to add a new content
Resource
Criminal Procedure & Investigations Act 1996 Code of Practice

The Criminal Procedure and Investigations Code of Practice applies in respect of criminal investigations conducted by police. A criminal investigation can be defined an investigation conducted by police officers with a view to it being ascertained whether a person should be charged with an offence, or whether a person charged with an offence is guilty of it. 

This document sets out the manner in which police officers are to record, retain and reveal to the prosecutor material obtained in a criminal investigation.

The roles and responsibilities within a criminal investigation can vary. The functions of the investigator, the officer in charge of an investigation and the disclosure officer are separate. The amount of persons attached to this case to fulfil the above roles will depend on the complexity of the case and the administrative arrangements within each police force. Commonly, where there are more than one person undertaking the roles, close consultation between them is essential to the effective performance of the duties imposed by this code. 


Persons other than police officers who are charged with the duty of conducting an investigation as defined in the Act are to have regard to the relevant provisions of the code, and should take these into account in applying their own operating procedures. 


Published 01/01/2015
Authoring body: Ministry of Justice (MoJ)
Standards
Resource
Data Protection

On the 25th May 2018 the Data Protection Act 2018 was implemented by the UK as the General Data Protection Regulation also known as GDPR. It controls how personal information is captured and used by organisations and the government.

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’ and must ensure that the information they obtain is for a lawful purpose, used fairly and must be transparent about its intended purpose of usage and used explicitly for that purpose only.

Data should also not be kept for more than is necessary, and whilst it is kept, should be kept up to date and handled and secured in a way that does not compromise its protection from unauthorised processing, loss of theft of data.  

It is important to note that there is stronger legal protection for more sensitive information such as race, health, sex life, orientation, ethnic background. There are separate safeguards for personal data relating to criminal convictions and offences.

Under the Data Protection Act 2018, an individual has the right to find out what information the government and other organisations holds about them and this ideally should be provided to the individual within 1 month.  

To make a complaint about the misuse of personal information or lack of security it should be made to the organisation, following their response the complaint can also be made to the Information Commissioner’s Office.

ICO
casework@ico.org.uk
Telephone: 0303 123 1113

Published 01/01/2018
Authoring body: Information Commissioner's Office (ICO)
Principles
Resource
ACPO Good Practice Guide for Digital Evidence (Version 5)

This ACPO guide contains a set of golden principles for management of digital evidence and guidance on each stage in the evidence lifecycle: Plan, Capture, Analyse and Present. This guide represents good practice across a broad digital forensic landscape for policing.

Although dated, this guide has been reviewed in March 2021 by the National Standards Assurance Board and deemed current and relevant.

Published 01/03/2012
Authoring body: Association of Chief Police Officers (ACPO)
Guidance
Resource
National Digital Case File Standards

The Digital Case File national programme has established standards for how a case file is built and sent to the CPS through collaboration with suppliers and police forces. 

Published
Authoring body: Police Digital Service
Standards
Resource
ISO 27000:2020 Information Technology - Security techniques - Information Security management systems - Overview & Vocabulary

The International Organisation Standardisation (ISO) and the International Electrotechnical Commission (IEC) form the specialised system for worldwide standardisation. National bodies that are apart of the ISO or IEC participate through technical committees in the development of International standards to deal with particular areas of technical activities.

ISO/IEC in light of information technology provides an international standard and overview by for management systems by which a model can be followed in setting up and operating a management system. Information Security Management System (ISMS) is responsible for ensuring continuous development of the international management system standards.

Through the various standards developed, organisations can develop and implement a framework for managing and protecting the security of the information assets and systems including financial information, intellectual property, employee details, customer, client and third parties personal details.

The ISMS Standard includes standards that define requirements for an ISMS, provides direct support and guidance for the overall process to implement and maintain an ISMS standard, address conformity assessment for ISMS and provide terms and definitions for the international standard.

Published 01/01/2020
Authoring body: International Organisation Standardisation (ISO)
Standards
Resource
ACPO/ACPOS National Information Risk Appetite Statement (Version 1.3)

The purpose of this document is to inform force/agency Senior Information Risk Owners (SIRO), National Information Asset Owners, National and force/agency Accreditors/Projects/programmes and other interested parties of the National Information Risk Appetite and its implications. This document should be read in conjunction with the BRG on Risk Appetite and for further detail the Association of Chief Police Officers (ACPO)/ Association of Chief Police Officers in Scotland (ACPOS) Information Risk Appetite and Risk Escalation Case Guidance document.

This document helps provide a baseline for defining and managing risk for all National information systems and National Police Infrastructure used within the Police services such as as Police National Database, Police National Computer, ViSOR.

The document also helps form part of the national IA governance for information risk management and focuses on national Information Systems risk management and governance 
and force/agency risk management and governance.

The National Information Risk Appetite echoes the need for the police service to protect and manage risk with regards to information handling, as INFORMATION mismanagement can compromise confidentiality and integrity, have an adverse impact on police operations and damage police public image and increase risks to the compliance or legal standing of the police force.

Intended audience readers are for police force SIROs, Information Asset Owners, police for e Accreditors, programme and project managers as well as other interested parties in National Information risk management.

Published 01/01/2012
Authoring body: National Policing Improvement Agency (NPIA)
Standards
Resource
POLE Standards

*** POLE standards under development. Publication date 7th May 2021. Use the “Contact us” tab if you need more information. ***

The intended purpose of this standard is to promote interoperability of systems by converging on a common set of POLE data definitions used within Policing. POLE data definitions describe how People, Objects, Locations and Events should be formatted.

