Code of Connection Reviews

A number of UK government networks and systems - an in particular the Government Secure Intranet (GSI) and Government Connect Secure Extranet (GCSx) - are subject to Codes of Connection (CoCo) that are intended to build and maintain levels of trust and confidence between participating network users by ensuring that all parties comply with shared security and usage standards.

The CoCo provides a minimum set of security standards that must apply both to the connected system and the connecting organisation, and mandates security tests to confirm the integrity of the connecting system. This covers everything from executive mandate, through policies and procedures, to system design, build and maintenance. Demonstrating compliance with the CoCo typically requires an organisational security review coupled with a detailed analysis of the connecting system and penetration testing to identify vulnerabilities.

ECA’s team is highly experienced in preparing for CoCo reviews and delivering these reviews on behalf of clients. Our consultants recognise that very often the need to connect can be very pressing, and that speed is of the essence whilst the integrity of the review cannot be compromised. ECA’s clients often find that not only does the team deliver the necessary documentation to facilitate the connection, but also identifies numerous other areas for improvement that can further protect the client’s information services.

Back to main CLAS page