Changes to Wiltshire Secure E-Mail – 31 March 2019
Changes to Secure E-Mail
The government has announced the ending of its GSI/GCSX secure email service with the service ceasing on the 31st March 2019. Wiltshire Council has therefore followed government advice and adopted the new Government Secure Standard for email.
The Council’s email service is now configured to be secure following central government standards. This covers information classified as OFFICIAL, including sensitive personal information and confidential information (for example health and social care). This means emails are encrypted in transit and our wiltshire.gov.uk domain is protected to minimise threats from malware and malicious links.
Wiltshire Council plans to close its GCSX email service on Friday 8th February 2019, after which you should send secure emails to our wiltshire.gov.uk domain. After that date any @wiltshire.gcsx.gov.uk email addresses that you previously sent to will have an @wiltshire.gov.uk email address that you should use instead.
Emails exchanged between NHSMail (nhs.net) accounts and Wiltshire Council will be encrypted by default. Health organisations that run their own email services are expected to comply with the NHS Secure Email Standard (SCCI1596) through a self-certification process. Please note that as Wiltshire Council will be verified as secure using the National Cyber Security Centre MailCheck tool, we are not required to accredit to the NHS standard as well.
Our understanding is that NHSMail is advising users to insert [SECURE] at the start of the subject line to indicate sensitive content, which in some cases may be inserted automatically. We will advise our staff that should they see [SECURE] in a subject line from NHS colleagues to handle the contents appropriately.
Criminal and Justice Services Mail accounts (cjsm.net) remain in use and are not directly affected by these changes. Providing there is a business need connected with the Justice community (e.g. children’s services), councils can continue to register for CJSM accounts.
We are asking for your co-operation in communicating these changes to your staff and contractors and helping them to understand that they can no longer rely on domain names (e.g. gcsx.gov.uk) when considering whether an email address is secure. For our part, we will be communicating the changes to our staff who regularly receive your emails.