Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.
The current classification system, the Government Security Classifications Policy, replaced the old Government Protective Marking Scheme in 2014. Since classifications can last for 100 years many documents are still covered by the old scheme.
Policy is set by the Cabinet Office. The Security Policy Framework (SPF) superseded the Manual of Protective Security[1] and contains the primary internal protective security policy and guidance on security and risk management for His Majesty's Government (HMG) Departments and associated bodies. It is the source on which all localised security policies are based.
The classification system was formerly included in the Manual of Protective Security (MPS) which specified the impact of release and protection level required for each classification. Departments issued localised versions of the content of the MPS as appropriate to their operational needs.
See main article: Government Security Classifications Policy. The Cabinet Office issued the Government Security Classifications Policy (GSCP) in 2013; it came into effect in 2014. It replaced the old Government Protective Marking Scheme (GPMS).Classifications must be capitalised and centrally noted at top and bottom of each document page, save at OFFICIAL where the document marking is optional. All material produced by a public body in the UK must be presumed to be OFFICIAL unless it is otherwise marked. Like the GPMS, which it superseded, the GSCP classifications are applied only to the confidentiality of the data under classification.
The older system used five levels of classification, supplemented with caveat keywords.[4] The keyword was placed in all capital letters in the centre of the top and bottom of each page of a classified document and described the foreseeable consequence of an unauthorised release of the data (a ‘breach of confidentiality’). In descending order of secrecy, these are:
Documents classified under the Protective Marking Scheme still exist and need correct handling. After 100 years all the classifications will have run out but the procedures may still be of interest to historians.
See main article: Security vetting in the United Kingdom. Access to protectively marked material is defined according to a vetting level which the individual has achieved.
Vetting is intended to assure the department that the individual has not been involved in espionage, terrorism, sabotage or actions intended to overthrow or undermine Parliamentary democracy by political, industrial or violent means. It also assures the department that the individual has not been a member of, or associated with, any organisation which has advocated such activities or has demonstrated a lack of reliability through dishonesty, lack of integrity or behaviour. Finally, the process assures the department that the individual will not be subject to pressure or improper influence through past behaviour or personal circumstances.[5]
Protectively marked material must be accounted for in a manner appropriate to its classification level and disposal must be in accordance with the SPF. The act of destruction or disposal is included in the accounting process.
Protectively marked material may also be marked with a descriptor, or privacy marking, which identifies sensitivities around distribution and handling.
Examples of descriptors include, but are not restricted to:
Protectively marked material may bear a nationality caveat, a descriptor defining to which nationality groups it may be released. By default, material in the UK is not caveated by nationality, the classification being sufficient protection.
Examples of nationality caveats include, but are not limited to:
Australia, New Zealand, Canada, UK and USA (the UKUSA Community, also known as the "Five-Eyes").
Dissemination of already protectively marked material may be further limited only to those with a legitimate need to know using compartmentalisation by use of codewords. Examples of compartmented material would include information about nuclear warheads, fusion, and naval nuclear propulsion. In some cases, the existence of a compartment identified by a codeword is itself classified.
Examples of codewords include, but are not limited to: