to add a new content
Resource
National Digital Case File Standards

The Digital Case File national programme has established standards for how a case file is built and sent to the Crown Prosecution Service through collaboration with suppliers and police forces. 

This programme works with a number of organisations, such as the CPS, law enforcement agencies and suppliers to produce a set of standards, which suppliers can then use to produce compatible solutions, allowing law enforcement agencies to send case files digitally to CPS . This is the national standard required for any technical digital case file solution.

This DCF programme is being implemented in police forces now and the attached documents liable to be updated as it progresses.

The National Standards Assurance Board notes that the branding is CGI on the standards as this is reflective of their work in writing them, but this has been in partnership with policing who own and continue to contribute towards them.

Published 14/06/2024
Authoring body: The Police Digital Service
Standards
Resource
OVERSEAS IT ACCESS GUIDELINES

This guidance describes best practice risk management controls for accessing Policing ICT resources whilst abroad. It also describes the circumstances when forces can make a local decision or when referral to NSIRO is required when use abroad is required.

Published 02/04/2023
Authoring body: Police Digital Service
Guidance
Resource
NCSP Passwords standard V1.1

This Standard supports the principles set out in the National CSP, providing detailed guidance to those implementing and managing PDS & policing systems. This Standard applies to all passwords created for use on PDS & policing systems, including those for user-level accounts, system-level accounts, and any device-specific passwords.

Published 01/04/2024
Authoring body: Police Digital Service
Standards
Resource
National Police Information Security Risk Management Framework

This framework is to ensure that all security risks are identified, assessed, and managed in accordance with best practice in order to facilitate improved governance. It is mandatory for all information systems that hold Police information or which deliver an operational service to policing to undergo a risk assessment, as stipulated in the National Policing Community Security Policy. The Security Risk Management Framework mutually supports the Police Cyber Assurance Framework (PCAF). The framework supports the requirements of the National Community Security Policy (NCSP.)

Published 01/05/2023
Authoring body: The Police Digital Service
Guidance
Resource
National Police Information Security Risk Management Guidance

The National Policing Information Security Risk Management Framework provides the foundations of risk management across policing in line with the Police Cyber Assurance Framework (PCAF). This guidance supports the risk management framework by detailing the actions required to firstly assess a risk, and then to manage it via the national risk register. This guide must be read in conjunction with the National Security Risk Management Framework.

Published 01/05/2023
Authoring body: The Police Digital Service
Standards
Resource
National Police Information Security Risk Management Risk Balance Case Template

The National Policing Information Security Risk Management Framework provides the foundations of risk management across policing in line with the Police Cyber Assurance Framework (PCAF). 

This template must be completed in conjunction with the National Security Risk Management Framework and Guidance.

The Risk Decision Document should be a single document that outlines any national risk, and the recommended measures for mitigating it. The template is organised into sections, each containing specific guidance points on content to be included.

Published 01/05/2023
Authoring body: The Police Digital Service
Reference Data / Templates
Resource
Bluetooth Guidance V1.0

This guidance provides policing and law enforcement organisations with relevant information regarding risks associated with deploying Bluetooth technology within the workplace, and to enhance the risk-based decisions required in the use of such technology. This guidance adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.

Published 01/04/2023
Authoring body: The Police Digital Service (PDS)
Guidance
Resource
NCSP Bluetooth Guidance v1.6

This guidance provides policing and law enforcement organisations with relevant information regarding risks associated with deploying Bluetooth technology within the workplace, and to enhance the risk-based decisions required in the use of such technology.

Published 01/04/2024
Authoring body: Police Digital Service
Guidance
Resource
Password Standard v1 approved by NCPSB JAN 23

This standard supports the National Community System Policy System Access requirements with respect to defining requirements for the use and selection of a password / passphrase-based method of authentication. It should be read in conjunction with the System Access standard. Passwords represent only one method of authentication (something that you know) and should be combined with other methods such as something you have (token) or something you are (biometric). It is not always possible especially with legacy applications or services to utilise multi-factor authentication, and this is where this standard can help to ensure that risks are effectively managed. A strong passphrase / password will help to ensure lawful business access to applications, mobile devices, systems and networks when combined with an agreed access control policy and supported by an Identity and Access Management (IAM) system. Undertaking a business impact assessment (BIA) is important to determine specific information security requirements to support proportionate risk management. This Standard is aligned with the NCSC’s password guidance.

Published 26/01/2023
Authoring body: Police Digital Service
Standards
Resource
Secure By Design

This guideline provides guidance on the principles and application of the System Development Standard (Secure By Design) methodology.

