Stonehouse, Glouc., United Kingdom, June 11, 2015 --(PR.com
)-- Toplevel has been awarded Pan Government Accreditation (PGA) by CESG, the information security arm of GCHQ, for the handling of OFFICIAL data by the Toplevel GCloud e-Forms Software-as-a-Service (SaaS). The accreditation process, which entailed rigorous risk assessment and penetration testing, will provide public sector organisations and associated agencies with the assurance afforded by a preapproved solution. Toplevel was fortunate that its accreditation project was already underway ahead of the cut-off date imposed by the Government Digital Service (GDS) as the award of PGA status is a coveted differentiator on the G-Cloud platform. PGA removes the need for public sector bodies to perform their own internal comprehensive risk assessments and to independently assess the security assurances of the provider, helping to make the process of selecting and committing to a solution more straightforward and less time consuming.
Why Toplevel sought PGA
Toplevel sought Pan Government Accreditation to verify the high level of security assurance provided by its SaaS solution and to make it easier for large government departments to procure services (its request for certification was supported by the Home Office). Pan Government Accreditation requires substantial investment and commitment and the process can take several months to complete, involving the assessment of both the technical solution and working practices used to deliver it. The GDS has since announced it has stopped accepting accreditation submissions making PGA certification a highly prized differentiator. In the future, buyers will be required to assess suppliers that do not hold the accreditation, adding further cost and complexity to the procurement process.
PGA provides data assurance
Toplevel GCloud eForms service enables organisations to create online digital services which can be used to improve customer service and accessibility in line with the ‘Digital by Default’ drive mandated by Government. The vast majority of data will be classified as Official under the Government Security Classifications Policy introduced in April last year. The service is hosted and managed wholly within the United Kingdom, therefore prospective HMG customers may also choose to use it for processing information records with increased sensitivity, in line with regulatory and legal requirements, current OGSIRO policy and in-house risk management decisions.
“Pan Government Accreditation allows us to take the pain out of accreditation for our customers. Large departments often need to seek accreditation several times over for different services, making it a time consuming and costly process. The PGA award removes that obstacle and provides the government buyer with the added assurance that our systems and processes and have been independently assessed and approved. So as well as streamlining procurement, we are also giving our customers the peace of mind that comes with a service validated by CESG.” -Jane Roberts,
Toplevel's Strategy Director
“I have been delighted to work with Toplevel to support the successful Pan Government Accreditation of their eForms service. From a technical perspective, accreditation has involved completion of a thorough review process with CESG’s Pan Government Accreditor. The accreditation has involved a full definition of the service offering and has assessed and appropriately managed risks associated with the application, delivery architecture and the support environment. Therefore prospective customers can rely on a level of prior quality assurance associated with Toplevel’s service offering.” -Phil Robinson, CLAS Consultant and
Director, Prism Infosec
Benefits of PGA
Public sector customers will benefit from the following security assurances in eForms following PGA compliance:
· Service Assurance – provides prospective public sector customers with the assurance of an established security accreditation. Saves in-house accreditors time and resource as it removes the need to independently validate the service.
· Technical Assurance – involves the completion of a series of penetration tests which have been independently viewed and corroborated by the Pan Government Accreditor. Provides additional assurance in remediation of security risks.
· Process Assurance – comprises the assessment of the working practices used to deliver and manage the service and an appraisal of these processes formally documented in a Residual Risk Statement as part of the accreditation.
· Associated Assurance – in addition to eForms, other services hosted on Toplevel’s GCloud platform; eCase, eApply, aClaim, eAudit, eGrant, eDiary and eCourse also benefit by association because all 8 services use the same robust secure products and processes including Outreach case management.
Outreach eForms is available as a Software-as-a-Service (SaaS) solution via the Digital Marketplace.
Toplevel delivers digital technology and staff-facing case management solutions that help Public Sector organisations to meet the Digital by Default Service Standard quickly, securely and cost effectively. We work collaboratively with Government teams to help build flexible, configurable and reliable, low-code solutions that reduce risk while delivering the benefits of bespoke customer-facing applications with the cost advantages and deployment speed of COTS.
We have delivered projects on behalf of national government agencies across the UK including the Ministry of Justice (Legal Aid Agency), Home Office, Arts Council England, Heritage Lottery Fund, Commonwealth Scholarship Commission and Environment Agency. As a G-Cloud Framework supplier, we also deliver 8 SaaS services: eCase, eApply, aClaim, eAudit, eGrant, eDiary, eCourse, eForms. Toplevel offer the highest levels of certification and compliance including ITIL V3 and ISO 27001 certification. To find out more, please go to: toplev.com, search LinkedIn /company/toplevel or follow us on Twitter at ToplevelGov.