to add a new content
Resource
Data Protection Manual

This manual has been produced by the NPCC Data Protection, Freedom of Information, information Sharing and Disclosure Portfolio Group on behalf of the NPCC. It is updated and adapted to reflect decisions made by the NPCC, views of the Information Commissioner’s Office (ICO) (where appropriate) and the evolution of the legislation as it is interpreted, challenged or reviewed.

Note that this manual has not yet been updated to reflect the legislative changes arising from The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) Regulations 2019 as amended by The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) Regulations 2020.

The manual should be regarded as a document that both helps to create an environment across the police service in which compliance can be achieved, and as a means of providing guidance in areas of police business where the Act is regularly applied.

The manual contains a wide variety of information including:

  • Breakdown of governance and responsibilities
  • Definitions
  • General processing (GDPR & DPA Part 2)
  • Comparison between General Processing and Law Enforcement obligations
  • Law Enforcement processing (Part 3 of DPA)
  • Intelligence Service processing (Part 4 of DPA)
  • Assessing data protection compliance
  • The Commisioner, enforcement & offences
  • Case studies
  • Wide variety of appendices including
    • Template DPIA
    • Template National data processing contract
    • Template information sharing agreement
    • Template Data Protection policy 
Published 01/03/2021
Authoring body: National Police Chiefs Council (NPCC)
Guidance
Resource
Digital Investigation & Intelligence APP

The digital policing learning programme was created to for officers and staff to update their knowledge regarding digital intelligence and investigation. The programme helps explains the use and misuse of devices and applications and how they appear in the policing world. 

The programme’s aim is to ensure that all staff are:

  • confident facing situations where there is a digital element

  • competent in identifying and carrying out the actions required by those circumstances

  • able to ensure they are compliant in their actions.

The Digital Intelligence and Investigation project will deliver learning and knowledge resources that will ensure that all new and serving officers acquire the digital skills they need to undertake investigations effectively.  

Published 01/01/2020
Authoring body: College of Policing (CoP)
Guidance
Resource
Mobilisation APP

With the Police responding to critical and complex incidents, sometimes these incidents may require resources that go beyond the capacity and capability of the Police force. Some of these incidents may require the need of other partner agencies, other specialist skillsets and equipment and thus would need to be effectively managed and coordinated. Mobilisation is the process which supports mutual aid, at the local, regional or national level.

The National Police Coordination Centre (NPoCC) is responsible for the mobilisation of police assets, including general policing, operations and crime business areas. A lead force will be responsible for resourcing nationally-led crime enquiries. NPoCC should be the initial point of contact for any mobilisation requirements as it can provide advice and national coordination.

It is important to note that this a challenging area of work, particularly when the length of the investigation is unknown and mobilising crime assets is a new and emerging business field (mutual aid) for the Police service.

Published 01/01/2014
Authoring body: College of Policing (CoP)
Guidance
Resource
ISS4PS Annexes Volume 2

This document was retired in July 2021

The Information Systems Strategy for the Police Service (ISS4PS) is an overarching strategy for Information and Communications Technology (ICT) and Information Systems (IS) for the Police service across the whole of England and Wales. Volume 2 Annexes helps to define and establish a list of standards and should be used a requirements for new developments within the Police Service.

Annex contains guidelines and actions points for: 

1. Establishing ISS4PS standards information base (SIB) 

2. Actions and guidance for IT Directors

3. ISS4PS compliance to the architectural principles 

4. Guidelines for National Programmes focusing on 3 critical ISS4PS policies (Establishing Foundations, Delivering Joined-up Services and Delivering National Initiatives) 

5. Criteria's for corporate and national solutions developed or procured by the Police Force 

6. Summary of Principles and actions defined in 'Implementing ISS4PS Volume 2'  

Published 01/01/2005
Authoring body: Association of Chief Police officers (ACPO)
Principles
Resource
ISO/IEC 27003:2017 Information Technology — Security techniques — Information Security Management Systems — Guidance

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

This document was created to provide guidance on the requirements for an information security management system (ISMS) and provides recommendations, possibilities and permissions.

The following areas are very important for ISMS:

  • understanding the organisation’s needs and the necessity for establishing information security policy and information security objectives;

  • assessing the organisation's risks related to information security;

  • monitoring and reviewing the performance and effectiveness of the ISMS

  • practising continual improvement

The ISMS also has key components such as policies, defined responsibilities, documentation and management processes pertaining to policy establishment, planning, implementation, operation, performance assessment, management review and improvement.