There are 44 POLE entities described in this standard including:

  • 20 person entities
  • 13 object entities
  • 5 location entities
  • 6 event entities

The standard also defines the attributes (field size, format, type) used to create the entities and contains and “entity x attribute map”.

Published 07/05/2021
Authoring body: Police Digital Service (PDS)
Standards
Resource
National Policing Community Security Policy (Version 4.3)

Police information, systems and networks must be safeguarded and protected to ensure the Police Service can meet their statutory and regulatory responsibilities. The Police Service meets these responsibilities by the implementation of this Community Security Policy (CSP) which encompasses appropriate Information Assurance (IA) policies and guidance.

The Police Service also support the need for appropriate safeguards and the effective management of all information processes, and are committed to helping protect all community member information assets from identifiable threats, internal or external, deliberate or accidental.

 

The CSP have strategic aims that: 

1. Enable the delivery of policing by providing appropriate and consistent protection for the information assets

2. Comply with statutory requirements and meet the expectations of the Police Service to manage information securely

3. enable forces, agencies and relevant organisations to understand the need to implement the IA policies identified herein, so the Police Service is able to meet its legal, statutory and regulatory requirements. 

Published 01/01/2014
Authoring body: National Police Information Risk Management Team (NPIRMT)
Policy
Resource
10 Steps to Cyber Security

This guidance is designed to help organisations protect themselves in cyberspace and best practises for cyberspace security. It relays the task of defending your networks, systems and information into its essential components.

It is important to note, when dealing cyberspace protection, the organisation knows the kinds of cyber attacks it expects to understand what protection would be needed.

Published 01/01/2018
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
End user device (EUD) Security Guidance Windows 10 1809

This guidance covers the deployment of a range of end user device platforms for the secure configuration of Windows 10 1809. Risk owners and administrators should agree a configuration which balances business requirements, usability and security.

  • Protective Monitoring Solution: All data should be routed over a secure enterprise VPN to ensure the confidentiality and integrity of the traffic. This also allows the devices, and data on them, to be protected.

  • Applications should be authorised by an administrator and deployed via a trusted mechanism.

  • Most users should have accounts with no administrative privileges.  Administrator accounts should have a unique strong password per device.

Testing was performed on a Windows Hardware Certified device, running Windows 10 Enterprise. This guidance is not applicable to Windows devices managed via an MDM or Windows To Go. 

This guidance is not applicable to Windows devices managed via an MDM or Windows To Go. 

Risk owners and administrators should agree a configuration, which balances business requirements, usability and security.

Published 01/01/2020
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
Application Development

This guidance gives practical advice on the secure development, procurement and deployment of generic applications.

There are three types of common security issues:

  1. Secure data handling

  2. Application hardening

  3. Third party applications

This guidance is written main for risk assessors and application developers on how to minimise the loss of data from applications running on all devices handling sensitive data. Sensitive information should not be stored on devices when it's not required. If it must be stored on a device, a native data storage protection APIs (Application Programming Interface) available on the platform must be utilised. You must also ensure that the applications allows administrators to delete sensitive data from devices if they are compromised or lost and encrypt sensitive information when stored, protected by an authentication mechanism.

You must also securely implement cryptographic functions and store sensitive information securely, and hide it from the user until they have been authenticated and ensure that sessions timeout periodically and require the user or application to repeat the authentication process and where possible manage user accounts centrally.

Published 01/01/2018
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
Government Network Policy Changes

The Public Services Network (PSN) provides technical policies regarding the operation of its network. This provides a high-level guidance for the way in which government networks, as a whole should be managed.

The policies aim to create a simple mechanism for managing network services in government. The objectives of the policies are to:

  • operate the PSN as a single OFFICIAL network enabling services to be consumed from both the Assured and Protected networks.

  • enable the use of cloud email services that meet specific security standards for government email.

  • bring PSN and other government Domain Name System (DNS) services into line with best practice.  

Email feedback to psnservicedesk@digital.cabinet-office.gov.uk 

Published 13/03/2017
Authoring body: Government Digital Services (GDS)
Policy
Resource
Criminal Justice System Exchange Data Standards Catalogue (Version 6)

The CJS Data Standards Catalogue is a collection of data standards used by Criminal Justice Organisations in England & Wales to support interoperability between their different ICT systems.

If you are a member of a Criminal Justice Organisation and work in the area of data standards then you too can help to shape that change. If you have any questions then please raise them with the Forum representative for your organisation by visiting https://www.gov.uk/guidance/criminal-justice-system-data-standards-forum-guidance

Published 01/01/2020
Authoring body: Criminal Justice System (CJS) Exchange Product Board
Reference Data / Templates
Resource
Post-Incident Procedures following Death or Serious Injury APP

There are incidents that take place where the police respond to a serious injury/incident or where there is a deceased or where at a later time the victim dies. This APP – describes the post-incident procedures, management, welfare and legal issues stemming from serious incidents.

The guidance outlines provision of accounts by officers and staff, provides responsibilities for key roles, and sets out approaches to organisational learning and debriefing. The information provided is relevant to any investigation, whether carried out by the force’s professional standards department (PSD) or by the relevant independent investigative authority (IIA).

It is the responsibility of each force to determine how the post-incident procedures will be implemented and should therefore create an implementation plan showing how each area, roles and responsibilities will be fulfilled. This should include any training plans needed for individuals carrying out specific roles.

