AuditXYZ

Compliance Framework

Public Services Network Code of Connection

The PSN Code of Connection is required for UK organizations connecting to the Public Services Network. This guide covers compliance requirements, IT Health Checks, and the annual submission process.

$20,000–$150,0003–9 monthsAudit Required2024 (ongoing updates to compliance criteria)
Request a ConsultationSee process
Issuing BodyUK Cabinet Office / Government Digital Service (GDS)
First Published2011-01-01
Latest Version2024 (ongoing updates to compliance criteria)
Typical Cost$20,000–$150,000
Typical Timeline3–9 months
Audit RequiredYes
Audit FrequencyAnnual compliance submission including IT Health Check by a CHECK-approved or CREST-certified tester.
Geographyunited-kingdom

PSN CoCo: UK Public Services Network Code of Connection

The Public Services Network (PSN) Code of Connection (CoCo) defines the security requirements that organizations must meet to connect to the UK's PSN — the government network that enables secure data sharing between public sector organizations. PSN connectivity is essential for local authorities, central government departments, NHS organizations, and their technology partners to access government services and share data securely.

What PSN CoCo Covers

The Code of Connection requires organizations to demonstrate adequate security controls across several domains. The cornerstone requirement is the IT Health Check (ITHC) — a comprehensive penetration test conducted by a CHECK-approved or CREST-certified tester that identifies vulnerabilities in the organization's network boundary and connected systems.

Beyond the ITHC, PSN CoCo requires evidence of patch management, network boundary protection, access control, user authentication, incident management, and compliance with PSN-specific connectivity and addressing requirements. Organizations must demonstrate that they have addressed all critical and high-severity findings from the ITHC before compliance is granted.

Who Needs PSN CoCo Compliance

Any organization that connects to the PSN must maintain annual CoCo compliance. This includes local councils, central government departments, NHS bodies, police forces, fire and rescue services, and their IT service providers and managed service partners. Technology vendors providing cloud services or managed IT to PSN-connected organizations must ensure their infrastructure meets PSN requirements.

Implementation Approach

Engage a CHECK-approved or CREST-certified tester to conduct the IT Health Check. The ITHC typically covers external network boundaries, internal network, wireless networks, and web applications connected to or accessible from the PSN. Remediate all critical and high-severity findings. Prepare the compliance submission documenting your security controls and ITHC results. Submit through the PSN compliance portal for review and approval.

Cost Considerations

PSN CoCo compliance costs $20,000 to $150,000 annually depending on network complexity and the number of connected sites. The ITHC alone typically costs $10,000 to $50,000 depending on scope. Remediation of findings can add significant costs if critical vulnerabilities are discovered. Organizations should budget for both the testing and remediation phases. The ongoing annual requirement means these costs are recurring.

Get the PSN CoCo starter pack

By submitting, you agree to our privacy policy.

Framework Mappings

Related frameworks

iso-27001g-cloudcyber-essentials

Get matched with a PSN CoCo auditor in 24 hours

Free, no-obligation — just tell us your email and we'll do the rest.

By submitting, you agree to our privacy policy.

Related Frameworks

Cyber Essentials
Framework
Cyber Essentials is the UK government-backed certification covering five essential cybersecurity controls. Learn about basic and Plus certification levels and their requirements.
View
G-Cloud
Framework
G-Cloud is the UK government's digital marketplace for cloud services. This guide covers how to list services, compliance requirements, the procurement process, and tips for winning public sector contracts.
View
ISO 27001
Framework
ISO 27001 is the international gold standard for information security management. This guide covers everything from scoping to certification, with real costs, timelines, and practical implementation advice.
View

Recommended Tools

6clicks Review 2026: Pricing, Features, and Verdict
Tool
Review of 6clicks, the AI-powered GRC platform with hub-and-spoke architecture. Covers Hailey AI, multi-entity support, pricing, and ideal use cases.
View
Akitra Review 2026: Pricing, Features, and Verdict
Tool
Review of Akitra, a compliance automation platform with broad framework coverage including FedRAMP and CMMC. Covers pricing, features, and who should use it.
View
Anecdotes Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes, a compliance OS that aggregates security tool data. Covers the aggregation approach, AI gap analysis, and comparison with Vanta.
View
Anecdotes Trust Center Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes Trust Center, the compliance-as-code trust portal. Covers live compliance sync, developer-friendly approach, pricing, and positioning.
View