to add a new content
Resource
Interoperability between Social Services / Health / Police

A project is underway to better automate the current manual data sharing for multi-agency safeguarding hubs, including the creation of data sharing agreement, data impact assessments, information assurance levels and data structures.

Published 01/11/2021
Authoring body: Contact NS team for details
Standards
Resource
Procurement policy notes

This collection brings together all procurement policy notes, providing guidance on best practice for public sector procurement, to better enable policing to have a consistent approach to the purchase of digital, data and technology solutions.

Published 01/10/2021
Authoring body: Cabinet Office / Crown Commercial Services (CCS)
Policy
Resource
Open Web Application Security Project Top Ten (OWASP)

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Organisations adopting this document should start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is an effective first step towards changing the software development culture within an organisation into one that produces more secure code.

Published 01/01/2021
Authoring body: Open Web Application Security Project (OWASP)
Guidance
Resource
Forensic Science Regulator Information Legal Obligations (Issue 5)

This document was retired in June 2021.

The role of the forensic science regulator is to advise the Government and the criminal justice system on quality standards in the provision of forensic science. Recommend new requirements for new and improved standards and providing advice and guidance so that providers will be able to demonstrate compliance with common standards, in procurement and in courts 


A key requirement of any standards framework in forensic science is that the output meets the requirements of the Criminal Justice System (CJS). 
 This document sets out the view of the Regulator as to the legal landscape within which forensic scientists operate within the CJS. 


There are legal obligations placed on expert witnesses as sources in the Criminal Justice System in England and Wales as Expert evidence is admissible “to furnish the court with scientific information which is likely to be outside the experience and the knowledge of a judge or jury”. This places the expert witness in a privileged position.

It is important to note that expert evidence can only be given by a person who is an expert in the relevant field. An expert witness must provide the court with objective, unbiased opinion on 
matters within his expertise 
Witnesses must act with honesty and good faith. 


Published 01/01/2017
Authoring body: Forensic Science Regulator (FSR)
Standards
Resource
Command & Control (C&C) Version 0.1

This document was retired in June 2021.

The Command and Control (C&C) solution is the incident management and deployment solution for police officers responding to incidents reports by the public.

Incidents are usually graded based on severity of the incident and officers have Service Level Agreements (SLA’s) target in responding to incidents especially serious/critical incidents. SLA’s may differ from police force.

The Data types included in C&C are:

  • Action Status

  • Application Function Code

  • Application Function Title

  • Bus Info Class

  • Calendar Entry Class

  • Calendar Entry Status

  • Competency Class

  • Date Type

  • Duty Class

  • DVLA M/V Manufacturer Code

  • Event Plan Status

  • Incident Class

  • Location Status

  • Message Priority

  • Message Status

  • Message Template Type

  • Method of Reporting Origin

  • Motor Vehicle Body Type  Description

  • Organisation Class

  • Person Build

  • Person skin colour

  • PNC Access Reason

  • Person Shoe Type

  • Person Nationality

  • Person Eye Colour

  • Police EQP Avail Status

  • Police Officer Rank

  • Record Data Protection Status

  • Response Grade

  • Role

  • Sex

  • Special Constable Rank

  • Traffic Warden Rank

  • User Class ID

  • Plus many more.

Published 01/01/2019
Authoring body: Reference data service platform
Reference Data / Templates
Resource
Sender Policy Framework (SPF)

This document was retired in June 2021.

Sender Policy Framework (SPF) lets you publish a DNS record of all the domains or IP addresses you use to send email. Receiving email services check the record and know to treat email from anywhere else as spam.

Using a Sender Policy Framework (SPF) in an organisation lets you publish a Domain Name System (DNS) record of all the domains or (Internet Protocol) IP addresses you use to send email. Receiving email services check the record and know to treat email from anywhere else as spam.

You can include more than one sending service in your SPF record. For example, your corporate email service and an email marketing service.

Your SPF record also contains a qualifier option, which lets you:

- tell recipients to ignore your record while you test it

- mark, but not reject, email from an unknown source

Published 01/01/2016
Authoring body: Government Digital Service (GDS)
Guidance
Resource
UKAS Guidance on the Application of ISO/IEC 17025 Dealing with Expressions of Opinions and Interpretations

This document was retired in March 2021.