Where serious injury or death has resulted in the discharge of a firearm by a police officer or member of police staff, this guidance will not apply. Please refer to APP Armed Policing.

It is important to note that a serious injury is referred to as a fracture, deep cut, deep laceration or injury causing damage to an internal organ or the impairment of any bodily function.

Published 01/01/2020
Authoring body: College of Policing (CoP)
Guidance
Resource
Management of Police Information (MoPI) APP

This Authorised Professional Practice (APP) provides guidance to forces on meeting the requirements of the Management of Police Information (MoPI) Code of Practice in relation to the review, retention and disposal of policing information and records. This APP is supplemented by the Manual of Guidance, which provides a further level of operational data.

Police information refers to all information obtained, recorded or processed for a policing purpose. The Management of Police Information (MoPI) authorised professional practice (APP) provides a framework and guidelines for managing police information, complying with the law and managing risk associated with police information including data retention.

  • Policing information is information held for a policing purpose. The MoPI Code of Practice definition of ‘policing purpose’ is:
    • protecting life and property
    • preserving order
    • preventing the commission of offences
    • bringing offenders to justice
    • any duty or responsibility of the police arising from common or statute law
  • Corporate information includes other organisational information, such as HR or finance records, minutes of meetings, policies and procedures.

There is further information on compliance with the Freedom of Information Act.

It should also be noted that the retention periods for biometric data are governed by the Protection of Freedoms Act 2012 and sit outside this APP.

Published 06/05/2020
Authoring body: College of Policing (CoP)
Guidance
Resource
Major Investigation and Public Protection APP

The success of any major incident coordination requires an organised, professional and methodical approach. The Major Room Incident (MIR) is critical to this coordination as this is where all information is gathered and analysed for response coordination.

Major investigation and public protection has many strands and arms. It consists of:

Major Crime:

  • Child abuse

  • Child sexual exploitation

  • Domestic abuse

  • Female genital mutilation

  • Firearms licensing

  • Forced marriage and honour-based violence

  • Gangs and youth violence

  • Gun crime

  • Hate crime

  • Homicide

  • Kidnap and extortion

  • Knife crime

  • Missing persons

  • Modern slavery

  • Prostitution

  • Rape and sexual offences

  • Stalking or harassment

  • Vulnerable adults

  • Operation Hydrant

Public protection:

  • Mental health

  • Managing sexual offenders

It also has major elements of mental health. The Mental health Authorised Professional Practice (APP) has provided guidance on Police response to members of the public who are experiencing mental ill health, have learning disabilities and mental and emotional vulnerable individuals. The guidance applies whether the police are acting in a criminal justice or health care capacity or in both of these roles. 

Published 01/01/2020
Authoring body: College of Policing (CoP)
Guidance
Resource
Operations Command and Control APP

The Command and Control (C&C) solution is the incident management and deployment solution for police officers responding to incidents reports by the public. Command and control is the authority and capability of an organisation to direct the actions of its personnel and the use of its equipment.

Incidents are usually graded based on severity of the incident and officers have Service Level Agreements (SLA’s) target in responding to incidents especially serious/critical incidents. SLA’s may differ from police force. C&C can also be used for a wide range of scenarios ranging from policing local community events, to responding to a major criminal investigation such as a terrorist attack, arson attack requiring several officers to respond to more sensitive investigations such as a rape incident requiring more specialised officers.

There are times where certain incidents or operations where the police response requires a different approach and it may be necessary to establish a dedicated command structure such as bronze, silver and gold.

Published 01/01/2021
Authoring body: College of Policing (CoP)
Guidance
Resource
Intelligence Management Research & Analysis APP

{Consensus: This document is open for community feedback for it to be retired on the platform due to being superseded by the wider Information Management APP}

 

Research and analysis are very important tools used in policing for intelligence purposes to understand crime and investigate criminal activity. It is a way of processing and analysing material and information presented to support decision-making. With this comes the intelligence cycle where a sequential process is undertaken to allow the information presented to be developed into intelligence. This involves the roles of the analyst, researcher, data sources, analytical techniques used, reports etc.

This guidance document helps to explain what the intelligence cycle is, the direction, collection and collation of relevant information, evaluation and analysis of the data. It goes into detail explaining the roles highlighted above as well crime theories and approaches, terms of reference, data sources, using statistics, and analytical techniques, output reports, dissemination of output report and on-going reviews.

Published 01/01/2014
Authoring body: College of Policing (CoP)
Guidance
Resource
Civil Emergencies APP

Civil emergencies require a professional and structured response to all emergencies, this includes Police, fire and ambulance services and must meet the Civil Contingencies Act 2004. These services must have interoperable arrangements to allow for well-coordinated responses to major or complex incidents, as this would affect life.

This document helps to cover contingency planning and responses to civil emergences from the Police service.

Some major incidents may result in loss of life. Disaster victim identification (DVI) is the process of being able to identify a deceased in multiple fatality incidents. This involves combining antemortem and post-mortem examinations to make a positive identification using scientific means. This takes place at the same time an investigation is being undertaken.  DVI is an internationally accepter terms is and its principles are subject to international agreement through INTERPOL.

Published 01/01/2020
Authoring body: College of Policing (CoP)
Guidance
Resource
Digital Investigation & Intelligence APP

The digital policing learning programme was created to for officers and staff to update their knowledge regarding digital intelligence and investigation. The programme helps explains the use and misuse of devices and applications and how they appear in the policing world. 

