Company news

Egress Switch becomes the only UK Government CPA Foundation Grade certified email encryption product

London – October 2013 – Egress Software Technologies today confirms that its flagship email encryption product, Egress Switch, has been successfully verified against Gateway and Desktop Email Encryption Security Characteristics at Foundation Grade by CESG. This makes Switch suitable for sharing IL2 and low-threat IL3 data under current policy guidelines over the internet to Government departments, supply chain and ‘third sector’ organisations.

Operating as the UK national technical authority for information assurance, CESG is charged with enabling secure and trusted knowledge sharing, primarily serving central government departments and agencies, as well as the armed forces. Within this remit, Commercial Product Assurance (CPA) is offered to platforms performing security functions in the lower threat environments, providing assurance that they have been tested against CESG standards. 

Today’s announcement sees Switch become the only CPA approved product for email encryption at the desktop and gateway.

Commenting on the announcement, a CESG spokesperson said: “We are delighted that Egress Switch has passed its Commercial Product Assurance evaluation and will be certified to protect public sector information up to IL3. The CPA programme was set up by CESG to certify commercial security products for use by government, the wider public sector and industry. As such, it plays a crucial role in helping organisations select security products that have been independently assured and are fit for purpose. In the case of Switch, Egress’ innovative technology and commitment to demonstrating that it meets CESG’s standards means that the end-user has confidence that they are selecting an email encryption product that has been approved by CESG and is capable of protecting their organisation and the data they share from external threats.” 

Tony Pepper, CEO of Egress Software Technologies, explains: “At Egress, we recognise the challenge that organisations in the Public Sector face when trying to share sensitive information with external third parties. While existing networks such as GCSX, PNN, NHSmail and CJSM offer transport layer security when communicating across Government, in many cases sensitive information is not being afforded appropriate levels of protection when shared outside Government to external delivery partners, citizens and third sector businesses.”

“Working closely with the team at CESG, we have looked to tackle this information sharing challenge head on by offering customers real solutions to real problems. As such, this certification makes Switch the only CESG CPA approved product for sharing sensitive data up to IL3 across and outside Government,” continues Pepper. “In doing so, we are now able to provide an encryption platform that enables public sector organisations to improve efficiency and enhance the services they provide to the wider public, while delivering end-to-end information assurance throughout the lifecycle of shared information.”

About CESG

CESG is the Information Security arm of GCHQ and is based in Cheltenham, Gloucestershire, UK. It is the UK Government’s National Technical Authority for IA, responsible for enabling secure and trusted knowledge sharing to help its customers achieve their business aims.

CESG uses its deep technical expertise to provide its customers with insights into information risks and mitigations, enabling customers to reduce both the risks to, and impacts on, their information and information-based systems.

For more information on CESG, please visit

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.

Trusted by the world’s biggest brands, Egress has offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto. In April 2024 KnowBe4, the provider of the largest security awareness training and simulated phishing platform, entered into a definitive agreement to acquire Egress.