Published 08/02/2024
Authoring body: PDS
Guidance
Resource
Penetration testing and ITHC Guideline

This guidance describes approaches to delivering comprehensive Testing (using a range of attack types), penetration tests, to support security and risk compliance monitoring

Published 01/02/2024
Authoring body: PDS
Guidance
Resource
Covenant for Using Artificial Intelligence (AI) in Policing

The rapid growth of Artificial Intelligence (AI) within policing is unsurprising. The speed and accuracy that AI can bring to police processes make it an attractive way to deliver an effective and efficient service. However, the application of AI can be contentious[i]. Transparency and fairness must be at the heart of what we implement, to ensure a proportionate and responsible use that builds public confidence.

This Covenant outlines a set of principles that forces have agreed will define how it uses AI in its business. They were endorsed by all members of the National Police Chiefs’ Council on 28 September 2023. The endorsement means that all developers and users of AI within policing must give due regard to the Covenant’s principles. Whilst the implementation of these principles across policing will be an ongoing and evolving area of work, publication of our principles ensure we are acting with transparency from the outset.

Published 01/09/2023
Authoring body: NPCC
Principles
Resource
Digital Case File Data Requirements 1.0.0

This document was retired in July 2021

The purpose of this document and standard is to detail the information requirements for the content of the digital case file to be transferred by forces to the Crown Prosecution Service (CPS).

The Digital Case File (DCF) Data requirements document help to define the structured case information and case summary required by the CPS for a first hearing, including that which must be served on to the court, defence and self-represented defendant as Initial Details of the Prosecution Case (IDPC). It also to define the content and data structure of the DCF, as required by the CPS and provided by the police for a case summary listed for a first hearing in the Magistrates Court.

This includes:

  • For all offences listed for a first hearing in the Magistrates Court by way of a charge sheet, summons or requisition.

  • To be used post-charge following either a police charge or cps pre-charge advice decision.

  • To be used for cases containing multiple defendants and offences.

  • For both anticipated guilty and not-guilty pleas.

  • For breach of bail (BoB) hearings.

Published 01/01/2015
Authoring body: Criminal Justice System (CJS)
Standards
Resource
National Digital Case File Standards

The Digital Case File national programme has established standards for how a case file is built and sent to the Crown Prosecution Service through collaboration with suppliers and police forces. 

This programme works with a number of organisations, such as the CPS, law enforcement agencies and suppliers to produce a set of standards, which suppliers can then use to produce compatible solutions, allowing law enforcement agencies to send case files digitally to CPS . This is the national standard required for any technical digital case file solution.

This DCF programme is being implemented in police forces now and the attached documents liable to be updated as it progresses.

The National Standards Assurance Board notes that the branding is CGI on the standards as this is reflective of their work in writing them, but this has been in partnership with policing who own and continue to contribute towards them.

Published 01/04/2021
Authoring body: Police Digital Service (PDS)
Standards
Resource
Police Approved Secure Facilities (PASF) security review checklist (v1.8)

Please note this is an OFFICIAL-SENSITIVE document, to request access please use the 'Contact Us' tab to raise a general query

This checklist covers the range of security measures to be assessed when reviewing how appropriate a premises is for handling police data. This can be used for both police premises but also suppliers premises, where they are handling or hosting data.

 

Published 01/06/2020
Authoring body: National Police Information Risk Management Team (NPIRMT)
Reference Data / Templates
Resource
National Policing Community Security Policy Framework v1.0

National Policing will maintain public trust by securing our data and by applying a consistent, proportional approach to technology risk across policing. The National Policing Digital Strategy 2030 is built upon the 2025 Policing Vision to provide the foundations for Policing to deliver the National Digital Strategic objectives. In the future we will exchange more data and information with partners, adopt new connected technologies and move to cloud-based infrastructures. The move to a more open ecosystem cannot be at the expense of information security. This framework defines the holistic approach to information and technology risks by aligning to Government Security standards, guidance from the National Cyber Security Centre (NCSC) and industry best practice. The National Policing Community Security Policy Framework supports a proportionate baseline standard of cyber security for National Policing to deliver its operational and strategic objectives. As the cyber threat landscape facing the UK Police forces continues to evolve, so must the means by which forces maintain their security posture. The purpose of the National Policing Community Security Policy Framework is to provide the structure for information security for National Policing, suppliers, and partners to carry out their services securely. The National Policing Community Security Policy Framework, this document, will be referred to as the ‘Framework’ throughout this document. The scope of the ‘Framework’ applies to both this document and the supporting National Policing Information Security Policy and National Policing Information Security Principles that underpin the framework. Membership of the established ‘Community of Trust’ built under the original Community Security Policy, which is replaced by this framework and its supporting policy and principles, now requires alignment to this framework and its underlying policy and principles.