The programme’s aim is to ensure that all staff are:

  • confident facing situations where there is a digital element

  • competent in identifying and carrying out the actions required by those circumstances

  • able to ensure they are compliant in their actions.

The Digital Intelligence and Investigation project will deliver learning and knowledge resources that will ensure that all new and serving officers acquire the digital skills they need to undertake investigations effectively.  

Published 01/01/2020
Authoring body: College of Policing (CoP)
Guidance
Resource
National Decision Model APP

Decision-making in the Police service can be very complex. Police officers most often have to make decisions in very difficult circumstances and situations and may not have all the necessary or complete information to hand. It is also very important to note that the role that police officers play and the environment where they have to make decisions can be very complicated. Police officers and police staff are sometimes required to make decisions in circumstances where those involved deliberately mislead or try to mislead them. As a result it may not always lead to the best outcome.

Therefore to create a framework that could allow officers to base their decisions on, and allow for examination of each decision and allow for some form of standardisation in decision making the National Decision Model (NDM) was created.

At the heart of the NDM, the Code of Ethics highlighted is essential for all decision making. This gives confidence for police officers to use the NDM and reduces risk. Decision makers will be supported by their organisation where it can be shown that their decision was assessed by the NDM and the circumstances at the time, even when harm has resulted as part of the decision making process.

Published 01/12/2014
Authoring body: College of Policing (CoP)
Guidance
Resource
Critical Incident Management APP

Police have a duty to respond to every incident reported in an appropriate way and in a timely manner. A critical incident (CI) is defined as:

any incident where the effectiveness of the police response is likely to have a significant impact on the confidence of the victim, their family and/or the community. An incident can be escalated to a CI when the police fail to meet the expectation of a victim/family and/or the community in responding to an incident.

Therefore critical incident management (CIM) is key within the police force. Different types of incidents can become critical, high profile, serious or homicide related. If the police do not respond in a timely manner to serious incidents it can result in loss of confidence by the public.

There are 3 stages to CIM:

  1. Preparing for critical incidents – considering current management structures to ensure staff are trained effectively and resources are available

  2. Managing critical incidents – identifying critical incidents early on and notified to the most appropriate person.

  3. Restoring public confidence – restoring broken confidence amongst the public by community engagement, resolution and public inquiry.

Published 01/01/2013
Authoring body: College of Policing (CoP)
Guidance
Resource
Covert Policing APP

Undercover policing is a covert tactic used by the Police to obtain evidence and intelligence. It is also used to detect crime and disorder and help maintain public safety.

Undercover policing is a lawful and ethical tactic and when applied rightly can be very effective tool. In order to ensure it is kept this way, Authorised Professional Practice (APP) has been developed and used by Law Enforcement Agencies (LEAs) across the United Kingdom.

There is an undercover accreditation process that has been developed to provide an assessment of whether the management and governance of undercover units are effective in supporting safe, ethical and lawful undercover operations.

Undercover operatives (UCOs) are deployed as covert human intelligence sources (CHIS) in authorised investigations. There are three different types of UCOs, Undercover foundation(UCFs), Undercover advanced operatives (UCAs) AND Undercover online operatives (UCOLs). All must go through vigorous training and go through a robust selection process.

Published 01/01/2020
Authoring body: College of Policing (CoP)
Guidance
Resource
Armed Policing APP

There are occasions that require the use of firearms by Authorised Firearms Officers (AFOs) in conflict situations. This response is a well-established and necessary approach to managing conflict. Commanders and AFOs are trained to analyse and determine appropriate courses of action in the course of armed deployments.

Police officers have a positive duty to protect the public from harm – a duty of care to all involved must be the overriding consideration. Police decision-making and response is vital in such situations and thus the National Decision model (NDM) is used to assist with the decision-making process.

The Authorised Professional Practice for Armed Policing covers guidance on the appropriate use of firearms within the police force. It also acts as a basis for training police officers in matters relating to the operational use of firearms.

The also provides guidance on structural command, tactical options and operational challenges with the deployment of Authorised Firearms Officers (AFOs).

Published 01/01/2013
Authoring body: College of Policing (CoP)
Guidance
Resource
Detention & Custody APP

The Police and Criminal Evidence Act 1984 (PACE) and the associated Codes of Practice set out the legislation and standards for dealing with people who come into contact with the police. Whilst members of the public are detained in custody, officers and staff should treat them in a way that is dignified and takes account of their human rights and individual needs. The Police force are only allowed to use force within a custody suite which is deemed necessary, proportionate and lawful and must be recorded by officers who have undergone appropriate and adequate training.

The PACE covers the following:

When an officer makes an arrest, they are personally responsible for the risk assessment and welfare of the detained person. This responsibility continues until the suspect is handed over to the custody officer for a decision regarding detention. For a member of the public to be detained at a police station the following must be addressed and considered by the Custody officer:

  • the grounds for detention

  • whether to grant bail

  • whether to authorise or refuse detention

It is possible for an individual arrested not to be detained if the custody officer believes that there are insufficient grounds for detention. The reasons must be and the detainee must be released.

Published 01/01/2018
Authoring body: College of Policing (CoP)
Guidance
Resource
Investigation APP

An investigation is undertaken when a crime has been reported and a police officer investigates the circumstance following all lines of enquiry of the situation to determine if a crime has been conducted and where a person/s should be charged with an offence, or if the person who offended is guilty.

Under the Home Office counting rules, when members of the public are making a complaint, victims should be believed for the matter of recording a crime unless it's clear that the incident did not happen. An investigators duty is to gather and test all material presented including witness accounts/statements and use technical and scientific expertise to maximise evidential opportunity.

