is not just about putting technology controls in place. Most of the latest data breaches were as the result of human behaviour. So, effective communication of policies and procedures, which instils best practice amongst your staff and contractors, is central to remaining CoCo compliant.
Although the way in which the AUP policy is implemented is entirely at every organisation’s discretion, the designated GCSX Code of Connection Risk Manager must be sure that all users of the GSi are fully aware of their responsibilities. NETconsent provides a practical and sustainable approach to policy management for GSx Code of Connection.
Requirements of GCSX Code of Connection
The security controls laid out in the Code of Connection relate to the organisational policies and procedures people must follow and the physical security of each organisation’s infrastructure.
Section 2 of the Code of Connection concerns user education. It requires all employees and, contractors and third party users to receive appropriate awareness training and updates in organisational policies and procedures relevant for their job function.
An acceptable use policy (AUP) must be in place. Before access to information or GCSX services is granted, users must positively confirm their acceptance of the AUP and communications sent or received by means of the GSi may be intercepted or monitored.
About the GCSX Code of Connection
GCSX is a secure electronic communications channel to share restricted and personal sensitive information between local authorities, central government and the wider public sector. Following a series of high profile data breaches within the public sector, GCSX has become the preferred method of data exchange by Government departments, such as the Department of Work & Pensions (DWP).
The GCSX Code of Connection (CoCo) is a list of security controls with which all Local Authorities must be compliant before their Government Connect Secure eXtranet (GCSX) circuit can be activated.
Compliance, best practice and the ability to audit are increasingly becoming key elements to our journey towards excellence. We decided to act proactively to put ourselves in the best possible position to promote better understanding of our policies. With NETconsent’s software in place I feel confident that we have taken positive steps to ensure policy management activities.
Giles Perritt
Head of Continuous Improvement
Plymouth City Council