to add a new content
Using Open Document Formats (ODF) in your organisation

Open Document Formats (ODF) 1.2 standard was selected by the Open Standards Board for use across the UK government. ODF works on most operating systems (including desktops, laptops, mobiles and tablets). This is because it is an open standards that allows suppliers to create interoperable office productivity solutions, can lower IT costs as ODF is low cost or free to use, allows government staff to share and edit documents, allows stricter security checks therefore helping it to prevent common cyber-attack scenarios, can add digital signatures to a document. 

ODF standard works with several software tools as Mac, Windows, Linux, and Android operating systems as well as many others. User needs are very important when selecting an ODF complaint solution, therefore the research and analysis is critical.

The standard also includes the following information:

  • Buying ODF compliant solutions

  • Migrating to ODF compliant solutions

  • Securing ODF compliant solutions

  • Integrating ODF compliant solutions

  • Setting up ODF complaint solutions

Published 01/01/2018
Authoring body: Government Digital Services (GDS)
Cybersecurity Framework NIST (Version 1.1)

National Institute of Standards and Technology (NIST), covers a wide range of topics including Bioscience, Chemistry, Advanced Communications, Cybersecurity, Energy, Materials, Nanotechnology, Neutron research, Physics, Health, Infrastructure, Public Safety, Standards, Transportation and many more.

NIST also cover a wide range of publications, laboratories and programs, Research projects, Services and Resources Software, Data, Computer Security Resource Center, and News and Events.

Under Cybersecurity, there is a framework developed to help organisations to better understand and improve their management of cybersecurity risk.

The Cybersecurity framework consists of standards, guidance, and best practices.

It stages of the framework:

  1. Identify

  2. Protect

  3. Detect

  4. Respond

  5. Recover

The cyber security framework help organisations prioritise, become flexible and cost-effective in promoting and dealing with protection and resilience of critical infrastructure and other parts critical to the national security and economy.

For further information and/or questions about the Cybersecurity Framework please contact:

Published 01/01/2018
Authoring body: National Institute of Standards & Technology (NIST)
Technology Code of Practice

The Technology Code of Practice is a set of criteria to help government design, build and buy technology. Technology Code of Practice should be used for all technology projects and programmes and should be aligned to the mandatory code and as much as possible align the organisation’s technology and business strategies to the Technology Code of Practice.

Following the Technology Code of Practice will help introduce or update technology so that it:

  • meets user needs, based on research with your users

  • is easier to share across government

  • is easy to maintain

  • scales for future use

  • is less dependent on single third-party suppliers

  • provides better value for money

  • makes use of open standards

Organisations must consider all points of the Technology Code of Practice as part of the Cabinet Office spend control process as it’s used as a cross-government agreed standard in the spend controls process. Where legacy technology limits your ability to adhere to the standard, you must explain this to the GDS Standards Assurance team.



Published 01/01/2019
Authoring body: Government Digital Service (GDS)
Defence Industry Security Notices

Industry Security Notices (ISNs)

 A Industry Security Notice (ISN) is an official document that tells people in industry about important instructions, guidance or other information relating to security.

Information from Ministry of Defence, that provides updates.

  • ‘ISN 2014/04 Farnborough International Air Show 2014: exhibition clearances’ has been removed

  • ‘ISN 2014/01: Government Security Classification Scheme’ updated April 2014

  • ‘ISN 2011/05 Defence & Security Equipment International (DSEi) 2011: exhibition clearances’ has been removed

  • ‘ISN 2011/02: incident report’ has been superseded by ‘2011/07: incident reporting’

  • ‘ISN 2011/03: Nato personnel security clearances’ has been superseded by ‘2014/03: Procedure for UK contractors to obtain Nato personnel security clearances’

Published 01/01/2021
Authoring body: Government Digital Services (GDS)
Recruitment Guidance - Candidate Management

Ensuring that the right candidates are selected for policing roles is essential. Employing the right selection process is essential to make the most efficient use of money, time and resources and can have the following benefits:

  • Reduce the probability of selecting individuals who will not perform at their jobs effectively.

  • Better value at the national Assessment process

  • Minimises disproportionality in outcomes for underrepresented groups

  • Maximise candidates potential by supporting, them and ensuring a positive candidate experience.