The following outcomes may be that the suspect is prosecuted in court, receives an out of court disposal, community resolution or charges dropped. A lot of the times investigators may not find enough evidential material to make a charging decision either as a result of lack of evidence or not enough lines of enquiry to pursue. However the investigation outcome must still be recorded accurately for intelligence purposes and especially for future use, as this will help police identify crime hotspots and help reduce crime rates.  

Published 01/01/2020
Authoring body: College of Policing (CoP)
Guidance
Resource
Mobilisation APP

With the Police responding to critical and complex incidents, sometimes these incidents may require resources that go beyond the capacity and capability of the Police force. Some of these incidents may require the need of other partner agencies, other specialist skillsets and equipment and thus would need to be effectively managed and coordinated. Mobilisation is the process which supports mutual aid, at the local, regional or national level.

The National Police Coordination Centre (NPoCC) is responsible for the mobilisation of police assets, including general policing, operations and crime business areas. A lead force will be responsible for resourcing nationally-led crime enquiries. NPoCC should be the initial point of contact for any mobilisation requirements as it can provide advice and national coordination.

It is important to note that this a challenging area of work, particularly when the length of the investigation is unknown and mobilising crime assets is a new and emerging business field (mutual aid) for the Police service.

Published 01/01/2014
Authoring body: College of Policing (CoP)
Guidance
Resource
European Pool against Organised Crime (ePOC IV) Version 1.0

European Pool against Organised Crime (EPOC IV) was introduced in 2004 as the Eurojust Case Management System.  It facilitates the secure storage of case-related personal data, the exchange of information amongst National Members and the analysis of that data.

EPOC also provides a set of tools to facilitate interoperability of national systems and can be used as a component to support international cooperation in national systems.   

Reference Dataset consists of:

  • Currency Class

  • EU EPOC Country (Bulgarian)

  • EU EPOC Country (English)

  • EU EPOC Country (French)

  • EU EPOC Country (Lithuanian)

  • EU EPOC Country (Slovene)

  • EU EPOC Crime Type (Bulgarian)

  • EU EPOC Crime Type (English)

  • EU EPOC Crime Type (French)

  • EU EPOC Crime Type (Lithuanian)

  • EU EPOC Crime Type (Slovene)

  • EU EPOC Currency Type (English)

  • EU EPOC Currency Type (Lithuanian)

  • EU EPOC Drug Code (English and Other Languages) L1 (English)

  • EU EPOC Drug Code (English and Other Languages) L2 (Other Languages)

  • EU EPOC Drug Code (Lithuanian)

  • Home Office Drug Codes L2 (Description)

  • ISO 3166-1 Country Codes 2 Char

 

Published 01/01/2019
Authoring body: Reference data service platform
Reference Data / Templates
Resource
Multi Agency Incident Transfer Standard

The exchange of incident information between key organisations such as the Police Force, Highways England, Ambulance Service, Fire service is critical to saving lives and keeping members of the public safe.

The exchange of key information between organisations using command and control systems that manage incidents and deployments are used through formatted messages using extensible markup Language (XML).

This technical document aims to describe the implementation guidelines for exchanging information between multiple command and control systems between different organisations (Multi Agency Incident Transfer (MAIT), describe communications and data management issues that need to be considered, whilst providing suitable implementation guidance as well as describing interfaces available and their XML’s.

Published 01/03/2016
Authoring body: British Association of Public-Safety Communications Officials (British APCO)
Standards
Resource
HOLMES3 Version 0.4

Home Office Large Major Enquiry System (HOLMES3) is a major crime investigation management system used within the Police service such as the Metropolitan Police. It is used in investigations such as murder, high value fraud.

The solution It provides total compatibility and consistency between all the Police forces of England, Scotland, Wales, and Northern Ireland, as well as the Royal Military Police. 

It centres largely around an organised and methodical approach, and concentrates on the major incident room (MIR) as this is the administrative centre where further investigation actions are coordinated and all the information from members of public, enquiry officers and other sources is gathered. 

As this is a technical reference data, its dataset includes:

  • ActionClassTypeList

  • ActionTypeList

  • AnswerRequiredList

  • BodyConditionList

  • BodyPartList

  • BroadcastStateList

  • CaseMaterialAssessmentList

  • CaseMaterialRelevenaceList

  • CountryList

  • DisclosureTypeList

  • EliminationReasonList

  • EyeColourList

  • GlassesWornList

  • MessageTypeList

  • PersonBuildList

  • PersonNameClassList

  • PersonWarningSignalList

  • PriorityList

  • SecurityClassList

  • SexList

  • VehicleMakeList

  • VehiclesBodytypeGroupList

  • WitnessTypeList

Published 01/01/2018
Authoring body: Reference data service platform
Reference Data / Templates
Resource
Code of Practice and Conduct - Forensic Science Regulator (Issue 3)

The Codes of Practice and Conduct for Forensic Science Investigators, providers and practitioners is about ensuring quality standards are upheld to the highest order to the codes set out in the document. This code of Practice also set out the additional requirements requirement for accreditation is provided, particularly for digital forensics, firearms classification, drugs and toxicology.

This document has been written to assist organisations with understanding and interpreting the requirements of the standards, particularly BS/EN ISO/IEC 17025.

When the provisions in the Codes are fully implemented by all forensic science providers and practitioners and are understood by all end users, the potential for a forensic science quality failure to cause a miscarriage of justice will be substantially reduced and will provide a clear indication to customers and the public of what to expect.

