(as also posted above in reply to the wrong post T_T)
This has nothing to do with the Regulation of Investigatory Powers Act. If some ne'er-do-well has stolen the hard drive, RIPA is not going to entitle them to the key to decrypt it, nor does it make encrypting it in the first place illegal! CESG ( http://www.cesg.gov.uk/ ) assesses a wide variety of cryptographic products as to their suitability for handling protectiveloy marked information, and some of these are restricted to HMG use only!
The paper forms for Developed Vetting themselves are marked "RESTRICTED STAFF (when completed)". See http://www.cabinetoffice.gov.uk/spf/faqs.aspx for information about protectively marked assets, and the DV forms themselves at http://www.hmgcc.gov.uk/clearance.aspx.
IRIS is not the same thing as IRIX.
IRIS stands for "Integrated Raster Imaging System", and was the name of a series of SGI hardware.
In the Intelligence Community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software.