to add a new content
Resource
Video surveillance systems for use in security applications BS 62676

This document has been written by subject matter experts, together with many governmental organisations, test houses and equipment manufacturers to defined a common framework for video surveillance transmission in order to achieve interoperability between products. 

The 62676 series is divided into 4 independent parts:
Part 1: System requirements (with 2 sub-parts: General and Performance requirements)
Part 2: Video transmission protocols
Part 3: Analog and digital video interfaces
Part 4: Application guidelines

This standard is intended to assist Video Surveillance System suppliers, users (including law enforcement), integrators and other interested parties achieve a complete and accurate specification of the surveillance system. This standard standard does not specify the type of technology required for a certain observation task.

[Note that this document, despite being authored in 2014, has been reviewed by subject matter experts in April 2021 and deemed to still represent good practice and relevancy]

Published 01/05/2014
Authoring body: British Standards Institute (BSI)
Standards
Resource
UKAS Guidance on the Application of ISO/IEC 17025 Dealing with Expressions of Opinions and Interpretations 2017

Laboratories within the UK who wish to demonstrate that they operate to a quality system, are technically competent and are able to generate technically valid results must now meet the ISO/IEC 17025 requirements. This has now become the standard that UKAS now to assess a laboratory’s competence for the purposes of accreditation.

The purpose of this document is to set down United Kingdom Accreditation Service (UKAS) policy, process and guidance on assessment and accreditation of laboratories 

The difference in this policy set out is that laboratories UKAS policy that laboratory accreditation to ISO/IEC 17025 can now include the expression of opinions and interpretation of test/calibration results in reports as it is considered to be an inherent part of testing. Whereas before this was not permitted.

The laboratory’s documented quality system must reflect whether it is expressing opinions and interpretations and if so, for which activities. The process of interpreting test/calibration results for the purpose of expressing opinions and interpretations must be documented. 

 

Published 01/01/2019
Authoring body: United Kingdom Accreditation Service (UKAS)
Policy
Resource
Guidance on Automatic Number Plate Recognition (ANPR) Performance, Assessment and Optimisation

This guidance document suggests how to set up, maintain, monitor and maximise the performance of an ANPR system. It is written for law enforcement ANPR operatives and commercial installers on behalf of the National ANPR Strategy Board. It applies to ANPR systems that are part of the National ANPR Infrastructure (NAI) and may feed data into the National ANPR System (NAS).

Users should also consider the Data protection Act 2018 and Surveillance Camera Code of Practice when using this document.

Published 01/06/2020
Authoring body: Home Office
Guidance
Resource
Government Security Classification (GSM)

This document describes how HM Government classifies information assets into OFFICAL, OFFICIAL SENSITIVE, SECRET and TOP SECRET to ensure information can be protected but also efficiently shared. This is not a statutory scheme, but operates within the requirements of the Official Secrets Acts (1911 and 1989) and the Freedom of Information Act (2000) and Data Protection legislation.

Published 01/05/2018
Authoring body: Cabinet Office
Policy
Resource
National Policing Community Security Policy (5.7)

Please note this is an OFFICIAL-SENSITIVE document, to request access please use the 'Contact Us' tab to raise a general query

National Police information, systems and networks must be safeguarded to ensure the Police Community can meet their statutory and regulatory responsibilities. The Police Community meets these responsibilities through a community of trust and by the implementation of this Community Security Policy (CSP).

This document relates to all National Police information; systems/services and networks, for which Chief Officers or Chief Executives are Joint Data Controllers. Furthermore it extends to all systems whether national or local that connect to access police information. 

 

Published 13/05/2019
Authoring body: National Police Information Risk Management Team (NPIRMT)
Standards
Resource
Extraction of material from digital devices APP

This document sets out the obligations on the police under the Data Protection Act 2018 and how these interact with other relevant legislation and case law. It provides police officers and staff with a set of principles to inform how they obtain digital devices – most often mobile phones but also laptops and other computers – from victims, witnesses and suspects for the purpose of an investigation and how they then extract the digital material from those devices. It will also help the public understand the responsibilities of the police when gathering evidence, obtaining devices and accessing the material held on them.

Published 01/05/2021
Authoring body: College of Policing (CoP)
Principles
Resource
Cyber Essentials guidance

Most cyber attacks are conducted by unskilled individuals and are very basic in nature and cyber security is an important aspect to guard any organisation from cyber attacks. There are five essential technical controls that any organisation can put in place the following:

  1. Use a firewall to secure your internet connection

Many organisations will have a dedicated boundary firewall which protects their whole network. This effectively creates a ‘buffer zone’ between your IT network and other, external networks.

  1. Choose the most secure settings for your device an software

always check the settings of new software and devices and where possible, make changes which raise your level of security. For important accounts such as banking and IT administration, you should use two-factor authentication

  1. Control who has access to your data and services

To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. 

  1. Protect yourself from viruses and other malware

Viruses are another well-known form of malware (malicious software). These programs are designed to infect legitimate software, passing unnoticed between machines. A user may open an infected email attachment, browse a malicious website, or use a removable storage drive, such as a USB memory stick, which is carrying malware. You can use anti-malware/virus software to detect and treat them.

  1. Keep your devices and software up to date

Manufacturers and developers release regular updates which not only add new features, but also fix any security vulnerabilities that have been discovered. Therefore it is important that manufacturers support the device with regular security updates.

Published 01/01/2021
Authoring body: National Cyber Security Centre (NCSC)
Principles
Resource
10 Steps to Cyber Security

This guidance is designed to help organisations protect themselves in cyberspace and best practises for cyberspace security. It relays the task of defending your networks, systems and information into its essential components.

It is important to note, when dealing cyberspace protection, the organisation knows the kinds of cyber attacks it expects to understand what protection would be needed. 

Note: This high level guidance provides context on the 10 steps. Each step is also individually signposted on the National Standards platform.

 

Published 11/05/2021
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
Cloud Security Principles

Published by the National cyber security centre, this guidance document provides details and context on the following 14 cloud security principles.

1. Data in transit

2. Asset protection and resilience

3. Separation between users

4. Governance framework

5. Operational security

6. Personnel security

7. Secure development

8. Supply chain security

9. Secure user management

10. Identity and authentication

11. External interface protection

12. Secure service administration

13. Audit information for users

14. Secure use of the service

 

Published 17/11/2018
Authoring body: National Cyber Security Centre (NCSC)
Principles
Resource
Cyber Security: Asset management

Step 3 from the 10 steps to Cyber Security covers asset management, ensuring you know what data and systems you manage, and what business need they support.

Asset management encompasses the way you can establish and maintain the required knowledge of your assets. Over time, systems generally grow organically, and it can be hard to maintain an understanding of all the assets within your environment. Incidents can occur as the result of not fully understanding an environment, whether it is an unpatched service, an exposed cloud storage account or a mis-classified document. Ensuring you know about all of these assets is a fundamental precursor to being able to understand and address the resulting risks. Understanding when your systems will no longer be supported can help you to better plan for upgrades and replacements, to help avoid running vulnerable legacy systems.

Published 11/05/2021
Authoring body: National Cyber Security Centre (NCSC)
Guidance