Microsoft Office 365 Receives G-Cloud IL2 Accreditation from Cabinet Office for Use Across the UK Public Sector

Microsoft’s public cloud productivity suite for email, collaboration and unified communications, including web conferencing, is now accredited to store and communicate data securely up to the UK Government’s Impact Level 2 classification

Reading, UK. — Feb. 04, 2013 —Microsoft’s public cloud-based productivity suite, Office 365, has been awarded Impact Level 2 (IL2) accreditation, further enhancing Microsoft’s offerings on the current G-Cloud Framework and CloudStore. The IL2 rating will benefit a broad range of UK public sector organisations, including local and regional government, NHS trusts and some central government bodies, who require ‘protect’ level of security for data processing, storage and transmission. This is a key milestone in supporting the UK Government’s stated aim of reducing the cost of ICT and moving 50 per cent of new ICT services to the cloud by 2015.

Office 365 takes the familiar tools of Microsoft Office, including Outlook, Word, Excel and PowerPoint, and integrates them with Exchange Email, SharePoint collaboration (including content management and social networking), and Lync unified communications. Office 365 makes these applications available over the web from any connected devices via a cost-effective and flexible subscription service. Adding the IL2 pan-government accreditation provides peace of mind for public sector organisations, and the citizens they serve.  It will deliver confidence that information will stay within the parameters mandated by government-run departments. Microsoft’s EU datacentres are based in Dublin and Amsterdam and the Office 365 service complies with ISO27001 quality standards and utilises comprehensive data processing provisions to UK customers, incorporating the EU Model Clauses.

“This is a big endorsement of secure public cloud services and the role of Microsoft Office 365 in enabling flexible working and mobility, and at great value,” said Nicola Hodson, General Manager, Public Sector, Microsoft UK. “Accredited public cloud services at this level are still rare among large IT suppliers and it’s crucial that people understand that commodity public cloud services can be as secure as those that keep data behind the firewall and is entirely suitable for public sector data.”

“The Office 365 platform also creates a great opportunity for Microsoft’s SME Partner community, of which over 80 are already assured on the CloudStore marketplace, who can provide specialist cloud consultancy services or develop cost effective innovative apps for government users and citizens alike,” continued Nicola Hodson.

Andy Spurway, Head of Service Delivery, Information Services, Wiltshire Council:

“Wiltshire Council has migrated to Exchange Online as part of our wider strategy to exploit appropriate cloud services. Based upon our investigations and workshops with Microsoft we had confidence in the security and support structures in place for Exchange Online and Office 365. As such, we were happy to formally support Microsoft’s bid to acquire formal IL2 accreditation.  The award of accreditation has validated our assessment of the integrity of the Exchange Online service and provides further reassurance of Microsoft’s long term commitment to information security."

Martin Britton, Chief Information Officer, Natural Resources Wales:

We have always recognised Office 365 as being a great solution, and the right one for our organisation. Our risk analysis process determined Office 365 met our security and privacy needs. News that the Cabinet Office has now formally accredited Office 365 with IL2 certification is another layer of endorsement that should reassure both our own users and the people we provide services to.”

Dave Williams, Principal CLAS Consultant, TrustedIA (a specialist security practice):

“Office 365 achieving approval for IL2, enables HMG organisations to consume cloud services knowing that their information assets are secured within identified risk tolerances that have been independently assured to meet HMG standards and support organisational Accreditation decisions. In today’s economic climate it enables organisations to make informed risk decisions, reduce costs and increase flexibility in delivering their services to clients.”

Jeremy Neal, Head of Cloud Services at IMGROUP (a strategic Information Management Services consultancy):

“As a committed partner and advocate of Microsoft Cloud OS, IMGROUP is delighted to learn of the IL2 accreditation for Office 365. This is a testament to the commitment Microsoft is making to help government, health and other IL-based sectors realise the benefits of the cloud; be that private, public or hybrid. From a partner point of view, this is a fundamental step forward in helping us win with Office 365 in the public sector.”


About IL2

The Impact Level (IL), reflects the confidentiality of information managed in the service. IL 2 is also known as PROTECT and it includes personal information. The Impact Levels are defined by the Cabinet Office and CESG, CESG is the National Technical Authority for Information Assurance for UK Government. Further information on Impact Levels can be found here:

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realise their full potential.

For further information about this press release, please contact:

Louise Waller
Bite Communications
020 8834 3445

To keep up to date with Microsoft UK in Government news, follow: @msukingov

Comments (5)
  1. Andy Owen says:

    All fine and good, but where is the data hosted?

    Is there still no way to guarantee that it will be hosted within the borders of England and Wales (supposedly essential for NHS data)?

  2. Hi Andy,

    Our datacentres are in Dublin and Amsterdam. That said, NHS Connecting for Health have confirmed that it's a myth that PID must remain in England.

    Commissioning cloud should be no different from any other service in that a safety case/review must be conducted and the org must agree to own and manage any risks exposed. The ICO has created a document to help customers understand their responsibilities with regards to protecting data in cloud services.…/cloud-on-the-horizon-for-data-handling-outsourcing-27092012

    That said, we're more than happy to answer any questions you might have about our solutions. We're always here to help. I could put you in touch with a specialist, if that's something you're interested in.

  3. Parag Mahadik says:

    Does anyone know if the Microsoft Office 365 qualifies for IL3?

  4. Hi Parag,

    The government now uses the designations OFFICIAL, SECRET and TOP SECRET to describe the classifications of government documents. These new labels do not map directly to the old impact level system. You can learn more about the new labels here:…/Government-Security-Classifications-April-2014.pdf

    Microsoft Office 365 and Microsoft Azure are accredited to the OFFICIAL level, which makes them suitable for most government documents. You can learn more about the accreditation and what it means for you here:…/faq-what-microsoft-azure-and-microsoft-office-365-official-accreditation-means-for-your-organisation.aspx

    Thanks for writing,

    Jesse Stanchak

  5. Wendy Hodgson says:

    Is Project Online also covered by any form of security certification ?

Comments are closed.

Skip to main content