Published 26/10/2022
Authoring body: The Police Digital Service
Guidance
Resource
National Policing Community Security Policy v1.2

National Policing will maintain public trust by securing our data and by applying a consistent, proportional approach to technology risk across policing. The Community Security Policy (CSP) is an integral part of the Community Security Policy Framework and combined with Community Security Principles and the supporting standards, control objectives and other supporting documentation will help policing maintain public trust in its management of information assets. This Policy should be read in conjunction with the National Policing Community Security Policy (CSP) Framework, and Community Security Principles with which this policy is aligned. The audience, scope, objectives, governance and exception process for this policy are defined by the National Policing Community Security Policy Framework, which can be found in Knowledge Hub. For clarity this policy has been approved by the Police Information Assurance Board (PIAB) and applies to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing. This policy has taken into consideration and is aligned with industry best practice, which includes ISO/IEC 27002:2022, CIS Controls v8 (Center for Information Security), NIST Cyber Security Framework, CSA Cloud Controls Matrix v4 (Cloud Security Alliance) and NCSC 10 Steps to Cyber Security.

Published 09/02/2023
Authoring body:
Policy
Resource
National Policing Community Security Principles v1.0

Principles are general rules and guidelines, intended to be enduring and seldom amended, that inform and support and prioritise the way in which National Policing decides which ideas, initiatives and/or opportunities are to be progressed (and warrant investment) and those that are not. These principles are a fundamental part of the National Policing Community Security Policy Framework and provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of information security capabilities can be assembled. The primary focus of these principles is to provide the starting point for, setting the policy, standards and control objectives, which support the Community Security Policy Framework. The audience, scope, objectives, and governance for these principles are defined by the National Policing Community Security Policy Framework, which can be found on Knowledge Hub. For clarity these principles are approved by the Police Information Assurance Board (PIAB) and apply to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing.

Published 26/10/2022
Authoring body: The Police Digital Service
Principles
Resource
National Policing Community Security Policy Framework v1.2

This framework defines the holistic approach to information and technology risks by aligning to Government Security standards, guidance from the National Cyber Security Centre (NCSC) and industry best practice. The National Policing Community Security Policy Framework supports a proportionate baseline standard of cyber security for National Policing to deliver its operational and strategic objectives. As the cyber threat landscape facing the UK Police forces continues to evolve, so must the means by which forces maintain their security posture. The purpose of the National Policing Community Security Policy Framework is to provide the structure for information security for National Policing, suppliers, and partners to carry out their services securely.

Published 09/02/2023
Authoring body: Police Digital Service
Policy
Resource
POLE Data Standards Catalogue v1.0

The intended purpose of this standard is to promote interoperability and improve the data quality of systems by converging on a common set of POLE data definitions used within Policing. POLE data definitions describe how People, Objects, Locations and Events (POLE) should be formatted. 

There are 44 POLE entities described in this standard including:

  • 20 person entities
  • 13 object entities
  • 5 location entities
  • 6 event entities

The standard defines the attributes (field size, format, type) used to create the entities and contains and “entity x attribute map”. It also contains validation rules for these attributes.

This standard is owned by the National Police Chiefs Council (NPCC) and should be regarded as the default data standard for all POLE entities.

Along with the standard, the POLE data model (POLE v1.1.accdb) and data dictionary (POLE data standards - Data dictionary v1.1.xlsx) are also attached below. 

 

Published 25/08/2022
Authoring body: Police Digital Service (PDS)
Standards
Resource
Digital Evidence Storage v3.0

This is intended as a high-level overview of the requirements for digital evidence storage in a multimedia context. Ratings follow the MoSCoW system of Must, Should, Could and Won’t. The requirements are split into two sections, File Handling and Functionality. Systems must be compliant with the principles in the DSTL NPCC Digital Imaging and Multimedia Procedure v3.0 and Recovery and Acquisition of Video Evidence v3.0 and adhere to the Forensic Science Regulator Act 2021 and Statutory Code.

Published 06/12/2022
Authoring body: NPCC
Standards
Resource
NPCC framework for use of video evidence v3.0

This document is relevant to all police non-specialist front-line staff and forensic unitsi who utilise video evidence and to bring clarity around activities relating to recovery, acquisition, viewing and processing of CCTV. It outlines those activities that must be undertaken by Police Forces and accredited laboratories in line with the Forensic Science Regulator Act 2021 and Statutory Code. The following charts stipulate what level of training is required and whether force procedures must be in place to carry out Forensic Science Activities (FSAs) and mitigate the risks highlighted by the risk matrix where activities may be excluded from accreditation. This document has been created to support the recommendations of the NPCC CCTV Working Group and Specialist Capability Network and supersedes the now defunct Annex A and B CCTV Scope for Accreditation document, which was previously circulated by the NPCC as a supplement to the first Forensic Regulators FSR-C-119 Code of Practice and Conduct, now replaced by the Statutory Code and FSA Digital Forensics - Video Analysis, and FSA Basic Recovery and Acquisition of Images.

