to add a new content
Resource
Facing the Camera - Guidance on police use of overt CCTV and facial recognition to locate persons on a watchlist in public

This code of practice issued by the Secretary of State (regulated by the Surveillance Camera Commissioner) under the Protection of Freedoms Act 2012 (PoFA) covers police forces in England & Wales. Chief officers must have regard to this code when using facial recognition algorithms as part of the operation of surveillance camera systems, or the use or processing of images or other information obtained.

The code only applies to the use of facial recognition technology and processing of images from surveillance cameras operated in 'live time' or 'near real time' operational scenarios.

The code includes considerations into:

  • Applicability
  • Biometrics
  • Ethics
  • Human Rights
  • Legal frameworks
  • Police policy documents
  • Governance
  • Evidence handling
  • Public engagement
  • Accountability and certification

Also included as an attachment is the National Surveillance Camera Strategy for context.

Published 01/11/2020
Authoring body: Surveillance Camera Commissioner (SCC)
Principles
Resource
Create and iterate an SPF record for email authentication

This document provides guidance on how to create and iterate a Sender Policy Framework record, which is a system of email authentication.

SPF works by providing domain owners a way to publish a list of the IP addresses which should be trusted for a given domain. A receiving email service can then check that a sending email service has an IP address which appears in the sender's published list.

If the IP address appears in the list of acceptable IPs, the receiving email service will forward the email to the recipient's inbox. If the receiving email service cannot confirm the IP address is valid, then it marks the email in accordance with the DMARC policy you have implemented on the domain the email is being sent from.

Published 02/07/2021
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
Criminal Justice System Exchange Data Standards Catalogue (Version 6)

The CJS Data Standards Catalogue is a collection of data standards used by Criminal Justice Organisations in England & Wales to support interoperability between their different ICT systems.

If you are a member of a Criminal Justice Organisation and work in the area of data standards then you too can help to shape that change. If you have any questions then please raise them with the Forum representative for your organisation by visiting https://www.gov.uk/guidance/criminal-justice-system-data-standards-forum-guidance

Published 01/01/2020
Authoring body: Criminal Justice System (CJS) Exchange Product Board
Reference Data / Templates
Resource
IDENT1

This document should be used in reference to the appropriate legislation, such as the Protection of Freedoms Act 2012: DNA & Fingerprint Provisions

IDENT1 is the UK’s nationals automated fingerprint system that provides biometric series for the police force and law enforcement agencies covering England, Scotland and Wales.

IDENT1 was introduced in 2004 and replaced the National Automated Fingerprint Identification System (NAFIS) of England and Wales, as well as the electronic fingerprint identification system used by the Scottish police forces. It was developed by Northrop Grumman with the use of advanced biometric identification technology.

IDENT1 enables the forces to search and compare fingerprints and crime scene marks in a single database, providing a unified collection of finger and palm prints.

The datasets that consist in within IDENT1 are the following:

  • Colour Type

  • Fingerprint Bureau Code Type

  • Fingerprint Owners sex Type

  • Fingerprint Status Type

  • Force Code Type

  • Force Station Coe Type

  • IDENT Offence Code Type

  • Jurisdiction Type

By using efficient algorithms and technology, IDENT1 is able to deliver a high degree of search accuracy and performance for the fingerprint officers (FPOs) and police officers by taking advantage of Biometric fusion technology.

Published 01/01/2019
Authoring body: Home Office
Reference Data / Templates
Resource
Resource Description Frameworks (RDF) for web development

The standards referred to by W3C are community generated standards, last reviewed by the National Standards Assurance Board in May 2021.

The World Wide Web Consortium (W3C) is an international community where Member organisations and the public work together to develop Web standards. It’s aim is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the Web. 

The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability. Some people view the Web as a giant repository of linked data while others as a giant set of services that exchange messages.

W3C's vision for the Web involves participation, sharing knowledge, and thereby building trust on a global scale.

