to add a new content
Resource
Security Management Standard v1.0

This standard describes the requirements to implement and maintain an effective cyber security management system as required by the National Policing Community Security Policy Framework.
Implementation of this standard will help members to ensure that adequate management controls and oversight is in place to mature their cyber resilience.

Published 01/10/2023
Authoring body: Police Digital Service
Principles
Resource
Security Governance Standard V1.0

This Standard defines the requirements to implement Security Governance as mandated in the National Community Security Policy.

Published 01/10/2023
Authoring body: Police Digital Service
Standards
Resource
Information Assurance Standard V1.0

This Standard defines the requirements to implement Information Assurance as mandated in the National Community Security Policy.
This document describes the requirements to help implement a consistent and structured information security assurance programme, supported by comprehensive security testing (using a range of attack types), penetration tests, and regular security and risk compliance monitoring.

Published 01/10/2023
Authoring body: Police Digital Service
Standards
Resource
National Policing Community Security Policy v1.2

National Policing will maintain public trust by securing our data and by applying a consistent, proportional approach to technology risk across policing. The Community Security Policy (CSP) is an integral part of the Community Security Policy Framework and combined with Community Security Principles and the supporting standards, control objectives and other supporting documentation will help policing maintain public trust in its management of information assets. This Policy should be read in conjunction with the National Policing Community Security Policy (CSP) Framework, and Community Security Principles with which this policy is aligned. The audience, scope, objectives, governance and exception process for this policy are defined by the National Policing Community Security Policy Framework, which can be found in Knowledge Hub. For clarity this policy has been approved by the Police Information Assurance Board (PIAB) and applies to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing. This policy has taken into consideration and is aligned with industry best practice, which includes ISO/IEC 27002:2022, CIS Controls v8 (Center for Information Security), NIST Cyber Security Framework, CSA Cloud Controls Matrix v4 (Cloud Security Alliance) and NCSC 10 Steps to Cyber Security.

Published 09/02/2023
Authoring body:
Policy
Resource
National Policing Community Security Principles v1.2

Principles are general rules and guidelines, intended to be enduring and seldom amended, that inform and support and prioritise the way in which National Policing decides which ideas, initiatives and/or opportunities are to be progressed (and warrant investment) and those that are not. These principles are a fundamental part of the National Policing Community Security Policy Framework and provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of information security capabilities can be assembled. The primary focus of these principles is to provide the starting point for, setting the policy, standards and control objectives, which support the Community Security Policy Framework. The audience, scope, objectives, and governance for these principles are defined by the National Policing Community Security Policy Framework, which can be found on Knowledge Hub. For clarity these principles are approved by the Police Information Assurance Board (PIAB) and apply to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing.

Published 09/02/2023
Authoring body: Police Digital Service
Principles
Resource
National Policing Community Security Principles v1.0

Principles are general rules and guidelines, intended to be enduring and seldom amended, that inform and support and prioritise the way in which National Policing decides which ideas, initiatives and/or opportunities are to be progressed (and warrant investment) and those that are not. These principles are a fundamental part of the National Policing Community Security Policy Framework and provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of information security capabilities can be assembled. The primary focus of these principles is to provide the starting point for, setting the policy, standards and control objectives, which support the Community Security Policy Framework. The audience, scope, objectives, and governance for these principles are defined by the National Policing Community Security Policy Framework, which can be found on Knowledge Hub. For clarity these principles are approved by the Police Information Assurance Board (PIAB) and apply to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing.

Published 26/10/2022
Authoring body: The Police Digital Service
Principles
Resource
National Policing Community Security Policy Framework v1.2

This framework defines the holistic approach to information and technology risks by aligning to Government Security standards, guidance from the National Cyber Security Centre (NCSC) and industry best practice. The National Policing Community Security Policy Framework supports a proportionate baseline standard of cyber security for National Policing to deliver its operational and strategic objectives. As the cyber threat landscape facing the UK Police forces continues to evolve, so must the means by which forces maintain their security posture. The purpose of the National Policing Community Security Policy Framework is to provide the structure for information security for National Policing, suppliers, and partners to carry out their services securely.

Published 09/02/2023
Authoring body: Police Digital Service
Policy
Resource
POLE Data Standards Catalogue v1.0

The intended purpose of this standard is to promote interoperability and improve the data quality of systems by converging on a common set of POLE data definitions used within Policing. POLE data definitions describe how People, Objects, Locations and Events (POLE) should be formatted. 

There are 44 POLE entities described in this standard including:

  • 20 person entities
  • 13 object entities
  • 5 location entities
  • 6 event entities

The standard defines the attributes (field size, format, type) used to create the entities and contains and “entity x attribute map”. It also contains validation rules for these attributes.

This standard is owned by the National Police Chiefs Council (NPCC) and should be regarded as the default data standard for all POLE entities.

Along with the standard, the POLE data model (POLE v1.1.accdb) and data dictionary (POLE data standards - Data dictionary v1.1.xlsx) are also attached below. 

 

Published 25/08/2022
Authoring body: Police Digital Service (PDS)
Standards
Resource
Digital Evidence Storage v3.0

This is intended as a high-level overview of the requirements for digital evidence storage in a multimedia context. Ratings follow the MoSCoW system of Must, Should, Could and Won’t. The requirements are split into two sections, File Handling and Functionality. Systems must be compliant with the principles in the DSTL NPCC Digital Imaging and Multimedia Procedure v3.0 and Recovery and Acquisition of Video Evidence v3.0 and adhere to the Forensic Science Regulator Act 2021 and Statutory Code.

Published 06/12/2022
Authoring body: NPCC
Standards
Resource
NPCC framework for use of video evidence v3.0

This document is relevant to all police non-specialist front-line staff and forensic unitsi who utilise video evidence and to bring clarity around activities relating to recovery, acquisition, viewing and processing of CCTV. It outlines those activities that must be undertaken by Police Forces and accredited laboratories in line with the Forensic Science Regulator Act 2021 and Statutory Code. The following charts stipulate what level of training is required and whether force procedures must be in place to carry out Forensic Science Activities (FSAs) and mitigate the risks highlighted by the risk matrix where activities may be excluded from accreditation. This document has been created to support the recommendations of the NPCC CCTV Working Group and Specialist Capability Network and supersedes the now defunct Annex A and B CCTV Scope for Accreditation document, which was previously circulated by the NPCC as a supplement to the first Forensic Regulators FSR-C-119 Code of Practice and Conduct, now replaced by the Statutory Code and FSA Digital Forensics - Video Analysis, and FSA Basic Recovery and Acquisition of Images.

Published 06/12/2022
Authoring body: NPCC
Standards