The standard was used to assess – and suggest responses to – technical risks to the confidentiality, integrity and availability of government information.
[1] The modelling technique used in the standard was an adaptation of Domain Based Security.
[2] The UK Cabinet Office Security Policy Framework requires that all ICT systems that manage government information or that are interconnected to them are assessed to identify technical risks.
[3] The results of an IS1 assessment, and the responses to risks, were recorded using HMG Information Assurance Standard No.2, usually abbreviated to IS2, which concerned risk management and was relevant to the accreditation of government computer systems.
[5] An HMG IS2 Full Accreditation Statement based on an HMG IS1 ITSHC (IT Security Health Check) by Deloitte and subsequent remediation by Recipero of its interface between Recipero's NMPR and the UK government's PNC, which are systems used to track mobile devices for law enforcement purposes was posted publicly.