Do you intend to hold classified material (at SECRET or above) on your premises as part of a government contract? You’ll need FSC status.
FSC used to be referred to as List X. With the change in name, there has also been a variance in focus toward insider threat and the introduction of the Surreptitious Threat and Mitigation Plan (STaMP) assessment tool.
To achieve FSC status, you need to be sponsored by a Contracting Authority and meet the requirements as defined in Government Standard 007 (GovS007).
Ascentor’s Gap Analysis can steer you through what is needed to achieve FSC status.
A Facility Security Clearance (FSC) is required to ensure an industry supplier, to Defence, meets and maintains the required protective security controls to safeguard assets classified at SECRET. It provides the Contracting Authority (CA) with assurance that these assets will be appropriately protected.
Industry suppliers cannot request FSC. The requirement for achieving FSC status shall be sponsored by the CA. The CA can be:
All UK Defence Contractors with, or undertaking FSC accreditation, shall also be required to undertake Industry Personnel Security Assurance (IPSA) at an organisational level as part of the process unless they have already undertaken IPSA accreditation separately.
While you cannot apply in advance to hold FSC, when bidding for a contract which requires FSC status, there are a few things you can do to prepare if you think a contract may be forthcoming.
If you are considering FSC status in preparation for a Ministry of Defence (MOD) contract, you will also need to be compliant with the Cyber Security Model (CSM) – a pre-requisite since April 2017 for all suppliers doing business with the MOD.
We have two highly-read List FSC articles on our blog. Click the links to read How to prepare your company for achieving FSC and FSC explained.
FSC is mandatory if you need to hold SECRET or above information on your premises. So, it is must if you want to do business with government at this classification level.
By achieving FSC status and CSM, you not only qualify to deliver your government contract, but you also increase the protection to your business as you will reduce the risk from the ever-increasing threat of harmful cyber attack.
As with all compliance regimes, businesses fear the time and effort involved, but such challenges often come with a silver lining. At Ascentor, we always seek to identify the business benefits of complying with standards and schemes, so your FSC status may set you apart in more ways than one.
For FSC certification, you must demonstrate you have a secure space, specific company roles, responsibilities and information systems, and clear security policies, processes and plans that are embedded in your organisation.
Ascentor can steer you through what is needed to become FSC certified. We start with our tried and tested Gap Analysis, a four-step process that will arm you with the knowledge to make business decisions regarding improvements and related resources.
On completion of an Ascentor Gap Analysis, you will understand where you are today, what needs to be done and an outline plan of how to achieve it. We can then support identified remediation activities and provide ongoing support to maintain your status and continually improve your cyber security posture in accordance with your business objectives.
You may also want to consider steps to be taken to achieve Cyber Security Model and Industry Personnel Security Assurance certification.
We leverage years of experience in cyber security to deliver comprehensive solutions tailored to your needs.
We're accredited in ISO 9001:2015, Cyber Essentials Plus, IASME Gold and are a Crown Commercial Service Supplier.
NCSC (CESG) Certified Professionals CCP and Certified Information System Security Professional CISSP certified.
We're Certified Information Security Managers (CISM).
We're members of the Chartered Institute of Information Security (CIISec). CREST and Cyber Scheme Registered Pentesters.
We stay ahead of the curve, consistently updating our services to handle the rapidly evolving landscape of cyber threats.
We work closely with clients, fostering partnerships to better understand and address your cyber security needs.
We offer pragmatic, accessible solutions that balance security needs with the realities of your operational requirements.