The Web has transformed the way we communicate with each other. In doing so, it has also modified the nature of our social relationships. People now "meet on the Web" and carry out commercial and personal relationships, in some cases without ever meeting in person. W3C recognises that trust is a social phenomenon, but technology design can foster trust and confidence. As more activity moves on-line, it will become even more important to support complex interactions among parties around the globe.

Published 01/01/2020
Authoring body: W3C
Guidance
Resource
CPA Security Characteristic Software Full Disk Encryption (Version 1.24)

This document has been reviewed by the National Standards Assurance Board in May 2021 and is still deemed relevant with sound principles, despite being dated in some areas. Users should also be aware of the NEP Windows Blueprints.

 

This document describes the features, testing and deployment requirements necessary to meet CPA certification for Software Full Disk Encryption security products. It is intended for vendors, system architects, developers, evaluation and technical staff operating within the security arena.

The purpose of a software disk encryption product is to protect the confidentiality of data. This document aims to describe the requirements for Software Full Disk Encryption products and obtaining Commercial Product Assurance (CPA) certification under the CPA scheme.

A typical use case is the protection of a mobile device such as a laptop in case of accidental loss or theft.

The Security Characteristic is primarily targeted towards a single user for each protected devices only applicable to software disk encryption products that operate on PCs with Extensible Firmware Interface (UEFI) or  Basic Input/Output System (BIOS). Multiple users can also be evaluated.

Intended readers are for developers, system, architects, vendors and technical staff. The disk encryption software will prevent an attacker from accessing the data.

Published 01/01/2016
Authoring body: CESG National Technical Authority for Information Assurance
Standards
Resource
ISO/IEC 27034-2:2015 IT Security techniques - Application Security - Part 2: Organisation Normative Framework

This document provides a framework for application security.

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

There is an ever increasing need for businesses to focus on protecting their information and  technological infrastructures and Organisations must do this in order to stay in business. ISO/IEC 27034 provides concepts, principles, frameworks, components and processes to assist organisations in integrating security seamlessly throughout the life cycle of their applications. When an organisation uses a systematic approach for improving application security, it provides the organisation evidence and confidence that information being used and held in its application is being adequately protected. This part of ISO/IEC 27034 defines the processes required to manage the security of applications in the organisation.

The Organisation Normative Framework (ONF) is a key component for application security and provides a framework for best practises. It is the foundation of application security in the organisation. All organisations should base their decision regarding application security on this framework.

Therefore the purpose of this part of ISO/IEC 27034 is to assist organisations to create, maintain and validate their own ONF in compliance with the requirements of this International Standard.

Intended audience are managers, domain experts, auditors, ONF committee.

 

Published 01/01/2015
Authoring body: International Organisation for Standardisation (ISO)
Standards
Resource
Bluetooth General Guidance (v1.1)

Guidance on the risk-based approach to using Bluetooth enabled technology within the policing environment, including examples. This guide does not cover all use cases and for advice on exemptions for specific use cases, the NPIRMT team should be approached to provide a bespoke risk assessment.

 

 

Published 02/02/2017
Authoring body: National Policing Information Risk Management Team (NPIRMT)
Guidance
Resource
National Digital and Physical Evidence Retention Guidance

This document seeks to provide clarity and national guidance on the retention of both physical and digital evidence in order to provide policing with a framework to support a comprehensive physical and digital storage strategy.

There are a vast number of legislative sources to help determine how to manage and retain evidence, further compounded by confusion around records managed under Management of Police Information (MoPI) and physical evidence principally managed under the Criminal Procedure and Investigations Act (CPIA) and Police and Criminal Evidence Act (PACE). This document seeks to provide clarity on the difference between these two distinct areas of business as well as provide more general guidance.

Published 01/02/2021
Authoring body: National Police Chiefs Council (NPCC)
Guidance
Resource
Government Digital Service Standard

The GDS Service Standard provides 14 principles for all Government teams to use when creating public services.

Published 01/01/2019
Authoring body: Government Digital Services
Principles