Laboratories within the UK who wish to demonstrate that they operate to a quality system, are technically competent and are able to generate technically valid results must now meet the ISO/IEC 17025 requirements. This replaced the ISO/IEC Guide 25 and EN 45001, and has now become the standard that UKAS now to assess a laboratory’s competence for the purposes of accreditation instead of UKAS publication M10.

The purpose of this document is to set down United Kingdom Accreditation Service (UKAS) policy, process and guidance on assessment and accreditation of laboratories 


The difference in this policy set out is that laboratories UKAS policy that laboratory accreditation to ISO/IEC 17025 can now include the expression of opinions and interpretation of test/calibration results in reports as it is considered to be an inherent part of testing. Whereas before this was not permitted.

The laboratory’s documented quality system must reflect whether it is expressing opinions and interpretations and if so, for which activities. The process of interpreting test/calibration results for the purpose of expressing opinions and interpretations must be documented. 


 

Published 01/01/2001
Authoring body: United Kingdom Accreditation Service (UKAS)
Policy
Resource
Intelligence Management Research & Analysis APP

This document was retired in July 2021. This was replaced by the wider Intelligence Management APP

Research and analysis are very important tools used in policing for intelligence purposes to understand crime and investigate criminal activity. It is a way of processing and analysing material and information presented to support decision-making. With this comes the intelligence cycle where a sequential process is undertaken to allow the information presented to be developed into intelligence. This involves the roles of the analyst, researcher, data sources, analytical techniques used, reports etc.

This guidance document helps to explain what the intelligence cycle is, the direction, collection and collation of relevant information, evaluation and analysis of the data. It goes into detail explaining the roles highlighted above as well crime theories and approaches, terms of reference, data sources, using statistics, and analytical techniques, output reports, dissemination of output report and on-going reviews.

Published 01/01/2014
Authoring body: College of Policing (CoP)
Guidance
Resource
National Firearms License Management System (NFLMS) Version 0.1

This document was retired in June 2021.

The National Firearms Licensing Management System provides a method for managing the licensing of firearms, shotguns and explosives. It records all individuals, companies and dealers who have applied for, or have been granted, a certificate.

The dataset consists of:

  • Action

  • Addresstype

  • Alarmtype

  • Applicationstatus

  • Approvaltype

  • Calibre

  • Capacitytype

  • Certificatestatus

  • Certificatetype

  • Clubstatus

  • Colour

  • Condition

  • Constructiontype

  • Enquirytype

  • Ethnicity

  • Logeventtype

  • Manufacturer

  • Measurement

  • Nationality

  • Occupation

  • Personmarkertype

  • Sex

  • Weaponcategory

  • Weaponclass

  • Weapondisposalcode

  • Weaponstatus

  • Weapontype

Published 01/01/2019
Authoring body: Reference data service platform
Reference Data / Templates
Resource
Corporate Data Model (CorDM) Version 7.3

This document was retired in July 2021.

 

Aligned to PND Context v3.2.2. CorDM 7.3 uses the same versions of CV lists (where common) as PND Context v3.2.

 

Reference dataset consists of:

AbscondercirculationInstitutionType

AccomodationResourceType

AccountTransactionType

AccountType

ACPOCodeLevel4Type

ACPOCodeQualifierType

ActionSpecificationType

ActionType

ActivityPriorityType

ActivityStatusType

AdministrationAreaType

AlarmActivationAccessType

AlarmFacilityPurposeType

AlarmFacilityReasonType

BankAccountType

BloodGroupType

BodyPositionType

BuildingUnitType

CalendarEntryType

CalendarType

CalibreType

CaseFileType

CaseIssueType

CaseStatusType

CasualtyType

CellType

CheckType

ChequeType

ChildProtectionCaseStatusType

CHISRewardType

CHISMotiveType

CHISStatusType

CollectionType

ColourType

CommercialOrganisationType

CompetencyType

ComplextionType

Plus many more

Published 01/01/2018
Authoring body: Reference data service platform
Reference Data / Templates
Resource
Authentication and Credentials for use with HMG Online Services (Good Practice Guide No. 44) (Issue 2)

This document was retired in July 2021.

