Main navigation

HMG Security Policy Framework

• Foreword by Sir Gus O’Donnell
• Understanding the Security Policy Framework & frequently asked questions

Overarching Security Policy Statement

Protective Security, including physical, personnel and information security, is an essential enabler to making government work better. Security risks must be managed effectively, collectively and proportionately, to achieve a secure and confident working environment.

Core Security Principles

1. Ultimate responsibility for HMG security policy lies with the Prime Minister and the Cabinet Office. Departments and Agencies, via their Permanent Secretaries and Chief Executives, must manage their security risks within the parameters set out in this framework, as endorsed by the Official Committee on Security (SO).
2. All HMG employees (including contractors) have a collective responsibility to ensure that government assets (information, property and staff) are protected in a proportionate manner from terrorist attack, and other illegal or malicious activity.
3. Departments and Agencies must be able to share information (including personal data) confidently knowing it is reliable, accessible and protected to agreed standards.
4. Departments and Agencies must employ staff (and contractors) in whom they can have confidence and whose identities are assured.
5. HMG business needs to be resilient in the face of major disruptive events, with plans in place to minimise damage and rapidly recover capabilities.

Please note that this website only contains information which has been approved for public release and this is not the full framework. Please see understanding the SPF for more details or contact the SPF team.

There are seven Security Policies within the HMG Security Policy Framework which outline the mandatory security requirements and management arrangements to which all Departments and Agencies (defined as including all bodies directly responsible to them) must adhere.

Security policies

There are seven security policies and they are as follows: 

1. Governance, Risk Management and Compliance
2. Protective Marking and Asset Control
3. Personnel Security
4. Information Security and Assurance
5. Physical Security
6. Counter-Terrorism
7. Business Continuity

Download

You can download the framework in PDF format below.

• HMG Security Policy Framework [PDF 1.0MB, 60 pages]

In section navigation