PSN (Public Services Network)
The secure network connecting UK public sector organisations; connection requires PSN compliance certification.
Definition
The Public Services Network (PSN) is the secure network connecting UK public sector organisations. Connection to PSN requires PSN compliance certification covering security controls, accreditation status, and ongoing monitoring. Many UK public sector contracts (particularly central government, NHS, and law enforcement) require suppliers to hold current PSN compliance as a condition of contract where the contract involves connectivity to PSN-connected systems or handling of OFFICIAL-classified information.
How it works in practice
PSN compliance is operated by Cabinet Office and involves: certifying that the supplier's connection meets defined security controls (network security, identity and access management, cryptographic protection, ongoing monitoring), implementing the required technical configuration, undergoing initial accreditation including external assessment, and maintaining ongoing compliance through periodic re-accreditation and continuous monitoring. The compliance overhead is substantial: initial certification typically takes 3-6 months and significant investment in security architecture; ongoing maintenance requires dedicated security operations capability. PSN compliance sits alongside other UK public sector cyber security frameworks: Cyber Essentials Plus for general technical hygiene, ISO 27001 for information security management, and sector-specific requirements (Defence Cyber Protection Partnership for defence, NHS Data Security and Protection Toolkit for NHS). PSN is gradually being absorbed into broader UK Government Secure Network arrangements as central government technology infrastructure evolves; the transition is multi-year and existing PSN connections will continue alongside the evolving infrastructure. Suppliers needing PSN compliance for specific contracts should plan substantial security investment and engage specialist PSN compliance advisors for initial certification.
Common questions
Is PSN compliance the same as Cyber Essentials Plus?
No, PSN compliance is substantially more comprehensive. CE+ covers baseline technical controls verified through external assessment of sampled devices. PSN compliance covers full network connection security including continuous monitoring, identity management, and cryptographic protection. Many public sector contracts require both CE+ and PSN compliance for relevant connectivity.
When is PSN compliance required?
For contracts involving connectivity to PSN-connected systems or handling of OFFICIAL-classified information. Central government direct contracts and many NHS and law enforcement contracts require PSN compliance where the supplier needs network connectivity to public sector systems. For services delivered entirely outside the public sector network environment PSN may not be required.
How long does PSN certification take?
Typically 3-6 months from initial scoping to certification. Significant investment is needed in security architecture, technical configuration, and external assessment. Ongoing maintenance requires dedicated security operations capability. Plan PSN compliance as a strategic investment if you operate substantively in PSN-requiring contract areas.