to add a new content
Forensic Science Regulator Information Legal Obligations (Issue 5)

The role of the forensic science regulator is to advise the Government and the criminal justice system on quality standards in the provision of forensic science. Recommend new requirements for new and improved standards and providing advice and guidance so that providers will be able to demonstrate compliance with common standards, in procurement and in courts 

A key requirement of any standards framework in forensic science is that the output meets the requirements of the Criminal Justice System (CJS). 
 This document sets out the view of the Regulator as to the legal landscape within which forensic scientists operate within the CJS. 

There are legal obligations placed on expert witnesses as sources in the Criminal Justice System in England and Wales as Expert evidence is admissible “to furnish the court with scientific information which is likely to be outside the experience and the knowledge of a judge or jury”. This places the expert witness in a privileged position.

It is important to note that expert evidence can only be given by a person who is an expert in the relevant field. An expert witness must provide the court with objective, unbiased opinion on 
matters within his expertise 
Witnesses must act with honesty and good faith. 

Published 01/01/2017
Authoring body: Forensic Science Regulator (FSR)
Criminal Intelligence Manual for Analysts

Intelligence is information (raw data) worked, evaluated in context to its source and reliability to create added value and meaning to its user (Information + Evaluation = Intelligence).

Analysis is about tracing their source to discover the general principles behind the information and ascertaining parts. Therefore we can say that intelligence analysis is about collecting and utilising information, evaluating it to process it into intelligence, and then analysing that intelligence to produce products to support informed decision-making. 

Analysis goes beyond the facts asking questions such as: 

  • What exactly is the problem?

  • What is it a problem?

  • What information do we already possess that is relevant to the problem?

  • Where is the information held?

  • How can we obtain it?

  • What meaning can we extract from the information?

  • Are we ready to take action with the information received?

The process of applying these questions, evaluating the answers, choosing the response and outputs/actions is the process and essence of what analysis is about. Analysis is going beyond the facts and digging deeper.

Therefore criminal intelligence analysis is the in-depth analysis of criminal activity, criminal information and the criminals. This also includes the retrieval and storage of digital/online content. The use of Information Technology has become ever so critical in the modern age.

Published 01/01/2011
Authoring body: United Nations Office on Drugs and Crime (UNODC)
Digital Asset Management System (DAMS) Standards

DAMS has been identified as a critical capability for the management and use of digital material within policing. This infographic describes the DAMS lifecycle, providing a high level explanation of the design, development and implementation stages of delivering a DAMS system. The supporting documents referred to in this document are currently going through a review and refresh. 

Use the Contact Us tab at the top of the page to request further details.

Authoring body: College of Policing
National Redaction definition and requirements

The National Redaction project, developed under the Digital Policing Portfolio (DPP) on behalf of the SRO DCC Jeremy Burton and the National Disclosure Board, has identified the nationally consistent requirements and supporting technology for redaction, includiing:

  • The business context and scope for redaction;
  • The business needs and related business outcomes and benefits;
  • The business users and their user stories;
  • The information that will need to be managed and its lifecycle;
  • National standards through identifying best practice in existing standards policy and procedures;
  • The functional and non-functional national requirements for redaction.
Authoring body: National Police Chiefs Council (NPCC)
Code of practice for the deployment and use of Body Worn Video (BWV) BS 8593:2017

The use of Body worn video (BWV) includes video and microphone both audio and visual recording. The recording can also be stored and exported.

BWV has become extremely in the video surveillance sector and within the Police Force, as officers are able to use BWV and capture key important evidence whilst on operational duty. However have been some issues around privacy, data security technical capabilities.

To ensure that BWV, is used for its intended purpose this standard has been written to provide operational and technical guidance to help strike a balance between safety and the privacy of the individuals being recorded and foster public trust in where and when BWV can be used.

Some of the activities in which BWV can be used are in emergency responses, night-time economy operations/events, security guarding, parking enforcement, door supervision.

Intended readers are Police officers, security companies, entertainment venues, local authorities.

Fees to accessing the standard may apply.

Published 01/01/2017
Authoring body: British Standards Institute (BSI)
National Intelligence Model

The National Intelligence Model (NIM) is a well-established model within the policing world that was established in 2000 by the National Criminal Intelligence service (NCIS) and adopted by Association of Chief Police Officers (ACPO) to help to mange the use of setting strategic direction, making prioritised resourcing decisions, intelligently allocating resources in the most efficient manner, developing and outlining tactical plans, coordinating activities and managing associated risks.

NIM has three levels which it operates on:

  • Level 1 – Local/Basic Command Unit (BCU)

  • Level 2 – Force and/or regional

  • Level 3 – Serious and organised crime that is usually national or international

NIM doesn’t just only help to serve crime and intelligence decision-making but is expansive in its dynamics and touches on the general policing business and decision-making. It also serves as a standardised approach for gathering, co coordinating and disseminating intelligence, which can be integrated across all forces and law enforcement agencies.