It is important to note that forensic science quality framework does not operate in isolation and therefore it has been recommended that all interested parties in the  all forensic science space should read the appendices to the Codes (FSR-C- series) and guidance documents (FSR-G-series) relevant to their areas of expertise, and also the general guidance document on cognitive bias effects (FSR-G-217). The forensic science quality framework does not operate in isolation.

Published 01/01/2016
Authoring body: Forensic Science Regulator (FSR)
Standards
Resource
Police Use of Digital Images

{Consensus: This standard is currently out for consensus to be archived due to being replaced with the current version covering images, video and audio (multimedia)}

 

We live in a modern digital age society, where technological advancement is at the forefront of many initiatives and change, and as such evidential information have become ever so crucial than ever before.

With the high usage of smart phones, laptops, the Internet and social media, digital images and recordings are pivotal in police investigation. This cannot be underestimated. They are now a useful source of evidence for criminal justice purposes. Other evidences such as eye witness accounts, police statements are still highly valuable pieces of information and should neither be underestimated. Both together provide a holistic picture when investigating criminal cases.

As a result, the Police have a key role in managing, capturing, editing, processing, preparing cases, disclosing this to the Crown Prosecution service (CPS), storing, retaining and disposing of digital images carefully and according to guidelines highlighted. This document aims to offer practical guidance and advice on the role police play in digital imaging.

For more information and enquiries please see details below.

Email: soc@npia.pnn.police.uk

Telephone: 0870 241 5641


Published 01/01/2007
Authoring body: National Policing Improvement Agency (NPIA)
Guidance
Resource
Video surveillance systems for use in security applications BS 62676

{Consensus: This document is available for community feedback on whether to add to the platform}

This document has been written by subject matter experts, together with many governmental organisations, test houses and equipment manufacturers to defined a common framework for video surveillance transmission in order to achieve interoperability between products. 

The 62676 series is divided into 4 independent parts:
Part 1: System requirements (with 2 sub-parts: General and Performance requirements)
Part 2: Video transmission protocols
Part 3: Analog and digital video interfaces
Part 4: Application guidelines

This standard is intended to assist Video Surveillance System suppliers, users (including law enforcement), integrators and other interested parties achieve a complete and accurate specification of the surveillance system. This standard standard does not specify the type of technology required for a certain observation task.

[Note that this document, despite being authored in 2014, has been reviewed by subject matter experts in April 2021 and deemed to still represent good practice and relevancy]

Published 01/05/2014
Authoring body: British Standards Institute (BSI)
Standards
Resource
ISO/IEC 27003:2017 Preview

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

This document provides guidance on the requirements for an information security management system (ISMS) as specified in ISO/IEC 27001 and provides recommendations (‘should’), possibilities (‘can’) and permissions (‘may’) in relation to them. It is not the intention of this document to provide general guidance on all aspects of information security.

Clauses 4 to 10 of this document mirror the structure of ISO/IEC 27001:2013.

This document does not add any new requirements for an ISMS and its related terms and definitions. Organisations should refer to ISO/IEC 27001 and ISO/IEC 27000 for requirements and definitions. Organisations implementing an ISMS are under no obligation to observe the guidance in this document.

An ISMS emphasises the importance of the following phases:

  • understanding the organisation’s needs and the necessity for establishing information security policy and information security objectives;

  • assessing the organisation's risks related to information security;

  • implementing and operating information security processes, controls and other measures to treat risks;

  • monitoring and reviewing the performance and effectiveness of the ISMS; and

  • practising continual improvement.

Published 01/01/2017
Authoring body: International Organisation for Standardisation (ISO)
Standards
Resource
Extraction of digital data from personal devices APP

Guidance on the legal and ethical extraction of data from personal devices (including witnesses and victims) involved in an investigation. .

 

Use the Contact Us tab at the top of the page to request further details.

Published
Authoring body: College of Policing (CoP)
Guidance
Resource
Live Facial Recognition APP

Guidance for the overt deployment of live facial recognition technology to locate persons on a Watchlist. This is currently in draft format and is to be circulated to external stakeholders for consultation prior to submission to National Standards Assurance Board for publication on the platform.

Use the Contact Us tab at the top of the page to request further details.

Published
Authoring body: College of Policing (CoP)
Guidance
Resource
Records Management Code of Practice

The Code provides high-level standards for information and records management (in the form of seven principles), as well as other supporting standards, such as personnel and organisational capabilities. It will also drive consistency in the way that forces manage their information and records.

 

Use the Contact Us tab at the top of the page to request further details.

Published
Authoring body: College of Policing (CoP)
Standards
Resource
Archiving of records in the public interest APP

This APP provides context for forces using the Information and Records Management Code of Practice to enable them to develop nationally consistent approach to identifying the proper regime of management and archiving for information records.

This guidance helps forces with the identification of records for long-term archiving and advises on how those records should be managed throughout their lifecycle, again securing consistency of approach.

Compliance with the Code and APP should help to increase the public’s confidence in how their information is handled.

Use the Contact Us tab at the top of the page to request further details.

 

Published
Authoring body: College of Policing (CoP)
Guidance
Resource
NPCC Digital Imaging and Multimedia Procedure (Version 3)

{Consensus: This document is available for community feedback on whether to add to the platform, replacing the previous 2007 version}

This document covers digital multimedia, inclusive of picture, video and audio in the proper capture and handling of digital data for police applications. This represents best practice to benefit the Police Service and Criminal Justice System (CJS).

