Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
Cyber Security Architectural Principles
This document provides all National Policing and its partners with a clear set of security architectural principles, which are the foundation to build, design and implement secure solutions.
Data Protection
On the 25th May 2018 the Data Protection Act 2018 was implemented by the UK as the General Data Protection Regulation also known as GDPR. It controls how personal information is captured and used by organisations and the government.
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’ and must ensure that the information they obtain is for a lawful purpose, used fairly and must be transparent about its intended purpose of usage and used explicitly for that purpose only.
Data should also not be kept for more than is necessary, and whilst it is kept, should be kept up to date and handled and secured in a way that does not compromise its protection from unauthorised processing, loss of theft of data.
It is important to note that there is stronger legal protection for more sensitive information such as race, health, sex life, orientation, ethnic background. There are separate safeguards for personal data relating to criminal convictions and offences.
Under the Data Protection Act 2018, an individual has the right to find out what information the government and other organisations holds about them and this ideally should be provided to the individual within 1 month.
To make a complaint about the misuse of personal information or lack of security it should be made to the organisation, following their response the complaint can also be made to the Information Commissioner’s Office.
ICO
casework@ico.org.uk
Telephone: 0303 123 1113
Equality Act 2010: Guidance (2015)
The Equality Act 2010 replaced previous anti-discrimination laws with a single Act. It protected people from discrimination, age discrimination and public sector Equality Duty, sets out the different ways in which the maltreatment of an individual can be unlawful.
The Equality Act 2010 provides a basic framework of protection against direct and indirect discrimination, harassment and victimisation in services and public functions, work, education, associations and transport, protection against indirect discrimination to disability, allowing claims for direct gender pay discrimination where there is no actual comparator and much more.
Before the Act came into force there were several pieces of legislation to cover discrimination, including:
-
Sex Discrimination Act 1975
-
Race Relations Act 1976
-
Disability Discrimination Act 1995
Complaints made about unlawful treatment, that happened after the 1st October 2010, the Equality Act will apply. However if was before this date, then the legislation that was in force at the time will apply.
The Equality Act 2010 includes provisions that ban age discrimination against adults in the provision of services and public functions. It also includes the public sector Equality Duty public bodies have to consider all individuals when carrying out their day-to-day work – in shaping policy, in delivering services and in relation to their own employees.
Regulation of Investigatory Powers Act 2000 (RIPA)
The regulation of Investigatory Powers Act 2000 relates to the interception, acquisition and disclosure of data relating to communications, the carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed.
There are three main ways of surveillance and covert human intelligence
-
direct surveillance
-
intrusive surveillance
-
use of covert human intelligence sources
Non-intrusive covert surveillance can be undertaken for a specific investigation, operation or purpose. Its result is to obtain private information about a person (whether or not one specifically identified for the purposes of the investigation or operation)
Intrusive surveillance is carried out either in a residential premises or private vehicle; and involves the presence of an individual on the premises or in the vehicle or is carried out by means of a surveillance device.
Human intelligence source is inducing, asking or assisting a person to obtain information by means of the conduct of such a source. This is achieved by establishing a personal or other relationship with a person for the covert purpose and covertly discloses information obtained by the use of such a relationship, or as a consequence of the existence of such a relationship.
Criminal Procedure & Investigations Act 1996 Code of Practice
The Criminal Procedure and Investigations Code of Practice applies in respect of criminal investigations conducted by police. A criminal investigation can be defined an investigation conducted by police officers with a view to it being ascertained whether a person should be charged with an offence, or whether a person charged with an offence is guilty of it.
This document sets out the manner in which police officers are to record, retain and reveal to the prosecutor material obtained in a criminal investigation.
The roles and responsibilities within a criminal investigation can vary. The functions of the investigator, the officer in charge of an investigation and the disclosure officer are separate. The amount of persons attached to this case to fulfil the above roles will depend on the complexity of the case and the administrative arrangements within each police force. Commonly, where there are more than one person undertaking the roles, close consultation between them is essential to the effective performance of the duties imposed by this code.
Persons other than police officers who are charged with the duty of conducting an investigation as defined in the Act are to have regard to the relevant provisions of the code, and should take these into account in applying their own operating procedures.
DNA and Fingerprint Provisions
Protection of Freedoms Act 2012: DNA and fingerprint provisions was introduced in October 2013 to cover the retention of DNA and fingerprints where it was ruled in the European Court in the case of S and Marper v UK that the blanket retention of DNA profiles taken from innocent people posed a disproportionate interference with the right to private life.
The protection of Freedoms Act strikes a balance between protecting the freedoms of those who are innocent of any offence whilst ensuring that the police continue to have the capability to protect the public and bring criminals to justice.
A DNA sample is an individual’s biological material, containing all of their genetic information. The act requires all DNA samples to be destroyed within 6 months of being taken. This allows sufficient time for the sample to be analysed. The only exception to this is if the sample is required for use as evidence in court, in which case it may be retained for the duration of the proceedings.
Fingerprints are usually scanned electronically from the individual in custody and the images stored on IDENT1, the national fingerprint database.
For Scotland, the legal acquisition, retention, weeding and use of DNA and Fingerprint data is outlined in Sections 18 to 19C of the Criminal Procedure (Scotland) Act 1995 - https://www.legislation.gov.uk/ukpga/1995/46/part/II/crossheading/prints-and-samples”
Website and application accessibility regulations and guidance
Public sector organisations need to think about accessibility at every stage and ensure they meet the Web Content Accessibility Guidelines (WCAG 2.1) design principles. The Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018 are now active and applicable to all public sector organisations, including policing, and this guidance has been created to support organisations meeting the requirements for all new and existing websites or applications.
The guidance is split into several sections:
1. Decide how to check the accessibility problems on your website or mobile app
2. Make a plan to fix any accessibility problems
3. Publish your accessibility statement
4. Make sure new features are accessible
The main theme throughout is that accessibility should be considered on how people with impairments to their sight, hearing, movement, memory or thinking may use the website/app. Regular tests should be carried out from the point code writing even through the public beta stage and at every time a new feature is added.
The best way to meet accessibility requirements is to:
-
think about accessibility requirements from the commencement
-
run accessibility tests regularly throughout development
-
get a formal accessibility audit before you go into public beta
-
make sure the service works with the most common assistive technologies - screen readers or speech recognition software
-
test the service with disabled users and with older users
Legislation link: https://www.legislation.gov.uk/uksi/2018/852/contents/made
NCSP Management of High Risk Applications standard v1.1
This standard outlines the minimum requirements and controls that must be met to ensure the secure management of applications identified as high risk.
Safe deployment of TikTok
This guidance provides an overview of approaches to deploy TikTok safely
NCSP Robotic process automation guideline
This guideline describes best practice risk management controls for using Robotic Process Automation (RPA) for the purpose of automating manual administrative overheads for National Policing Forces and applications
Showing 1 to 10 of 231 entries.