Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
Cyber Security: Identity and access management
Step 6 from the 10 steps to Cyber Security covers how to control who and what can access your systems and data via identity and access management (IAM)
Access to data, systems and services need to be protected. Understanding who or what needs access, and under what conditions, is just as important as knowing who needs to be kept out. You must choose appropriate methods to establish and prove the identity of users, devices, or systems, with enough confidence to make access control decisions. A good approach to identity and access management will make it hard for attackers to pretend they are legitimate, whilst keeping it as simple as possible for legitimate users to access what they need.
Cyber Security: Data security
Step 7 from the 10 steps to Cyber Security covers the need to protect data where it is vulnerable.
Data needs to be protected from unauthorised access, modification, or deletion. This involves ensuring data is protected in transit, at rest, and at end of life (that is, effectively sanitising or destroying storage media after use). In many cases data will be outside your direct control, so it important to consider the protections that you can apply as well as the assurances you may need from third parties. With the rise in increasingly tailored ransomware attacks preventing organisations from accessing their systems and data stored on them, other relevant security measures should include maintaining up-to-date, isolated, offline backup copies of all important data
Cyber Security: Logging and monitoring
Step 8 from the 10 steps to Cyber Security covers how to design your systems to be able to detect and investigate incidents.
Collecting logs is essential to understand how your systems are being used and is the foundation of security (or protective) monitoring. In the event of a concern or potential security incident, good logging practices will allow you to retrospectively look at what has happened and understand the impact of the incident. Security monitoring takes this further and involves the active analysis of logging information to look for signs of known attacks or unusual system behaviour, enabling organisations to detect events that could be deemed as a security incident, and respond accordingly in order to minimise the impact.
BS 10008 Evidential Weight and Legal Admissibility of Electronic Information
This document outlines best practice for the implementation and operation of electronic information management systems, including the storage and transfer of information. It is designed to help you verify and authenticate all your information to avoid the legal pitfalls of information storage. BS 10008 outlines best practice for transferring electronic information between systems and migrating paper records to digital files. It also gives guidelines for managing the availability and accessibility of any records that could be required as legal evidence.
ISO 15489:2016 Data Records Management
ISO 15489 provides a framework for implementing records management systems - the lifecycle of records from creation through to disposal. Police forces can use this to inform internal records management systems such as the use of Share Point or use as an assessment when considering suppliers of systems, this could include case management.
This document was reviewed by the National Standards Assurance Board in July 2021 and still deemed current and of value to policing
[Added September 2021]
Publishing Accessible Documentation
There is a need under the Equality Act 2010 to ensure documents are readily available to users who have additional accessibility needs. This document explains how to publish accessible documents to meet the needs of all users under the accessibility regulations.
It covers:
- Writing accessible documents
- Making non-HTML documents accessible
- Creating a PDF/A for archiving purposes
- To save a PDF/A in Word, click Save As, change Save as type to PDF, click Options and tick 'PDF/A compliant'
The authors and National Standards Assurance Board accept that there is still a place for PDF documents, especially for archival purposes, but to ensure they are accessible in the future, they should be stored as PDF/A not the normal PDF format.
[Added September 2021]
Minimum standards schedule for the Retention and Disposal of Police Records (2020 v4)
The NPCC Guidance on The Minimum Standards for the Retention and Disposal of Police records has been produced by the NPCC Records Management Working Group to assist police forces in their statutory responsibility to comply with the Data Protection legislation (GDPR EU 2016/679 and Data Protection Act 2018), The Code of Practice on the Management of Police Information (2005) and other legislative requirements.
It contains
- The responisibilities for records retention and disposal
- Risks
- Benefits of a retention schedule
- Management of Police Information (MoPI)
- Maintenance
- Records Retention Tables for:
- Assets & products
- Crime and Case files
- Detecting
- Finance
- Information
- Organisation, Programmes & Projects
- People
- Preventing
- Property
- Prosecution
[Added September 2021]
ISO 17025:2017 General requirements for the competence of testing and calibration laboratories
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. BSI provide the documentation and appropriate licensing.
This standard is used to confirm or recognize the competence, impartiality and consistent operation of laboratories. It applies to all organizations performing tests and/or calibrations, including first, second and third-party laboratories.
Who is this standard for?
- Laboratories where testing and/or calibration is part of inspection or product certification
- Laboratory customers
- Testing organizations
- Regulatory authorities
- Accreditation bodies
- Organizations and schemes using peer assessment
Why should you use this standard?
It specifies general requirements for the competence, impartiality and consistent operation of laboratories. It looks at all of the requirements that testing and calibration laboratories and testing organizations have to meet to prove that they operate a quality system; are technically competent; and can generate technically valid results. It applies to all organizations performing laboratory activities, regardless of the number of personnel.
What’s changed since the last update?
This standard had not been revised since 2005. This technical revision cancels and supersedes the previous edition and has made three main changes:
- A definition of “laboratory” has been added
- Risk-based thinking has been applied, enabling some prescriptive requirements to be replaced by performance-based requirements
- There is greater flexibility in the requirements for processes, procedures, documented information and organizational responsibilities
Frontline Digital Mobility - Connection Types
This guidance will explore the main connection types used by frontline officers and staff, whilst making recommendations about security and appropriate use. This guideline focuses on assisting forces to maximise their use of public 3G/4G (LTE) data networks prior to the delivery and adoption of the Emergency Service Network Data Services. This guideline does not cover voice services delivered over any of these networks.
Frontline Digital Mobility - Peripheral Keyboards
There are many types of keyboards available in the market place with many variances in terms of specification, features and of course price. This guidance explores these variances and makes recommendations (see section 4. Recommendations, page 2) to help forces make informed selections so as to accelerate their mobility maturity.
Showing 181 to 190 of 231 entries.