This document is good practice guidance to Her Majesty’s Government (HMG) public service providers to describing how types of credentials supports support user authentications to HMG online services.

HMG online public services can be a high target for many sources of threats and as such may pose a significant level of risk. As a result Public service providers must be aware of the credential choices of authentication levels that relate to HMG online services. There are three high-levels of authentication:

  1. Authentication demonstrates that authentication requestor possesses the credential for a legitimate account.

  2. Authentication provides confidence that the credentials is being used/or with explicit consent by a legitimate account holder and might support civil proceedings.

  3. Authentication provides confidence that the credentials is being used/or with explicit consent by a legitimate account holder and might support criminal proceedings.

The level of assurance assigned to an authentication credential has many factors incorporated into and is considered against the threat levels associated with the Government service provider.

Some of the factors considered are the type of credential required, the on-going management of the credential by the identity Provider (IDP), the quality and extent of monitoring and reactions by the IDP, the Information Assurance (IA) maturity of the authentication provider and much more.

The CESG Information Assurance Standards and Guidance welcomes feedback. To leave feedback and review please email enquiries@cesg.gsi.gov.uk

 

Published 01/01/2014
Authoring body: CESG National Technical Authority for Information Assurance
Guidance
Resource
National security Strategy & Strategic Defence & Security Review 2015

This document was retired in July 2021

National Security and economic security are dependent on each other, and if any wants to thrive, both have to thrive. The security of the nation is dependent upon a strong economy, and a strong economy is dependent upon strong security. Therefore the Defence budget is seen as critical to the government to maintain strong national security.

With the threat to the UK ever increasing, from the rise of ISIS and greater instability in the Middle East, risk of pandemics such as COVID 19, threat of Cyber attacks, the world is more dangerous and uncertain than ever before and as such investing in our security is of upmost importance.

This document sets out our National Security Strategy and how we will implement it within the UK. The UK’s priorities are to deter state-based threats, tackle terrorism, remain a world leader in cyber security and ensure we have the capability to respond rapidly to crises as they emerge. Therefore the vision can be determined as to promote a secure and prosperous United Kingdom, with global reach and influence using strategic enablers such as the Armed Forces, Security & Intelligence Agencies, Diplomatic service overseas and our Allies.

 

Published 01/01/2015
Authoring body: Cabinet Office
Standards
Resource
Protective Monitoring for HMG ICT Systems

This document was retired in July 2021

This Guide demonstrates how the provision of an effective framework of Protective Monitoring of HMG ICT systems is an essential contribution to the treatment of information security risks.

Protective Monitoring is a set of business processes and contains essential support technology in monitoring and provide risk treatment to how ICT systems are used and to ensure accountability to the systems. This includes facilities of audit trails, audit logs and raising alerts.

However if these processes are not implemented or monitored it would be easy for the abuse of such ICT systems, the information that it possesses by users who wish to misuse the system and information.

The confidentiality, integrity and availability of public sector ICT systems are of upmost importance. This guide shows us how important implementing an effective protective monitoring process for the treatment of information security risks. Other factors must be considered with this, such as the necessary supporting infrastructure, manpower resource, skilled expertise and IA.

The aim of this guide is to provide advice on good practise to adhering to the protective monitoring obligations, the information that needs to be recorded and audited, events generated and alerted generated in response to potential misuse and abuse of the ICT systems as well as anticipated modes of attack.

Intended readers are for all Information Assurance (IA) practitioners.

Published 01/01/2012
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
Understanding ISS4PS Volume 1

This document was retired in July 2021

The Information Systems Strategy for the Police Service (ISS4PS) is an overarching strategy for Information and Communications Technology (ICT) and Information Systems (IS) for the Police service across the whole of England and Wales.

The ISS4PS policies calls on the police service to work together to adopt common standards, products, common administrative and citizen-focused services to help improve police performance and efficiency, and to reduce costs by establishing foundations and defining governance, securing alignment and delivering joined-up services across each force. 

