In the U.K., the Code of Connection (CoCo) is a mandatory set of requirements that must be demonstrated before local authorities in England and Wales can connect to the Government Secure Intranet (GSI).
CoCo, which has been in effect since September 2009, requires local authorities (LAs) to provide a compliance statement that documents how their information technology (IT) meets baseline requirements set up by the central government. The requirements are adopted from ISO 27001, a framework for assessing risk published by the International Organization for Standardization (ISO). The parameters for risk can be divided into four broad categories: technical, procedural, physical and human.
CoCo compliance is assessed annually and a local authority can be audited at any time. To assist local authorities with demonstrating compliance, a government-to-government (g2g) program called Government Connect (GC) provides free support.