to add a new content
Website and application accessibility regulations and guidance

Public sector organisations need to think about accessibility at every stage and ensure they meet the Web Content Accessibility Guidelines (WCAG 2.1) design principles. The Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018 are now active and applicable to all public sector organisations, including policing, and this guidance has been created to support organisations meeting the requirements for all new and existing websites or applications.

The guidance is split into several sections:

1. Decide how to check the accessibility problems on your website or mobile app
2. Make a plan to fix any accessibility problems
3. Publish your accessibility statement
4. Make sure new features are accessible

The main theme throughout is that accessibility should be considered on how people with impairments to their sight, hearing, movement, memory or thinking may use the website/app. Regular tests should be carried out from the point code writing even through the public beta stage and at every time a new feature is added.

The best way to meet accessibility requirements is to:

  • think about accessibility requirements from the commencement

  • run accessibility tests regularly throughout development

  • get a formal accessibility audit before you go into public beta

  • make sure the service works with the most common assistive technologies - screen readers or speech recognition software

  • test the service with disabled users and with older users

Legislation link:

Published 01/01/2019
Authoring body: Government Digital Services (GDS)
DNA and Fingerprint Provisions

Protection of Freedoms Act 2012: DNA and fingerprint provisions was introduced in October 2013 to cover the retention of DNA and fingerprints where it was ruled in the European Court in the case of S and Marper v UK that the blanket retention of DNA profiles taken from innocent people posed a disproportionate interference with the right to private life.

The protection of Freedoms Act strikes a balance between protecting the freedoms of those who are innocent of any offence whilst ensuring that the police continue to have the capability to protect the public and bring criminals to justice. 

A DNA sample is an individual’s biological material, containing all of their genetic information. The act requires all DNA samples to be destroyed within 6 months of being taken. This allows sufficient time for the sample to be analysed. The only exception to this is if the sample is required for use as evidence in court, in which case it may be retained for the duration of the proceedings.

Fingerprints are usually scanned electronically from the individual in custody and the images stored on IDENT1, the national fingerprint database.

For Scotland, the legal acquisition, retention, weeding and use of DNA and Fingerprint data is outlined in Sections 18 to 19C of the Criminal Procedure (Scotland) Act 1995 -

Published 01/01/2019
Authoring body: Home Office
Criminal Procedure & Investigations Act 1996 Code of Practice

The Criminal Procedure and Investigations Code of Practice applies in respect of criminal investigations conducted by police. A criminal investigation can be defined an investigation conducted by police officers with a view to it being ascertained whether a person should be charged with an offence, or whether a person charged with an offence is guilty of it. 

This document sets out the manner in which police officers are to record, retain and reveal to the prosecutor material obtained in a criminal investigation.

The roles and responsibilities within a criminal investigation can vary. The functions of the investigator, the officer in charge of an investigation and the disclosure officer are separate. The amount of persons attached to this case to fulfil the above roles will depend on the complexity of the case and the administrative arrangements within each police force. Commonly, where there are more than one person undertaking the roles, close consultation between them is essential to the effective performance of the duties imposed by this code. 

Persons other than police officers who are charged with the duty of conducting an investigation as defined in the Act are to have regard to the relevant provisions of the code, and should take these into account in applying their own operating procedures. 

Published 01/01/2015
Authoring body: Ministry of Justice (MoJ)
Data Protection

On the 25th May 2018 the Data Protection Act 2018 was implemented by the UK as the General Data Protection Regulation also known as GDPR. It controls how personal information is captured and used by organisations and the government.

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’ and must ensure that the information they obtain is for a lawful purpose, used fairly and must be transparent about its intended purpose of usage and used explicitly for that purpose only.

Data should also not be kept for more than is necessary, and whilst it is kept, should be kept up to date and handled and secured in a way that does not compromise its protection from unauthorised processing, loss of theft of data.  

It is important to note that there is stronger legal protection for more sensitive information such as race, health, sex life, orientation, ethnic background. There are separate safeguards for personal data relating to criminal convictions and offences.

Under the Data Protection Act 2018, an individual has the right to find out what information the government and other organisations holds about them and this ideally should be provided to the individual within 1 month.  

To make a complaint about the misuse of personal information or lack of security it should be made to the organisation, following their response the complaint can also be made to the Information Commissioner’s Office.

Telephone: 0303 123 1113

Published 01/01/2018
Authoring body: Information Commissioner's Office (ICO)
Management of Police Information (MoPI) APP

This Authorised Professional Practice (APP) provides guidance to forces on meeting the requirements of the Management of Police Information (MoPI) Code of Practice in relation to the review, retention and disposal of policing information and records. This APP is supplemented by the Manual of Guidance, which provides a further level of operational data.