Published 06/12/2022
Authoring body: NPCC
Standards
Resource
Police National Database (PND) Interface Business and Technical Guidance for Data Providers v3.5.0

This document provides:
• High level PND requirements
• Overview of Data requirements
• PND Message Schema design
• Data transmission mechanisms
• Data Scope
• Overview of software resources available including Data Test Suite.

Note this document is graded OFFICIAL-SENSITIVE, access can be requested by the 'Contact Us' tab at the top of the page.

Published 18/09/2020
Authoring body: Home Office
Guidance
Resource
UK Gov Cookie Cutter Data Science Project Template

This is a data science cookiecutter template for analytical, Python-, or Python and R-based projects within Her Majesty's Government, and wider public sector including policing, where it has been trialled and used as a standardised template for effectively sharing data science work and includes security features using pre-commit hooks to preserve sensitive information.

It also provides an Agile, centralised, and lightweight analytical quality assurance (AQA) process. Pull or merge request templates are used to nudge users to complete this process. This helps meet HM Government best practice on producing quality analysis, as defined in the Aqua Book.

The original developer in GDS has provided a blog post explaining the reasons for creation and provided a live demonstration from March 2021 on version 0.5.3

The National Standards Assurance Board reviewed this in January 2022 and found it being owned and actively developed by the Office for National Statistics, Best Practice and Impact team.

Published 20/07/2021
Authoring body: Office for National Statistics (ONS)
Reference Data / Templates
Resource
Open Source Software - Exploring the Risk (Good Practice Guide 38)

This guidance seeks to assist a range of IA professionals in exploring the risks associated with the use of Open Source Software (OSS) products. It does so by prompting a number of ‘whole lifecycle’ issues and questions which potential users should ask themselves when making software choices, not just of OSS, but also of proprietary products. This is because there are no ‘right’ or ‘wrong’ answers when it comes to the security of OSS versus that of proprietary (typically closed source code) products. There are good and bad examples of each in this respect and no one type is inherently more, or less, secure than the other.

This guidance supports the Government ICT StrategyI objective of creating a level playing field for open source software solutions. It does not evaluate, recommend or otherwise offer judgement on the following:

Specific OSS products;
Savings in running costs that an organisation may realise by the adoption of OSS over proprietary products;
The legal risks that may arise, for example from issues concerning copyright, intellectual property, or infringement of licences

This guidance was reviewed by the National Standards Assurance Board in January 2021 and was deemed to still provide relevant information

Published 01/10/2015
Authoring body: Communications-Electronics Security Group (CESG) [HMG]
Guidance
Resource
Retention, Storage and Destruction of Materials and Records relating to Forensic Examination

The purpose of this document is to provide guidance on the retention, storage and destruction of forensic materials and their associated records retained by physical and digital Forensic Units.

Published 01/06/2021
Authoring body: National Police Chiefs Council (NPCC)
Guidance
Resource
Biometric Standards and Exchange Requirements for Home Office Partners and their Suppliers v3.04

The purpose of this document is to provide details of the biometric interchange and image standards that must be adhered to by Partner1 organisations and their Suppliers that need to communicate with the back end biometric matching systems governed by the Home Office Biometrics (HOB) programme. (Note that the current HOB systems covered in this document are the HOB Biometric Services Gateway (BSG), Home Office “Immigration and Asylum Biometric System” (IABS) and national police fingerprint system, “IDENT1”.)
The document is divided into five parts as follows:
1) The Home Office biometric exchange format – “HONE-1”
2) Biometric recording and image standards, mandatory
3) Biometric recording and image standards, conditional
4) Biographic data, general
5) Appendices

Published 01/07/2017
Authoring body: Home Office
Standards
Resource
Open Referral UK Standards

Open Referral UK is an open data standard in use by Local Government. This standard establishes a consistent way of publishing and describing information for councils, to ensure the data is effectively used and shared for the benefit of local communities and services (https://www.localdigital.gov.uk/)

Published 01/01/2019
Authoring body: Open Referral UK
Standards
Resource
Cloud Enablement

Project to identify and provide support to forces as they transition capabilities from legacy on-premises systems to cloud technologies.

For further information, please use the 'Contact Us' tab, to get in touch with the relevant authoring team.

Published 01/01/2022
Authoring body: Police Digital Service (PDS)
Guidance
Resource
ISO 17020:2012 Requirements for the operation of various types of bodies performing inspection (Crime Scene Investigation)

ISO 17020:2012 specifies requirements for the competence of bodies (including police forces) performing inspection and for the impartiality and consistency of their inspection activities, this specifically relates to forensic practitioners conducting examinations at scenes of crime.

Published 01/04/2012
Authoring body: International Standards Organisation (ISO)
Standards