DCMS - Department for Digital, Culture, Media and Sport - Telecommunications (Security) Act 2021

The Telecommunications (Security) Act 2021 (TSA) was established in the UK in October 2022 to create a security framework for telecom service providers that mandates specific technical requirements and measures. Published alongside the TSA was the Telecommunications Security Code of Practice from the Department for Digital, Culture, Media and Sport (DCMS.) The Code of Practice is a roadmap to success for implementing TSA. 

DCMS worked closely with the National Cyber Security Centre (NCSC), theUK’s national technical authority for cybersecurity, and the Office of Communications (Ofcom),the UK communications regulator. Part of the Code of Practice includes the NCSC Vendor Security Assessment (VSA.) The VSA provides information on the security of vendor’s processes and network equipment. The purpose of the guidance is to allow operators to objectively assess the cyber risk due to use of the vendor’s equipment. 

The following document provides Red Hat’s security declaration in response to the DCMS Code of Practice VSA request and an overview of Red Hat’s alignment with the published UK Telecommunications Security Act Code of Practice. This document details how Red Hat implements engineering and security best practices to ensure that we support and conform to the exacting demands for quality, transparency, and partnership of both the Government and the Telecommunications Sector within the UK.

The scope of this document includes Red Hat’s security declaration in response to the DCMS Code of Practice VSA request and an overview of Red Hat’s alignment with the published UK Telecommunications Security Act Code of Practice. 

Download the Red Hat Security Declaration DCMS Telecommunications Code of Practice Vendor Security Assessment.

• Telecommunications (Security) Act 2021
• Telecommunications Security CoP.pdf
• Vendor Security Assessment - NCSC.GOV.UK