As a result, in the coming years, the ISS4PS will become a major pillar underpinning police efforts to support Transformational Government, the creation of strategic forces, and be a key tool for the National Policing Improvement Agency.

It is important to note that the ISS4PS represents a collective view of key stakeholders ranging from the Home office, Association of Chief Police Officers (ACPO), Association of Police Authorities (APA), the various police forces and the Criminal Justice Information Technology (CJIT).

Published 01/01/2006
Authoring body: Association of Chief Police Officers (ACPO)
Policy
Resource
Implementing ISS4PS Volume 2

This document was retired in July 2021

The Information Systems Strategy for the Police Service (ISS4PS) version 3 is the overarching strategy for  Information Systems (IS)/Information Communication Technology (ICT) in policing. ICT Architecture is the technical foundation of an effective ICT strategy. The ISS4PS focuses on technology, data and application architecture, therefore as a result this document contains technical detail describing the architecture.

The ISS4PS is designed to assist in meeting many of the goals of government imperatives, such as, the National Policing Plan. In order for the Police Service to meet the demands set out, it must view itself as an enterprise operating at a national level. It also follows the e-GIF standards and principles, recognises the diversity of IS/ICT within the Police Service, and is cognisant of Criminal Justice System (CJS) technical architectures.

The key theme that runs throughout the ISS4PS is that the Police Service will develop more commonality and become more joined-up in its approach to IS/ICT services.

Intended readers are for ICT Directors, ICT central coordinators, ICT Solution Architects, service providers and technical staff at the Home Office, Association of Chief Police Officers (ACPO), Association of Police Authorities (APA), the Forces, and Criminal Justice Information Technology (CJIT).

Published 01/01/2015
Authoring body: Association of Chief Police officers (ACPO)
Policy
Resource
HMG IA Standard Number 1 & 2 Information Risk Management (Issue 4)

This document was retired in July 2021

Information Risk Management play a major role in the Police Service and in government agencies. All government departments and agencies must produce an Information Risk Management policy, as it is a fundamental aspect to Information Security Strategy as it has a huge impact on IA policies, standards and procedures. This must include:

  • Information risk appetite

  • Compliance with all legal and regulatory requirements

  • IA governance framework

  • Technical risk assessment against all ICT systems

This document serves as part of the Security Policy Framework (SPF) and supports the SPF mandatory requirements. 

The aim of this standard is to provide twenty Risk Management Requirements (RMRs), which government agencies must use as the basis for Information Risk Management Policy as well as supporting the intended readers list.

Intended readers are senior Information Assurance (IA) related government posts, Senior Information Risk Owners (SIROs), Departmental Security Officers (DSOs), Information Asset Owners (IAOs), Information Risk Managers (IRM), Security & Information Risk Advisors (SIRAs), Information Assurance Analysts.

 

For further enquiries, or if you'd like to provide feedback, please email or fax: 

Email: enquiries@cesg.gsi.gov.uk

Fax: (01242) 709193 (for UNCLASSIFIED FAXES ONLY)

Published 01/01/2012
Authoring body: CESG National Technical Authority for Information Assurance
Principles
Resource
Digital Imaging Procedure (Version 2.1)

This document was retired in July 2021

Digital imaging has become firmly established in the mainstream of public life and as a key enabling technology for the Police Service and Criminal Justice System (CJS) and has enormous benefit for the swift and accurate outcome of investigations.

Digital Imaging is the capture, retrieval, storage or use of evidential digital images. The aim of this document is to detail the processes involved in the proper capture and handling of digital images for police applications and to define best working practice starting from the process of the initial preparation and capture of images, through the transfer and designation of Master and Working Copies, to the presentation in court and finally the retention and disposal of exhibits.

A key part of the digital imaging process is the creation of an identifiable and isolated Master reference as this procedure enhances the integrity of proper evidential gathering processes whilst reducing the risk of malicious manipulation. It is also important to note that broader range of technologies are now available for the capture and storage of digital imagery which will be discussed in the document.

Intended readers of this document are operational, administrative and judicial staff involved throughout all stages of the Criminal Justice System (CJS) and anyone handling digital imaging.  