Following the process set out within this document helps enhance the integrity of proper evidential gathering processes whilst reducing the risk of malicious manipulation. 

 

Published 01/01/2020
Authoring body: National Police Chiefs Council (NPCC)
Guidance
Resource
Digital Imaging Procedure (Version 2.1)

{Consensus: This is open to the community for comment on whether to retire this document and replace by the newer Digital Imaging and Multimedia Procedure version 3}

Digital imaging has become firmly established in the mainstream of public life and as a key enabling technology for the Police Service and Criminal Justice System (CJS) and has enormous benefit for the swift and accurate outcome of investigations.

Digital Imaging is the capture, retrieval, storage or use of evidential digital images. The aim of this document is to detail the processes involved in the proper capture and handling of digital images for police applications and to define best working practice starting from the process of the initial preparation and capture of images, through the transfer and designation of Master and Working Copies, to the presentation in court and finally the retention and disposal of exhibits.

A key part of the digital imaging process is the creation of an identifiable and isolated Master reference as this procedure enhances the integrity of proper evidential gathering processes whilst reducing the risk of malicious manipulation. It is also important to note that broader range of technologies are now available for the capture and storage of digital imagery which will be discussed in the document.

Intended readers of this document are operational, administrative and judicial staff involved throughout all stages of the Criminal Justice System (CJS) and anyone handling digital imaging.  

Published 01/01/2007
Authoring body: Home Office
Guidance
Resource
UKAS Guidance on the Application of ISO/IEC 17025 Dealing with Expressions of Opinions and Interpretations 2017

{Consensus: This document is available for community feedback to be added to the platform}

Laboratories within the UK who wish to demonstrate that they operate to a quality system, are technically competent and are able to generate technically valid results must now meet the ISO/IEC 17025 requirements. This has now become the standard that UKAS now to assess a laboratory’s competence for the purposes of accreditation.

The purpose of this document is to set down United Kingdom Accreditation Service (UKAS) policy, process and guidance on assessment and accreditation of laboratories 

The difference in this policy set out is that laboratories UKAS policy that laboratory accreditation to ISO/IEC 17025 can now include the expression of opinions and interpretation of test/calibration results in reports as it is considered to be an inherent part of testing. Whereas before this was not permitted.

The laboratory’s documented quality system must reflect whether it is expressing opinions and interpretations and if so, for which activities. The process of interpreting test/calibration results for the purpose of expressing opinions and interpretations must be documented. 

 

Published 01/01/2019
Authoring body: United Kingdom Accreditation Service (UKAS)
Policy
Resource
UKAS Guidance on the Application of ISO/IEC 17025 Dealing with Expressions of Opinions and Interpretations

{This document was retired in March 2021 to be replaced by a more current version}

Laboratories within the UK who wish to demonstrate that they operate to a quality system, are technically competent and are able to generate technically valid results must now meet the ISO/IEC 17025 requirements. This replaced the ISO/IEC Guide 25 and EN 45001, and has now become the standard that UKAS now to assess a laboratory’s competence for the purposes of accreditation instead of UKAS publication M10.

The purpose of this document is to set down United Kingdom Accreditation Service (UKAS) policy, process and guidance on assessment and accreditation of laboratories 


The difference in this policy set out is that laboratories UKAS policy that laboratory accreditation to ISO/IEC 17025 can now include the expression of opinions and interpretation of test/calibration results in reports as it is considered to be an inherent part of testing. Whereas before this was not permitted.

The laboratory’s documented quality system must reflect whether it is expressing opinions and interpretations and if so, for which activities. The process of interpreting test/calibration results for the purpose of expressing opinions and interpretations must be documented. 


 

Published 01/01/2001
Authoring body: United Kingdom Accreditation Service (UKAS)
Policy
Resource
Guidance on Automatic Number Plate Recognition (ANPR) Performance, Assessment and Optimisation

{Consensus: This document is open for community feedback for it to be added to the platform}

This guidance document suggests how to set up, maintain, monitor and maximise the performance of an ANPR system. It is written for law enforcement ANPR operatives and commercial installers on behalf of the National ANPR Strategy Board. It applies to ANPR systems that are part of the National ANPR Infrastructure (NAI) and may feed data into the National ANPR System (NAS).

Users should also consider the Data protection Act 2018 and Surveillance Camera Code of Practice when using this document.

Published 01/06/2020
Authoring body: Home Office
Guidance
Resource
ICT Asset Recovery Standard 7.0

Asset Disposal & Information Security Alliance (ADISA) is an organisation designed to improve risk management and data protection within business processes for IT asset retirement and disposal.

The ADISA ICT Asset Recovery Standard 7.0 is an updated version released in January 2020 from its first launch from its first launch in 2010. It better aligns to the updates and amendments of the Data Protection legislation including but not limited to the EU General Data Protection Regulation, the UK Data Protection Act and the Californian Consumer Privacy Act 2018.

This area covers asset management and data sanitisation. The ADISA ICT Asset Recovery Standard was developed to identify risk which might exist within this process and to then assess countermeasures which are in place to mitigate that risk.

 The objective of the ADISA Asset Recovery Standard is to ensure that every data bearing asset is managed throughout the process and that any resident data is sanitised in accordance with the client’s requirements or to industry best practice levels, to promote the re-use of assets through risk management and to help organisations comply with Data Protection Laws.

