• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Search Archive
  • Home
  • Research
  • Magazine
  • Events
  • Recruitment
  • Blog
  • On Demand
  • Contact
Home / Magazine Articles / Getting serious about security

Getting serious about security

rances Hipple, a senior consultant for NCC Group, explains how housing providers will need to improve their security in order to exchange information with and connect to local authority networks and systems.

In order for local authorities (LAs) to securely communicate and transmit information with the government, they will be required to connect to the Government Connect Secure Extranet (GCSx). In order to do so, they are likely to need to improve the security of their IT architecture and implement a range of controls within a Code of Connection (CoCo) covering a variety of areas to achieve a minimum level of security.

What does this have to do with housing providers? Well, if you are using a shared network with your LA, you will almost certainly have to fully comply as well.

Indeed, if you access any LA systems or networks, you will need to comply with the requirements. This may mean that you have to access systems from LA networks or premises only or you may have to ensure that your networks and systems are of an equivalent security level in order to exchange information. Possible areas where this may occur will include some choice-based lettings schemes or possibly interfaces such as housing benefit.

These controls include, but are not limited to:
Ensuring the physical security of premises is sufficient;
Educating users in how to preserve security, the requirements of security and their expected behaviour;
Ensuring that all devices accessing the network are patched and hardened to prevent potential compromise;
Having a secure network architecture in line with Government requirements;
Having anti-virus software installed throughout the network and updated regularly;
Having a controlled and secure remote access and home working solution;
Controlling the use of media devices on the network;
Monitoring and having the ability to react to security incidents.

If you receive any information from LAs, they may require you to handle that information in a secure manner and the information might be subject to the following controls:
Information must be encrypted prior to email;
Media must not be used or information must be stored encrypted on media;
Only certain personnel are permitted to handle information.

If you are asked to comply with any of these requirements you must do so otherwise LAs could refuse to exchange information with you. For example, we are already aware of at least one ALMO where the use of BlackBerries has been restricted by the LA so that passwords and logins are required and email, cameras and Bluetooth have been disabled. This is to prevent the accidental storage of sensitive data on an unencrypted device. This type of issue could have a wide-ranging impact on the ways in which staff carry out their jobs and needs to be discussed with the LA so that a workable and compliant solution can be found.

If you are accessing operational software that is hosted by a supplier or third party then you will need to be sure that these have good information security and software development practices in place. There is no such thing as ‘GCSx-compliant software’ as the GCSx applies to the network connected to the GCSx. However as long as the software works within the GCSx requirements such as VPNs, then there are no particular requirements that the software applications have to comply with. You do need to be careful though that if the software somehow negates security controls (e.g. requires a web browser in a ‘privileged mode’) then it may result in non-compliance to the CoCo. In general, it is the remote connections that need to be secure rather than the software.

The list of requirements above is an overview of information and IT security best practice. All organisations, regardless of the information they handle, their business profile or the industry they work in, should be considering how they secure their information and IT assets and what risks are posed if they don’t.

The ISO/IEC 27001 standard is now considered the best way of achieving information security best practice. The standard covers physical security, access control, incident management and business continuity, security policies and governance, IT security and operations management.

Implementing a standard such as ISO 27001 or adhering to best practice controls will put your organisation in a better position to adhere to any requirements from the local authorities around the GCSx Code of Connection and also ensure that all your information and systems are secure and well protected.

Frances Hipple is a senior consultant for NCC Group.

See More On:

  • Vendor: NCC
  • Topic: Infrastructure
  • Publication Date: 014 - March 2010
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Free cyber-defence tools from NCSC
  • Learning from history
  • Grand Union Housing gets connected with Aico HomeLink
  • The silences in the system: Predicting and preventing damp and mould
  • Looking back and to the future: Cyberthreats in social housing
  • Hyde signs repairs contract with Totalmobile
  • Fuelling high performance automation
  • Morgan Sindall’s Carbon Zero decarbonisation tool
  • An ethical approach to arrears
  • Housing and the ever-evolving workplace
  • Supporting residents with home safety risks
  • Less innovation & more service design at RHP
  • Ateb Group outsources IT help desks to Central Networks
  • Capital Letters partners with Evo Digital to tackle homelessness
  • Calico appoints M247 for digital transformation
  • 24/7 care requires 24/7 technology
  • Govtech trends for 2023
  • Are you ready for business process automation?
  • Lincoln council moves to the cloud with Civica
  • Why do IT business improvement projects fail?
  • Flagship and Ebrik launch augmented reality app
  • Following the golden thread
  • Setting the standard for carbon-monoxide protection
  • The business case for data
  • Digital twins – When, not if…
  • Using data to build communities
  • The cyber-security jigsaw’s missing piece – Managed detection & response
  • Cyber-security challenges in housing
  • Digitalising retrofits with SHDF & HomeLink
  • Tips for improving care and support

Footer

Housing Technology
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Blog
  • Search All Articles
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2022 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293

htc23 pop banner