NIM allows for greater consistency of policing across the UK, operational strategies to focus on key priorities, ensures more officers are focused on solving priority problems and targeting the most active offender, achieves greater compliance with human rights legislation, improves direction and briefing of patrols, helps to reduce rates of persistent offenders through targeting the most prolific and helps to improves integration with partner agencies.

Published 01/01/2005
Authoring body: Home Office
Retrieval of Video Evidence and production of working copies from digital CCTV Systems (Version 2.0)

Digital CCTV installations vary greatly in terms of the recording methods as a result of varying solutions with different capabilities and functionality which are used to capture picture and video evidence with export facilities provided.

This document provides guidance on the retrieval of video from any digital CCTV system in its native file format and the methods for the production of working copies in non-native file formats, where this is necessary to facilitate further processing or replay in court.

The document contains a flowchart to help the user select the most appropriate retrieval method to use for any given CCTV system. Explanatory notes are also provided for each option and guidance

given for assessing the practicality and suitability of each technique to ensure that the right retrieval method is selected to uphold evidential integrity.

The guidance also covers the production of working copies, specifically where this involves a conversion between video formats.

Options have also been presented for final storage of the working copy. Information is given as to the suitability of each conversion technique and storage medium, so that appropriate choices can be made to best minimise the potential degradation in image quality.

A checklist of actions is provided when retrieving data to ensure that all relevant information is captured and evidential integrity is maintained.

Published 01/01/2008
Authoring body: Defence Science and Technology Laboratory
GDPR Guidance: Contracts & Liabilities between Controllers and Processors (Version 1.0)

The GDPR draws a distinction between a ‘controller’ and a ‘processor’ in order to recognise that not all organisations involved in the processing of personal data have the same degree of responsibility.

A controller is he natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.

A processor natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Under the GDPR, when a controller uses a processor it needs to have a

written contract (or other legal act) in place to evidence and govern their working relationship. These contracts must now include certain specific terms, as a minimum.

This guidance sits alongside the Overview of the GDPR. The guidance sets out how the ICO interprets the GDPR, and our general

recommended approach to compliance and good practice.

Published 13/09/2017
Authoring body: Information Commissioner's Office (ICO)
HMG IA Standard Number 1 & 2 Information Risk Management (Issue 4)

{Consensus: This document is open for community feedback for it to be retired on the platform due to being dated and no longer supported by the authoring body}

Information Risk Management play a major role in the Police Service and in government agencies. All government departments and agencies must produce an Information Risk Management policy, as it is a fundamental aspect to Information Security Strategy as it has a huge impact on IA policies, standards and procedures. This must include:

  • Information risk appetite

  • Compliance with all legal and regulatory requirements

  • IA governance framework

  • Technical risk assessment against all ICT systems

This document serves as part of the Security Policy Framework (SPF) and supports the SPF mandatory requirements. 

The aim of this standard is to provide twenty Risk Management Requirements (RMRs), which government agencies must use as the basis for Information Risk Management Policy as well as supporting the intended readers list.

Intended readers are senior Information Assurance (IA) related government posts, Senior Information Risk Owners (SIROs), Departmental Security Officers (DSOs), Information Asset Owners (IAOs), Information Risk Managers (IRM), Security & Information Risk Advisors (SIRAs), Information Assurance Analysts.


For further enquiries, or if you'd like to provide feedback, please email or fax: 


Fax: (01242) 709193 (for UNCLASSIFIED FAXES ONLY)

Published 01/01/2012
Authoring body: CESG National Technical Authority for Information Assurance
Implementing ISS4PS Volume 2

{Consensus: This document is open for community feedback for it to be retired on the platform due to being out of date and replaced by the National Policing Digital Strategy}

The Information Systems Strategy for the Police Service (ISS4PS) version 3 is the overarching strategy for  Information Systems (IS)/Information Communication Technology (ICT) in policing. ICT Architecture is the technical foundation of an effective ICT strategy. The ISS4PS focuses on technology, data and application architecture, therefore as a result this document contains technical detail describing the architecture.

The ISS4PS is designed to assist in meeting many of the goals of government imperatives, such as, the National Policing Plan. In order for the Police Service to meet the demands set out, it must view itself as an enterprise operating at a national level. It also follows the e-GIF standards and principles, recognises the diversity of IS/ICT within the Police Service, and is cognisant of Criminal Justice System (CJS) technical architectures.

The key theme that runs throughout the ISS4PS is that the Police Service will develop more commonality and become more joined-up in its approach to IS/ICT services.

Intended readers are for ICT Directors, ICT central coordinators, ICT Solution Architects, service providers and technical staff at the Home Office, Association of Chief Police Officers (ACPO), Association of Police Authorities (APA), the Forces, and Criminal Justice Information Technology (CJIT).

Published 01/01/2015
Authoring body: Association of Chief Police officers (ACPO)