The UK’s minister for small firms, trade and industry, Barbara Roche, yesterday unveiled the British government’s plans for a scheme of accredited certification against BS7799, a new British standard on information security. The scheme is called C:Cure, and uses independent auditors, whose job it will be to judge the information security arrangements of digital signature certification authorities, trusted third parties and key recovery agents, measuring their resilience against a risk assessment of the threats to their business. The government has decided not to make certification obligatory, as had been its original plan, opting instead for a process of self-regulation. The hope is clearly that certification will become so desirable, as it grows more widespread, that companies will find it necessary in order to continue doing business.