It is known that not all forces handle their recruitment process in the same way in the early process and therefore causes discrepancies in the way people are recruited in the police force. A sifting solution is being undertaken that aims to help effectively mange candidates. Whilst this is still on-going, this document aims to help police forces consider some key principles for an effective end-to-end recruitment process.

Each area should be considered:

  • Recruitment strategy

  • Attraction campaign and positive action

  • Registration

  • Force selection

  • National Assessment Process

  • Post-assessment process activity

  • Appointment

Monitoring of each area and collaborating with other learning providers are critical to the improvement, maximisation and best practise of the selection process.


Published 01/01/2020
Authoring body: College of Policing
Secure Sanitisation of Storage Media (Version 1.0)

Data sanitisation is a key aspect to any organisations dealing with data storage media and who want to ensure that unauthorised parties do not gain access to their data.

Data sanitisation has to do with the safe removal, treatments and disposal of sensitive information from storage media devices to guarantee that retrieval and reconstruction of data is not possible or may be very difficult to reproduce as some forms of sanitisation will allow you to re-use the media, while others are destructive in nature and render the media unusable.

There could be many reasons why an organisation may want to sanitise its data:

  • Re-use purposes – new user device allocation, re-purpose or resell device.

  • Repair purposes - return or repair faulty device

  • Disposal purposes – dispose of device

  • Destruction purposes – destroy information held on device or the device itself.

There are risks associated with improper sanitisation as key data may still remain on the device, such as:

  • Sensitive data may end up with the wrong people who can expose the sensitive data

  • Loss of control over information assets

  • Private or personal data could be leaked and used to commit fraud or identity theft.

  • Intellectual property could be used leading to reputational loss

Whilst this may not be entirely a sanitisation issue, it is part of it and one way to combat these risks is using encryption.



Published 13/02/2020
Authoring body: National Cyber Security Centre (NCSC)
Securing Technology at OFFICIAL

Guidance on how organisations should secure their technology and services to protect UK government information classified as OFFICIAL. 

The vast majority of UK government public services are conducted at the Official classification. Business operations and services include information routinely used that can have damaging consequences if lost or stolen.

Security at Official is achieved through following good commercial practices and understanding security needs and matching these requirements to the latest available technology availabilities. 

Published 01/01/2015
Authoring body: CESG National Technical Authority for Information Assurance
End User Device (EUD) Security Guidance 2

Guidance for organisations deploying a range of end user device platforms as part of a remote working solution.

Modern smartphones, laptops and tablets provide users with great flexibility and functionality, and include security technologies to help protect information and as such this security guidance document is general to all end user devices (EUD) and their deployments to help harness its security capabilities without hindering its functioning ability by ensuring device configuration are set up correctly.

This guidance is to help optimise security functions, allow for greater user responsibility to reduce security complexity, maintaining user experience, logging and audit information and enable greater interoperability of IT systems.

Published 01/01/2018
Authoring body: National Cyber Security Centre (NCSC)
Intelligence Management APP

Intelligence is information collected and gathered for the purpose of taking action. This process is continuous and critical to effective policing operations that allow for tactical options and prioritisation. Such intelligence can sometimes be classified as confidential or sensitive.

A Code of Practice has been issued by the secretary of state to develop a national intelligence model (NIM), which sets out principles and standards for chief officer and police and crime commissioners to adhere. Ensures the results of the standards are systematic for continuous progress and also helps promote compatibility of procedures and terminology for the (NIM) as well as monitor and evaluate the promulgation of good practice.

The code of the practice came into effect in January 2005.

Published 28/05/2019
Authoring body: College of Policing (CoP)
Setup Government Email Services Securely

All public services sending emails out on behalf of government organisations must follow all protocols, processes and guidelines to ensure that they secure their email service. This includes:

  • the service providing users with mailbox access

  • internal relays and gateways

  • email filtering services

  • third party services that send email on your behalf, like transactional email services

Key configurations are needed to ensure you email services run smoothly:

  • Transport Layer Security (TLS)

  • DomainKeys Identified Mail (DKIM)

  • Domain-based Message Authentication, Reporting & Conformance (DMARC)

  • Public Domain Name System (DNS)

  • Ability to make administrative changes


If there are any changes made to your email security, ensure that you communicate such changes to all staff in your organisation.

Published 01/01/2020
Authoring body: Government Digital Services (GDS)