Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Civil emergencies require a professional and structured response to all emergencies, this includes Police, fire and ambulance services and must meet the Civil Contingencies Act 2004. These services must have interoperable arrangements to allow for well-coordinated responses to major or complex incidents, as this would affect life.
This document helps to cover contingency planning and responses to civil emergences from the Police service.
Some major incidents may result in loss of life. Disaster victim identification (DVI) is the process of being able to identify a deceased in multiple fatality incidents. This involves combining antemortem and post-mortem examinations to make a positive identification using scientific means. This takes place at the same time an investigation is being undertaken. DVI is an internationally accepter terms is and its principles are subject to international agreement through INTERPOL.
The Command and Control (C&C) solution is the incident management and deployment solution for police officers responding to incidents reports by the public. Command and control is the authority and capability of an organisation to direct the actions of its personnel and the use of its equipment.
Incidents are usually graded based on severity of the incident and officers have Service Level Agreements (SLA’s) target in responding to incidents especially serious/critical incidents. SLA’s may differ from police force. C&C can also be used for a wide range of scenarios ranging from policing local community events, to responding to a major criminal investigation such as a terrorist attack, arson attack requiring several officers to respond to more sensitive investigations such as a rape incident requiring more specialised officers.
There are times where certain incidents or operations where the police response requires a different approach and it may be necessary to establish a dedicated command structure such as bronze, silver and gold.
The success of any major incident coordination requires an organised, professional and methodical approach. The Major Room Incident (MIR) is critical to this coordination as this is where all information is gathered and analysed for response coordination.
Major investigation and public protection has many strands and arms. It consists of:
Child sexual exploitation
Female genital mutilation
Forced marriage and honour-based violence
Gangs and youth violence
Kidnap and extortion
Rape and sexual offences
Stalking or harassment
Managing sexual offenders
It also has major elements of mental health. The Mental health Authorised Professional Practice (APP) has provided guidance on Police response to members of the public who are experiencing mental ill health, have learning disabilities and mental and emotional vulnerable individuals. The guidance applies whether the police are acting in a criminal justice or health care capacity or in both of these roles.
There are incidents that take place where the police respond to a serious injury/incident or where there is a deceased or where at a later time the victim dies. This APP – describes the post-incident procedures, management, welfare and legal issues stemming from serious incidents.
The guidance outlines provision of accounts by officers and staff, provides responsibilities for key roles, and sets out approaches to organisational learning and debriefing. The information provided is relevant to any investigation, whether carried out by the force’s professional standards department (PSD) or by the relevant independent investigative authority (IIA).
It is the responsibility of each force to determine how the post-incident procedures will be implemented and should therefore create an implementation plan showing how each area, roles and responsibilities will be fulfilled. This should include any training plans needed for individuals carrying out specific roles.
Where serious injury or death has resulted in the discharge of a firearm by a police officer or member of police staff, this guidance will not apply. Please refer to APP Armed Policing.
It is important to note that a serious injury is referred to as a fracture, deep cut, deep laceration or injury causing damage to an internal organ or the impairment of any bodily function.
The Public Services Network (PSN) provides technical policies regarding the operation of its network. This provides a high-level guidance for the way in which government networks, as a whole should be managed.
The policies aim to create a simple mechanism for managing network services in government. The objectives of the policies are to:
operate the PSN as a single OFFICIAL network enabling services to be consumed from both the Assured and Protected networks.
enable the use of cloud email services that meet specific security standards for government email.
bring PSN and other government Domain Name System (DNS) services into line with best practice.
Email feedback to email@example.com
This guidance gives practical advice on the secure development, procurement and deployment of generic applications.
There are three types of common security issues:
Secure data handling
Third party applications
This guidance is written main for risk assessors and application developers on how to minimise the loss of data from applications running on all devices handling sensitive data. Sensitive information should not be stored on devices when it's not required. If it must be stored on a device, a native data storage protection APIs (Application Programming Interface) available on the platform must be utilised. You must also ensure that the applications allows administrators to delete sensitive data from devices if they are compromised or lost and encrypt sensitive information when stored, protected by an authentication mechanism.
You must also securely implement cryptographic functions and store sensitive information securely, and hide it from the user until they have been authenticated and ensure that sessions timeout periodically and require the user or application to repeat the authentication process and where possible manage user accounts centrally.
This guidance covers the deployment of a range of end user device platforms for the secure configuration of Windows 10 1809. Risk owners and administrators should agree a configuration which balances business requirements, usability and security.
Protective Monitoring Solution: All data should be routed over a secure enterprise VPN to ensure the confidentiality and integrity of the traffic. This also allows the devices, and data on them, to be protected.
Applications should be authorised by an administrator and deployed via a trusted mechanism.
Most users should have accounts with no administrative privileges. Administrator accounts should have a unique strong password per device.
Testing was performed on a Windows Hardware Certified device, running Windows 10 Enterprise. This guidance is not applicable to Windows devices managed via an MDM or Windows To Go.
This guidance is not applicable to Windows devices managed via an MDM or Windows To Go.
Risk owners and administrators should agree a configuration, which balances business requirements, usability and security.
The exchange of incident information between key organisations such as the Police Force, Highways England, Ambulance Service, Fire service is critical to saving lives and keeping members of the public safe.
The exchange of key information between organisations using command and control systems that manage incidents and deployments are used through formatted messages using extensible markup Language (XML).
This technical document aims to describe the implementation guidelines for exchanging information between multiple command and control systems between different organisations (Multi Agency Incident Transfer (MAIT), describe communications and data management issues that need to be considered, whilst providing suitable implementation guidance as well as describing interfaces available and their XML’s.
The purpose of the code will be to ensure that individuals and wider communities have confidence that surveillance cameras are deployed to protect and support them, rather than spy on them. Surveillance cameras when used appropriately can be a great tool used for public safety, protection of property and people and serve as security.
The Surveillance cameras Code of Practice was issued under Section 30 of the 2012 Act to provide guidance appropriate and effective use of surveillance camera systems by relevant authorities. It is welcomed and encouraged for other operators to use the code but it is not mandatory.
This is a significant step in achieving the ongoing process of delivering the government’s commitment to the ‘further regulation of CCTV’, which is a gradual process. As the understanding and application of the code grows and matures overtime, the government may consider expanding its members of the code to other relevant bodies that they deem fit they will benefit from the code of practice. This is clearly seen by the government as a way of improving the standards of camera security operators.
This document was reviewed by the National Standards Assurance Board in February 2021 and although related documentation, such as the Surveillance Camera Commissioners 'Facing the Camera' code of practice exists, it did not replace this existing document, which still offers value.
The National ICT Strategic Principles sets out architectural rules and guidelines in fulfilling its ICT strategies across the force. It helps to define the underlying general rules for the use and deployment of all ICT capabilities across the Police Force.
The document includes the following principles:
Architectural Business Principles:
Compliance with Law
Responsive Change Management
Data is a an Asset
Data is Accessible
Information Asset Owner
Management of Police Information
Single Authentication model
These have been reviewed by the National Standards Assurance Board in March 2021 and still deemed to posses relevant information. PDS confirmed that a new set of principles are in development to replace these.