The UK Telecoms Security Act (TSA) is a law that sets out overarching security duties for providers of UK public telecommunications networks and services. These duties include compliance with the Electronic Communications (Security Measures) Regulations, which provides more specific security requirements. UK telecom providers are required to submit evidence to Ofcom (the UK telecoms regulator) about how they will comply with these security regulations.
The Telecoms Security Code of Practice contains detailed technical guidance measures and sets out the UK government’s preferred approach for UK telecoms providers to demonstrate TSA compliance. UK telecoms providers may choose to adopt different technical solutions or approaches to those specified in the code of practice, but must explain to Ofcom the reasons for doing so.
While the legislation described above does not apply directly to Google, we have created a TSA Compliance Guide for Google Cloud to help UK telecoms providers understand how we can support you in meeting the requirements of the Telecoms Security Act and assess us as a third-party supplier. The Compliance Guide includes a Google Cloud commentary against each Code of Practice measure and a mapping to relevant Google Cloud documentation.
This information is relevant for UK telecoms providers wishing to host “Security Critical Functions” (SCFs) and/or “Network Oversight Functions” (NOFs) and/or related “sensitive data” (as defined by the Electronic Communications Security Measures Regulations) in Google Cloud. According to the framework, responsibility for assessing compliance with these regulations (and providing related evidence to Ofcom) remains with the telecoms providers. For additional information, please contact your Google Cloud account team.
Start building on Google Cloud with $300 in free credits and 20+ always free products.