Police information refers to all information obtained, recorded or processed for a policing purpose. The Management of Police Information (MoPI) authorised professional practice (APP) provides a framework and guidelines for managing police information, complying with the law and managing risk associated with police information including data retention.

  • Policing information is information held for a policing purpose. The MoPI Code of Practice definition of ‘policing purpose’ is:
    • protecting life and property
    • preserving order
    • preventing the commission of offences
    • bringing offenders to justice
    • any duty or responsibility of the police arising from common or statute law
  • Corporate information includes other organisational information, such as HR or finance records, minutes of meetings, policies and procedures.

There is further information on compliance with the Freedom of Information Act.

It should also be noted that the retention periods for biometric data are governed by the Protection of Freedoms Act 2012 and sit outside this APP.

Published 06/05/2020
Authoring body: College of Policing (CoP)
ISO 17020:2012 Requirements for the operation of various types of bodies performing inspection (Crime Scene Investigation)

ISO/IEC 17020:2012 specifies requirements for the competence of bodies performing inspection and for the impartiality and consistency of their inspection activities. Within policing this covers both traditional wet forensic work and digital forensic work carried outside of the laboratory environment, most typically at crime scenes.

Published 01/03/2012
Authoring body: International Standards Organisation (ISO)
ISO 17025:2017 General requirements for the competence of testing and calibration laboratories

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. BSI provide the documentation and appropriate licensing.

This standard is used to confirm or recognize the competence, impartiality and consistent operation of laboratories. It applies to all organizations performing tests and/or calibrations, including first, second and third-party laboratories.

Who is this standard for?

  • Laboratories where testing and/or calibration is part of inspection or product certification
  • Laboratory customers
  • Testing organizations
  • Regulatory authorities
  • Accreditation bodies
  • Organizations and schemes using peer assessment

Why should you use this standard?

It specifies general requirements for the competence, impartiality and consistent operation of laboratories. It looks at all of the requirements that testing and calibration laboratories and testing organizations have to meet to prove that they operate a quality system; are technically competent; and can generate technically valid results. It applies to all organizations performing laboratory activities, regardless of the number of personnel.  

What’s changed since the last update?

This standard had not been revised since 2005. This technical revision cancels and supersedes the previous edition and has made three main changes:

  1. A definition of “laboratory” has been added
  2. Risk-based thinking has been applied, enabling some prescriptive requirements to be replaced by performance-based requirements 
  3. There is greater flexibility in the requirements for processes, procedures, documented information and organizational responsibilities
Published 01/01/2017
Authoring body: International Standards Organisation (ISO)
Minimum standards schedule for the Retention and Disposal of Police Records (2020 v4)

The NPCC Guidance on The Minimum Standards for the Retention and Disposal of Police records has been produced by the NPCC Records Management Working Group to assist police forces in their statutory responsibility to comply with the Data Protection legislation (GDPR EU 2016/679 and Data Protection Act 2018), The Code of Practice on the Management of Police Information (2005) and other legislative requirements.

It contains

  • The responisibilities for records retention and disposal
  • Risks
  • Benefits of a retention schedule
  • Management of Police Information (MoPI)
  • Maintenance
  • Records Retention Tables for:
    • Assets & products
    • Crime and Case files
    • Detecting
    • Finance
    • Information
    • Organisation, Programmes & Projects
    • People
    • Preventing
    • Property
    • Prosecution

[Added September 2021] 

Published 13/11/2020
Authoring body: National Police Chiefs Council (NPCC)
Publishing Accessible Documentation

There is a need under the Equality Act 2010 to ensure documents are readily available to users who have additional accessibility needs. This document explains how to publish accessible documents to meet the needs of all users under the accessibility regulations.

It covers:

  • Writing accessible documents
  • Making non-HTML documents accessible
  • Creating a PDF/A for archiving purposes
    • To save a PDF/A in Word, click Save As, change Save as type to PDF, click Options and tick 'PDF/A compliant'

The authors and National Standards Assurance Board accept that there is still a place for PDF documents, especially for archival purposes, but to ensure they are accessible in the future, they should be stored as PDF/A not the normal PDF format.

[Added September 2021]

Published 01/07/2021
Authoring body: Government Digital Services (GDS) & Central Digital and Data Office (CDDO)
ISO 15489:2016 Data Records Management

ISO 15489 provides a framework for implementing records management systems - the lifecycle of records from creation through to disposal. Police forces can use this to inform internal records management systems such as the use of Share Point or use as an assessment when considering suppliers of systems, this could include case management.

This document was reviewed by the National Standards Assurance Board in July 2021 and still deemed current and of value to policing

[Added September 2021]

Published 01/04/2016
Authoring body: International Standards Organisation (ISO)