to add a new content
Resource
Security Governance Standard V1.0

This Standard defines the requirements to implement Security Governance as mandated in the National Community Security Policy.

Published 01/10/2023
Authoring body: Police Digital Service
Standards
Resource
Information Assurance Standard V1.0

This Standard defines the requirements to implement Information Assurance as mandated in the National Community Security Policy.
This document describes the requirements to help implement a consistent and structured information security assurance programme, supported by comprehensive security testing (using a range of attack types), penetration tests, and regular security and risk compliance monitoring.

Published 01/10/2023
Authoring body: Police Digital Service
Standards
Resource
National Policing Community Security Policy v1.2

National Policing will maintain public trust by securing our data and by applying a consistent, proportional approach to technology risk across policing. The Community Security Policy (CSP) is an integral part of the Community Security Policy Framework and combined with Community Security Principles and the supporting standards, control objectives and other supporting documentation will help policing maintain public trust in its management of information assets. This Policy should be read in conjunction with the National Policing Community Security Policy (CSP) Framework, and Community Security Principles with which this policy is aligned. The audience, scope, objectives, governance and exception process for this policy are defined by the National Policing Community Security Policy Framework, which can be found in Knowledge Hub. For clarity this policy has been approved by the Police Information Assurance Board (PIAB) and applies to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing. This policy has taken into consideration and is aligned with industry best practice, which includes ISO/IEC 27002:2022, CIS Controls v8 (Center for Information Security), NIST Cyber Security Framework, CSA Cloud Controls Matrix v4 (Cloud Security Alliance) and NCSC 10 Steps to Cyber Security.

Published 09/02/2023
Authoring body:
Policy
Resource
National Policing Community Security Principles v1.2

Principles are general rules and guidelines, intended to be enduring and seldom amended, that inform and support and prioritise the way in which National Policing decides which ideas, initiatives and/or opportunities are to be progressed (and warrant investment) and those that are not. These principles are a fundamental part of the National Policing Community Security Policy Framework and provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of information security capabilities can be assembled. The primary focus of these principles is to provide the starting point for, setting the policy, standards and control objectives, which support the Community Security Policy Framework. The audience, scope, objectives, and governance for these principles are defined by the National Policing Community Security Policy Framework, which can be found on Knowledge Hub. For clarity these principles are approved by the Police Information Assurance Board (PIAB) and apply to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing.

Published 09/02/2023
Authoring body: Police Digital Service
Principles
Resource
National Policing Community Security Principles v1.0

Principles are general rules and guidelines, intended to be enduring and seldom amended, that inform and support and prioritise the way in which National Policing decides which ideas, initiatives and/or opportunities are to be progressed (and warrant investment) and those that are not. These principles are a fundamental part of the National Policing Community Security Policy Framework and provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of information security capabilities can be assembled. The primary focus of these principles is to provide the starting point for, setting the policy, standards and control objectives, which support the Community Security Policy Framework. The audience, scope, objectives, and governance for these principles are defined by the National Policing Community Security Policy Framework, which can be found on Knowledge Hub. For clarity these principles are approved by the Police Information Assurance Board (PIAB) and apply to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing.

Published 26/10/2022
Authoring body: The Police Digital Service
Principles
Resource
National Policing Community Security Policy Framework v1.2

This framework defines the holistic approach to information and technology risks by aligning to Government Security standards, guidance from the National Cyber Security Centre (NCSC) and industry best practice. The National Policing Community Security Policy Framework supports a proportionate baseline standard of cyber security for National Policing to deliver its operational and strategic objectives. As the cyber threat landscape facing the UK Police forces continues to evolve, so must the means by which forces maintain their security posture. The purpose of the National Policing Community Security Policy Framework is to provide the structure for information security for National Policing, suppliers, and partners to carry out their services securely.

Published 09/02/2023
Authoring body: Police Digital Service
Policy
Resource
Robotic Process Automation Cyber Security Guidance

This guidance describes best practice cyber risk management controls for using Robotic Process Automation (RPA) 
for the purpose of automating manual administrative overheads for National Policing Forces and 
applications. This document only provides guidelines to automating manual processes and is not intended for machine 
learning (ML) or artificial intelligence (AI) derived solutions. Please refer to separate guidelines and standards 
for Digital Process Automation (DPA), AI and ML related activities.

Published 01/07/2023
Authoring body: The Police Digital Service
Guidance
Resource
Safe deployment of TikTok

This guidance provides an overview of approaches to deploy TikTok safely

Published 01/06/2023
Authoring body: The Police Digital Service
Guidance
Resource
National Police Information Security Risk Management Risk Balance Case Template

The National Policing Information Security Risk Management Framework provides the foundations of risk management across policing in line with the Police Cyber Assurance Framework (PCAF). 

This template must be completed in conjunction with the National Security Risk Management Framework and Guidance.

The Risk Decision Document should be a single document that outlines any national risk, and the recommended measures for mitigating it. The template is organised into sections, each containing specific guidance points on content to be included.

Published 01/05/2023
Authoring body: The Police Digital Service
Reference Data / Templates
Resource
National Police Information Security Risk Management Guidance

The National Policing Information Security Risk Management Framework provides the foundations of risk management across policing in line with the Police Cyber Assurance Framework (PCAF). This guidance supports the risk management framework by detailing the actions required to firstly assess a risk, and then to manage it via the national risk register. This guide must be read in conjunction with the National Security Risk Management Framework.

Published 01/05/2023
Authoring body: The Police Digital Service
Standards