Published 01/01/2017
Authoring body: International Organisation for Standardisation (ISO)
Standards
Resource
ISO 90011:2018 Guidelines for Auditing Management Systems

This document informs the creation of auditing systems.

With many organisations now wanting to combine a number of management systems into one, there has been awareness to also combine auditing capabilities into one for these management systems. As a result the international standard BS EN ISO: 19011:2011 has created this standard to provide organisations the knowledge for auditing modern management systems, the principles and guidance to ensuring they deliver a high standard of auditing capabilities and that organisations do not fail which could have damaging effects such as losing out on contracts, certifications, and operational efficiency.

Organisations can save vast amount of time, money and resources, by applying a single approach to multiple management systems by streamlining their auditing processes and removing duplication of effort.

This document shed insights into planning, decision-making and evaluating audits.

The standard includes (but not limited to:

  • Scope

  • Principles of Auditing

  • Managing an audit programme

  • Establishing the Audit programme

  • Implementing the audit programme

  • Monitoring an audit programme

  • Reviewing and improving the audit programme

  • Conducting audit activities

  • Preparing audit report

  • Conducting audit evaluation

  • And much more

Fee applies of £254.00 (members price: £127.00) for accessing the standard.

Published 01/01/2018
Authoring body: British Standards Institution (BSI)
Standards
Resource
ISO/IEC 27003:2017 Preview

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

This document provides guidance on the requirements for an information security management system (ISMS) as specified in ISO/IEC 27001 and provides recommendations (‘should’), possibilities (‘can’) and permissions (‘may’) in relation to them. It is not the intention of this document to provide general guidance on all aspects of information security.

Clauses 4 to 10 of this document mirror the structure of ISO/IEC 27001:2013.

This document does not add any new requirements for an ISMS and its related terms and definitions. Organisations should refer to ISO/IEC 27001 and ISO/IEC 27000 for requirements and definitions. Organisations implementing an ISMS are under no obligation to observe the guidance in this document.

An ISMS emphasises the importance of the following phases:

  • understanding the organisation’s needs and the necessity for establishing information security policy and information security objectives;

  • assessing the organisation's risks related to information security;

  • implementing and operating information security processes, controls and other measures to treat risks;

  • monitoring and reviewing the performance and effectiveness of the ISMS; and

  • practising continual improvement.

Published 01/01/2017
Authoring body: International Organisation for Standardisation (ISO)
Standards
Resource
Encoding Characters

 UTF-8, an encoding form for Unicode character sets, for government digital services and technology encodes all Unicode characters without changing the ASCII code.

Unicode is based on the American Standard Code for Information Interchange (ASCII) character set.

UTF-8 is an international standard used by, data scientists, data analysts and developers. It allows you to read, write, store and exchange text that remains stable over time and across different systems. It also have accurately translated languages moving between systems and prevent accidental or unanticipated corruption of text as it transfers between systems.

This makes UTF-8 flexible for a wide range of uses.

The government chooses standards using the open standards approval process and the Open Standards Board has final approval. Read more about the approval process for cross-platform character encoding. 

Published 01/01/2020
Authoring body: Government Digital Service (GDS)
Policy
Resource
All vehicles (VEH01)

All vehicles (VEH01) is a dataset of all licensed and registered vehicles in Great Britain and the UK, produced by Department for Transport.

It contains licensed vehicles, registered vehicles for the first time, vehicles by numbers of keepers, Statutory Off Road Notification (SORN) and the Ultra-low emissions vehicles (ULEVs).

For more information please contact Vehicles statistics

Emailvehicles.stats@dft.gov.uk

Public enquiries: 020 7944 3077

Published 01/01/2020
Authoring body: Department for Transport (DfT)
Reference Data / Templates
Resource
ISO/IEC 27032:2012 Information Technology — Security Techniques — Guidelines for Cybersecurity

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

The Cyberspace is a complex environment resulting from the interaction of people, software and services on the Internet, supported by worldwide distributed physical information and communications technology (ICT) devices and connected networks. However there are numerous security gaps not covered by current information security, Internet security, network security and ICT security. The aim of this international standard is to address Cyberspace security issues and bridge the gap between different security domains in the cyberspace.

International Standard provides technical guidance for addressing common cybersecurity risks such as social engineering, hacking, spyware and proliferation of malicious software.

It also provides guidelines for addressing risk such as preparing for attacks, detecting and monitoring attacks and responding to attacks.

The International Standard also provides a framework for information sharing, coordination, and incident handling.

Published 01/01/2012
Authoring body: International Organisation for Standardisation (ISO)
Standards