Classified information in the United Kingdom
Classified information in the United Kingdom, now called Protectively Marked Information, is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and the critical national infrastructure. The system is also used by private sector bodies which provide services to the public sector.
The system was formerly included in the Manual of Protective Security (MPS) which specified the impact of release and protection level required for each classification. Departments issued localised versions of the content of the MPS as appropriate to their operational needs.
The Security Policy Framework (SPF) now supersedes the Manual of Protective Security  and contains the primary internal protective security policy and guidance on security and risk management for HM Government Departments and associated bodies. It is the source on which all localised security policies are based and has been made publicly available.
In 2014, a new classification system, the Government Security Classifications Policy, replaces the old Government Protective Marking Scheme.
Government Protective Marking Scheme
The system uses five levels of classification, supplemented with caveat keywords:.:Annex One The keyword must be placed in all capital letters in the centre of the top and bottom of each page of a classified document. In descending order of secrecy these are:
- Top secret
- Information marked as Top secret is that which whose release is liable to cause considerable loss of life, international diplomatic incidents, or severely impact ongoing intelligence operations. Prior to the Second World War, the highest level was "Most Secret"; it was renamed so that the UK and US operated to a consistent system.
- This marking is used for information whose side-effects may be life-threatening, disruptive to public order or detrimental to diplomatic relations with friendly nations.
- The effects of releasing information marked as Confidential include considerable infringement on personal liberties, material damage to diplomatic relations, or to seriously disrupt day-to-day life in the country.
- Information marked as Restricted is at a level where the release of the material will have effects such as significant distress to individuals, adversely affecting the effectiveness of military operations, or to compromise law enforcement.
- Such information will cause distress to individuals, cause financial loss or improper gain, prejudice the investigation or facilitate the commission of a crime or disadvantage government in commercial or policy negotiations with others.
- Unclassified:p. 22
- The term "UNCLASSIFIED" or "NOT PROTECTIVELY MARKED" may be used in UK Government documents to indicate positively that a protective marking is not needed.
Access to protectively marked material is limited by a system of security clearance.
Protectively marked material must be accounted for in a manner appropriate to its classification level and disposal must be in accordance with the SPF. The act of destruction or disposal is included in the accounting process.
Protectively marked material may also be marked with a descriptor, or privacy marking, which identifies sensitivities around distribution and handling.
Examples of descriptors include, but are not restricted to:
- Visits (domestic or foreign royalty and ministers)
Protectively marked material may bear a nationality caveat, a descriptor defining which nationality groups it may be released to. By default material in the UK is not caveated by nationality, the classification being sufficient protection.
Examples of nationality caveats include, but are not limited to:
- UK EYES ONLY
- CANUKUS EYES ONLY — Canadian, UK or US citizens.
- AUSCANNZUKUS — Australia, New Zealand, Canada, UK and USA (the UKUSA Community, also known as the "Five-Eyes").
Dissemination of already protectively marked material may be further limited only to those with a legitimate need to know using compartmentalisation by use of codewords. Examples of compartmented material would include information about nuclear warheads, fusion, and naval nuclear propulsion. In some cases the existence of a codeworded compartment is itself classified.
Examples of codewords include, but are not limited to:
- LOCSEN — has local sensitivity, and may not be shown to local officials.
- NATSEN — has national sensitivity.
- DEDIP, DESDEN — may not be shown to certain named officials.
Access to protectively marked material is defined according to a vetting level which the individual has achieved. Vetting is carried out by individual departments to standards laid down in the MPS.
Vetting is intended to assure the department that the individual has not been involved in espionage, terrorism, sabotage or actions intended to overthrow or undermine Parliamentary democracy by political, industrial or violent means. It also assures the department that the individual has not been a member of, or associated with, any organisation which has advocated such activities or has demonstrated a lack of reliability through dishonesty, lack of integrity or behaviour. Finally the process assures the department that the individual will not be subject to pressure or improper influence through past behaviour or personal circumstances.
Four levels of vetting exist:
Baseline Personnel Security Standard (BPSS)
A Baseline Personnel Security Standard (BPSS, commonly referred to as a BS and formerly known as Basic Check) allows personnel access to locations where protectively marked material is held, in an otherwise secure manner.
A BPSS allows for access to non-protectively marked information and material marked PROTECT. Access to RESTRICTED and CONFIDENTIAL assets of UK origin on a need to know basis is permitted. A BPSS does not allow access to protectively marked material of foreign origin (including NATO).
A BPSS and would typically be required for reception, catering or cleaning staff in a public sector facility. A BPSS confirms identity, signature, address and employment/education.
Counter-Terrorist Check (CTC)
A Counter Terrorist Check (CTC) is required for individuals who are employed in posts that:
- Involve proximity to public figures assessed to be at particular risk from terrorist attack.
- Give access to information or material assessed to be of value to terrorists. However it is not designed to manage access to sensitive information.
- Involve unescorted access to certain military, civil, industrial or commercial establishments assessed to be at particular risk from terrorist attack.:p. 17
The process for CTC clearance includes:
- BPSS clearance;
- completion of a security clearance questionnaire by the candidate;
- checks against UK criminal and security records;
- it may also include an interview.:p. 20
Security Check (SC)
A Security Check (SC) is the most widely held level of security clearance. It is required for jobs involving regular and uncontrolled access to sensitive information which is classified as 'SECRET' (and below). Some posts in international organisations also require SC clearance.
The process for SC clearance includes:
- CTC clearance;
- a credit reference check;
- if considered necessary, checks against the criminal and security records of relevant foreign countries.
- it may also include an interview.:p. 21
Security Check Enhanced
Security Clearance Enhanced allows routine and uncontrolled access to material marked 'Secret' and below with supervised access to top secret material where required in the course of one's duties. In addition to normal SC checks the following are required:
- in accordance with the Security Service Act 1989, where it is necessary to protect national security or to safeguard the economic well-being of the United Kingdom from threats posed by persons outside the British Islands, a check against Security Service records
- credit reference checks and a review of personal finances
Checks of the above may prompt the organisation to interview the person being vetted and/or seek references from people who are familiar with their character in both home and work environment.
Developed Vetting (DV)
DV is the most detailed and comprehensive form of security clearance. It is required for sensitive jobs and tasks which involve long-term, frequent or uncontrolled access to 'TOP SECRET' material (and below), or certain posts in international organisations. The process for DV clearance includes:
- SC clearance;
- completion by the applicant of a DV supplementary questionnaire;
- completion by the applicant of a financial questionnaire;
- a review of the applicant's personal finances;
- interviews with an applicant's referees conducted by a vetting officer;
- a detailed interview with an applicant conducted by a vetting officer.:p. 21
- Official Secrets Acts 1911 to 1989
- Classified information
- Classified information in the United States
- List X site
- "HMG Security Policy Framework". V8. Cabinet Office. April 2012. Retrieved April 29, 2013.
- Hansard, Written answers 15 Dec 1994 Hansard online
- HMG Baseline Personnel Security Standard. www.gov.uk: Cabinet Office. Version 3.2 April 2013.
- HMG Personnel Security Controls. www.gov.uk: Cabinet Office. Version 1.1 April-2013.