Published 01/01/2007
Authoring body: Home Office
Guidance
Resource
Police Use of Digital Images

This document was retired in July 2021, replaced with the newer version covering images, video and audio (multimedia)

We live in a modern digital age society, where technological advancement is at the forefront of many initiatives and change, and as such evidential information have become ever so crucial than ever before.

With the high usage of smart phones, laptops, the Internet and social media, digital images and recordings are pivotal in police investigation. This cannot be underestimated. They are now a useful source of evidence for criminal justice purposes. Other evidences such as eye witness accounts, police statements are still highly valuable pieces of information and should neither be underestimated. Both together provide a holistic picture when investigating criminal cases.

As a result, the Police have a key role in managing, capturing, editing, processing, preparing cases, disclosing this to the Crown Prosecution service (CPS), storing, retaining and disposing of digital images carefully and according to guidelines highlighted. This document aims to offer practical guidance and advice on the role police play in digital imaging.

For more information and enquiries please see details below.

Email: soc@npia.pnn.police.uk

Telephone: 0870 241 5641


Published 01/01/2007
Authoring body: National Policing Improvement Agency (NPIA)
Guidance
Resource
ACPO/ACPOS Information Systems Community Security Policy (Version 3.3)

This document was retired in July 2021

Information security enables the police Service to deliver their core operational duties by ensuring that information are safely secured, stored and kept confidential. This also includes ensuring accuracy of information gathered.

Information management, governance and assurance are vital functions within the police Service in ensuring that the police are able to provide protection to members of the public and ensure a proper assessment of threat, risk and harm are undertaken. This includes the gathering, processing, transfer of information as well as systems and networks and supporting processes.

ACPO/ACPOS have set out clear expectations and strategies in this document for the management and security of information that includes system interconnection security policies, force information security policies, risk management and accreditation document sets and business continuity plans.

Published 01/03/2010
Authoring body: Association of Chief Police Officers (ACPO)
Policy
Resource
National Policing Community Security Policy (Version 4.3)

This document was retired in July 2021.

Police information, systems and networks must be safeguarded and protected to ensure the Police Service can meet their statutory and regulatory responsibilities. The Police Service meets these responsibilities by the implementation of this Community Security Policy (CSP) which encompasses appropriate Information Assurance (IA) policies and guidance.

The Police Service also support the need for appropriate safeguards and the effective management of all information processes, and are committed to helping protect all community member information assets from identifiable threats, internal or external, deliberate or accidental.

 

The CSP have strategic aims that: 

1. Enable the delivery of policing by providing appropriate and consistent protection for the information assets

2. Comply with statutory requirements and meet the expectations of the Police Service to manage information securely

3. enable forces, agencies and relevant organisations to understand the need to implement the IA policies identified herein, so the Police Service is able to meet its legal, statutory and regulatory requirements. 

Published 01/01/2014
Authoring body: National Police Information Risk Management Team (NPIRMT)
Policy
Resource
Code of Practice and Conduct - Forensic Science Regulator (Issue 3)

The Codes of Practice and Conduct for Forensic Science Investigators, providers and practitioners is about ensuring quality standards are upheld to the highest order to the codes set out in the document. This code of Practice also set out the additional requirements requirement for accreditation is provided, particularly for digital forensics, firearms classification, drugs and toxicology.

This document has been written to assist organisations with understanding and interpreting the requirements of the standards, particularly BS/EN ISO/IEC 17025.

When the provisions in the Codes are fully implemented by all forensic science providers and practitioners and are understood by all end users, the potential for a forensic science quality failure to cause a miscarriage of justice will be substantially reduced and will provide a clear indication to customers and the public of what to expect.

It is important to note that forensic science quality framework does not operate in isolation and therefore it has been recommended that all interested parties in the  all forensic science space should read the appendices to the Codes (FSR-C- series) and guidance documents (FSR-G-series) relevant to their areas of expertise, and also the general guidance document on cognitive bias effects (FSR-G-217). The forensic science quality framework does not operate in isolation.

Published 01/01/2016
Authoring body: Forensic Science Regulator (FSR)
Standards