to add a new content
HMG IA Standard Number 1 & 2 Information Risk Management (Issue 4)

This document was retired in July 2021

Information Risk Management play a major role in the Police Service and in government agencies. All government departments and agencies must produce an Information Risk Management policy, as it is a fundamental aspect to Information Security Strategy as it has a huge impact on IA policies, standards and procedures. This must include:

  • Information risk appetite

  • Compliance with all legal and regulatory requirements

  • IA governance framework

  • Technical risk assessment against all ICT systems

This document serves as part of the Security Policy Framework (SPF) and supports the SPF mandatory requirements. 

The aim of this standard is to provide twenty Risk Management Requirements (RMRs), which government agencies must use as the basis for Information Risk Management Policy as well as supporting the intended readers list.

Intended readers are senior Information Assurance (IA) related government posts, Senior Information Risk Owners (SIROs), Departmental Security Officers (DSOs), Information Asset Owners (IAOs), Information Risk Managers (IRM), Security & Information Risk Advisors (SIRAs), Information Assurance Analysts.


For further enquiries, or if you'd like to provide feedback, please email or fax: 


Fax: (01242) 709193 (for UNCLASSIFIED FAXES ONLY)

Published 01/01/2012
Authoring body: CESG National Technical Authority for Information Assurance
Digital Imaging Procedure (Version 2.1)

This document was retired in July 2021

Digital imaging has become firmly established in the mainstream of public life and as a key enabling technology for the Police Service and Criminal Justice System (CJS) and has enormous benefit for the swift and accurate outcome of investigations.

Digital Imaging is the capture, retrieval, storage or use of evidential digital images. The aim of this document is to detail the processes involved in the proper capture and handling of digital images for police applications and to define best working practice starting from the process of the initial preparation and capture of images, through the transfer and designation of Master and Working Copies, to the presentation in court and finally the retention and disposal of exhibits.

A key part of the digital imaging process is the creation of an identifiable and isolated Master reference as this procedure enhances the integrity of proper evidential gathering processes whilst reducing the risk of malicious manipulation. It is also important to note that broader range of technologies are now available for the capture and storage of digital imagery which will be discussed in the document.

Intended readers of this document are operational, administrative and judicial staff involved throughout all stages of the Criminal Justice System (CJS) and anyone handling digital imaging.  

Published 01/01/2007
Authoring body: Home Office
Police Use of Digital Images

This document was retired in July 2021, replaced with the newer version covering images, video and audio (multimedia)

We live in a modern digital age society, where technological advancement is at the forefront of many initiatives and change, and as such evidential information have become ever so crucial than ever before.

With the high usage of smart phones, laptops, the Internet and social media, digital images and recordings are pivotal in police investigation. This cannot be underestimated. They are now a useful source of evidence for criminal justice purposes. Other evidences such as eye witness accounts, police statements are still highly valuable pieces of information and should neither be underestimated. Both together provide a holistic picture when investigating criminal cases.

As a result, the Police have a key role in managing, capturing, editing, processing, preparing cases, disclosing this to the Crown Prosecution service (CPS), storing, retaining and disposing of digital images carefully and according to guidelines highlighted. This document aims to offer practical guidance and advice on the role police play in digital imaging.

For more information and enquiries please see details below.


Telephone: 0870 241 5641

Published 01/01/2007
Authoring body: National Policing Improvement Agency (NPIA)
ACPO/ACPOS Information Systems Community Security Policy (Version 3.3)

This document was retired in July 2021

Information security enables the police Service to deliver their core operational duties by ensuring that information are safely secured, stored and kept confidential. This also includes ensuring accuracy of information gathered.

Information management, governance and assurance are vital functions within the police Service in ensuring that the police are able to provide protection to members of the public and ensure a proper assessment of threat, risk and harm are undertaken. This includes the gathering, processing, transfer of information as well as systems and networks and supporting processes.

ACPO/ACPOS have set out clear expectations and strategies in this document for the management and security of information that includes system interconnection security policies, force information security policies, risk management and accreditation document sets and business continuity plans.

Published 01/03/2010
Authoring body: Association of Chief Police Officers (ACPO)
National Policing Community Security Policy (Version 4.3)

This document was retired in July 2021.

Police information, systems and networks must be safeguarded and protected to ensure the Police Service can meet their statutory and regulatory responsibilities. The Police Service meets these responsibilities by the implementation of this Community Security Policy (CSP) which encompasses appropriate Information Assurance (IA) policies and guidance.

The Police Service also support the need for appropriate safeguards and the effective management of all information processes, and are committed to helping protect all community member information assets from identifiable threats, internal or external, deliberate or accidental.


The CSP have strategic aims that: 

1. Enable the delivery of policing by providing appropriate and consistent protection for the information assets

2. Comply with statutory requirements and meet the expectations of the Police Service to manage information securely

3. enable forces, agencies and relevant organisations to understand the need to implement the IA policies identified herein, so the Police Service is able to meet its legal, statutory and regulatory requirements. 

Published 01/01/2014
Authoring body: National Police Information Risk Management Team (NPIRMT)
Code of Practice and Conduct - Forensic Science Regulator (Issue 3)

The Codes of Practice and Conduct for Forensic Science Investigators, providers and practitioners is about ensuring quality standards are upheld to the highest order to the codes set out in the document. This code of Practice also set out the additional requirements requirement for accreditation is provided, particularly for digital forensics, firearms classification, drugs and toxicology.

This document has been written to assist organisations with understanding and interpreting the requirements of the standards, particularly BS/EN ISO/IEC 17025.

When the provisions in the Codes are fully implemented by all forensic science providers and practitioners and are understood by all end users, the potential for a forensic science quality failure to cause a miscarriage of justice will be substantially reduced and will provide a clear indication to customers and the public of what to expect.

It is important to note that forensic science quality framework does not operate in isolation and therefore it has been recommended that all interested parties in the  all forensic science space should read the appendices to the Codes (FSR-C- series) and guidance documents (FSR-G-series) relevant to their areas of expertise, and also the general guidance document on cognitive bias effects (FSR-G-217). The forensic science quality framework does not operate in isolation.

Published 01/01/2016
Authoring body: Forensic Science Regulator (FSR)