Delivering Information Security For Guildford Borough Council

Guildford Borough Council was judged an ‘Excellent’ council by the Audit Commission. The Business Systems team is a relatively new service with a broad remit including ICT, information management, offices and facilities, whose aim is to provide people with a ‘good way to work’ both now and in the future. There are 45 people within the team who manage over 800 users across 15 different services.

The Challenge

The Council have faced growing demands to support a number of initiatives including: partnership working, meaning all members of a working group require access to all relevant information required to get a job done; flexible working using Sharepoint as an Intranet for staff to work from any location and an increase in numbers of Freedom of Information requests.

These changes would significantly impact information security at the Council and had to be balanced against their need to comply with applicable legislation (CoCo, GPMS, Data Protection Act, Freedom of Information Act) and their responsibility to protect the public, on behalf of whom information is held, and the staff who have access to that information.

In 2010, the Business Systems focused on how they would support these changes to their ways of working. They identified that protective marking of information would deliver both the security that they were looking for in order to be responsible and compliant, along with the flexibility their staff needed. They concluded that as they needed to ensure that protective marking was uniformly adopted by everyone working with their data, they needed a software product which could help them enforce it, where a process or training change could not

The Solution

Guildford Borough Council chose Email Classifier and Office Classifier, allowing users to apply visual protective markings to emails and documents, which are then embedded into the email or document metadata. The visual markings allow staff to make informed decisions about how to share information and the metadata can be used by other technologies to enforce the desired policy and prevent the inadvertent release of sensitive information.

Ease of use was a key selection criteria for Guildford. “We needed protective marking to be as easy as possible for staff to adopt. We didn’t want to give people even more ‘stuff’ on the desktop as we knew that another system for staff to understand would affect adoption. We wanted something that integrated completely with and looked just like the Microsoft product.”

Initially Business Systems rolled the Classifier products out within their own team and decided on a soft launch into the wider organization, where protective marking was available but not mandated for three months for Outlook email and Microsoft Office documents, in order to give staff time to get to know it and understand the levels of classification.

We were looking for a simple, reliable and customizable software product, so that we could use our own classifications for our own business needs. Additionally, we were looking for a vendor who had the development prowess to customize the product for us, integrate it with existing products such as our email encryption tool and keep it up-to-date with our technology base. We found both in Fortra's Classifier Suite. - Steve Wragge-Morley, Head of Business Systems, GBC

Conclusion

By rolling out the Fortra's Classifier Suite Classifier products, Business Systems can enforce information security policies in respect to their new ways of working, increase staff & partner awareness of the sensitivity of information, provide evidence to governing bodies that applicable regulations have been met and leverage investments in their other security technologies such as encryption, archiving & storage.

Requirement: Data Classification to provide legislative compliance and collaborative working

Solution: