What are Codes of Connection (CoCo)?
A Code of Connection (CoCo) is used when a formally accredited information system wishes to connect to another “unknown” information system. There are a variety of reasons for wishing to connect information systems together, but they usually involve a requirement to exchange data and information.
How does CoCo Work?
A code of connection works by the accredited system stipulating a baseline set of controls to be implemented, or commented on, by the connecting organisation.
These controls are usually selected from best practice (ISO 27002) or, more usually, various HMG Information Assurance requirements.
The controls can broadly be broken down into the following types:
- Technical - such as implementing an assured barrier between the two organisations or performing an IT Health Check.
- Procedural - such as ensuring that all security incidents are reported to the partner organisation.
- Physical - such as ensuring that the physical security of assets is adequate.
- People - such as ensuring that all staff involved have appropriate background and identity checks or appropriate education, training and awareness.
When the code of connection is completed, the accredited information system will assess the threat the connecting organisation poses. If it believes that the risks are acceptable, it will authorise the connection.
How stringent a code of connection is depends on the level of assurance required between the participant organisations.
What Specific Codes of Connection (CoCo) services are we likely to require?
- Connecting to N3 - N3 is the integrated network for the NHS, a combination of broadband connections and network services which are intended to link all NHS sites in England and Wales. Our N3 Consultancy service will help you to comply with NHS security policies.
- Gambling Commission - Our experienced consultants can help you map a route to compliance with the technical requirements of the Gambling Commission.
- GSI, xGSI, GSX, GCSX, GSE.