These are achieved by creating a physical environment within the ITAD process which offers equivalent levels of security to those in place when the asset is in its live environment, testing the abilities of the service provider to create and then maintain the chain of custody throughout the process, ensuring the process is consistent and repeatable, assessing current data sanitisation processes on ALL media types.

The Standard is presented in 10 Modules each covering different aspects in asset recovery and contain mandatory requirements.

There are current plans for version 8 of this document.

Published 01/01/2020
Authoring body: Asset Disposal & Information Security Alliance (ADISA)
Standards
Resource
Engagement & Communication APP

Police engagement and communication is key to the success of community policing and having an effective presence in the area the police serves in. Developing and maintaining healthy and positive relationships with community leaders and the wider public is crucial for establishing engagement. Without this being able to prevent, detect or investigate and solve crime may become much more difficult, as well as bringing offenders to justice. It will reduce confidence and public image in the Police service as service to the public may become unworkable. There it is important that both the public and Police service both cooperate and be in intentional about developing strong relations.

It is important to the local police that communities have confidence and trust in the Police Service in order for the Police to carry out their duties effectively and to keep communities safe. Both parties play an essential role in the world of policing.

This document sets out the principles of engagement and communication, including public relations.

Published 01/01/2017
Authoring body: College of Policing (CoP)
Guidance
Resource
Government Security Classification

{Consensus: This document is currently open for community feedback for it to be added to the platform}

This document describes how HM Government classifies information assets into OFFICAL, OFFICIAL SENSITIVE, SECRET and TOP SECRET to ensure information can be protected but also efficiently shared. This is not a statutory scheme, but operates within the requirements of the Official Secrets Acts (1911 and 1989) and the Freedom of Information Act (200) and Data Protection legislation.

Published 01/05/2018
Authoring body: Cabinet Office
Policy
Resource
Facing the Camera - Guidance on police use of overt CCTV and facial recognition to locate persons on a watchlist in public

{Consensus: This document is open for community feedback for it to be added to the platform in order to provide regulatory information sparked in direct response to a legal challenge.}

This code of practice issued by the Secretary of State (regulated by the Surveillance Camera Commissioner) under the Protection of Freedoms Act 2012 (PoFA) covers police forces in England & Wales. Chief officers must have regard to this code when using facial recognition algorithms as part of the operation of surveillance camera systems, or the use or processing of images or other information obtained.

The code only applies to the use of facial recognition technology and processing of images from surveillance cameras operated in 'live time' or 'near real time' operational scenarios.

The code includes considerations into:

  • Applicability
  • Biometrics
  • Ethics
  • Human Rights
  • Legal frameworks
  • Police policy documents
  • Governance
  • Evidence handling
  • Public engagement
  • Accountability and certification

Also included as an attachment is the National Surveillance Camera Strategy for context.

Published 01/11/2020
Authoring body: Surveillance Camera Commissioner (SCC)
Principles
Resource
DCMI Specifications

Dublin Core Metadata Initiative (DCMI) publishes semantic specifications, mostly related to the "Dublin Core" vocabularies, metadata, such as encoding syntaxes, usage guidelines, and metadata models and has fifteen elements. The growth of the publishing specifications led to the discussion of it becoming a standard and led to the publication of ANSI/NISO Z39.85-2001 and International Standards Organisation Standard 15836-2003. The most recent updates of these standards are RFC 5791 (2010), Z39-85-2012, and ISO 15836-1:2017. 

DCMI Specification also includes

  1. Bibliographic Ontology (BIBO),  a Semantic Web vocabulary for expressing citations and bibliographic references

  2. Learning Resource Metadata Initiative (LRMI) a collection of classes, properties and concept schemes for mark-up and description of educational resources. It augments on Schema.org for description of learning resources. 

The LRMI concept schemes are small sets of concepts for use as values with the LRMI properties in learning resource description and Web markup.

The DCMI Usage Board has served as the maintenance committee for DCMI Metadata Terms and maintenance of maintenance agency for ISO 15836.

 

Published 01/01/2018
Authoring body: Dublin Core Metadata Initiative (DCMI)
Standards
Resource
Cloud Security Guidance

Published by the National cyber security centre, this guidance document provides details and context on the following 14 cloud security principles.

1. Data in transit

2. Asset protection and resilience

3. Separation between users

4. Governance framework

5. Operational security

6. Personnel security

7. Secure development

8. Supply chain security

9. Secure user management

10. Identity and authentication

11. External interface protection

12. Secure service administration

13. Audit information for users

14. Secure use of the service

 

Published 17/11/2018
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
Forensic Science Regulator Information Legal Obligations (Issue 8)

The role of the forensic science regulator is to advise the Government and the criminal justice system on quality standards in the provision of forensic science. Recommend new requirements for new and improved standards and providing advice and guidance so that providers will be able to demonstrate compliance with common standards, in procurement and in courts 


A key requirement of any standards framework in forensic science is that the output meets the requirements of the Criminal Justice System (CJS). 
 This document sets out the view of the Regulator as to the legal landscape within which forensic scientists operate within the CJS. 


There are legal obligations placed on expert witnesses as sources in the Criminal Justice System in England and Wales as Expert evidence is admissible “to furnish the court with scientific information which is likely to be outside the experience and the knowledge of a judge or jury”. This places the expert witness in a privileged position.

It is important to note that expert evidence can only be given by a person who is an expert in the relevant field. An expert witness must provide the court with objective, unbiased opinion on 
matters within his expertise 
Witnesses must act with honesty and good faith. 


Published 30/04/2020
Authoring body: Forensic Science Regulator (FSR)
Standards