Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
ISO/IEC 27004:2016 IT Security Techniques — Information Security Management — Monitoring, Measurement, Analysis and Evaluation
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
This international standard was created to help organisations evaluate the information security performance and the effectiveness of an information security management system. The results of monitoring and measurement of an information security management system (ISMS) can be supportive of decisions relating to ISMS governance, management, operational effectiveness and continual improvement. It also helps to establish
-
the monitoring and measurement of information security performance
-
the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls
-
the analysis and evaluation of the results of monitoring and measurement.
ISO 22301:2019 Security and Resilience — Business Continuity Management Systems — Requirements
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
This standard speaks into the structure and requirements for implementing and maintaining a business continuity management system (BCMS) that develops business continuity within an organisation experience disruption.
A BCMS emphasises the importance of:
-
understanding the organisation’s needs and the necessity for establishing business continuity policies and objectives;
-
operating and maintaining processes, capabilities and response structures for ensuring the organisation will survive disruptions;
-
monitoring and reviewing the performance and effectiveness of the BCMS;
-
continual improvement based on qualitative and quantitative measures.
The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing an organisation’s overall ability to continue to operate during disruptions.
-
supporting its strategic objectives
-
creating a competitive advantage
-
protecting and enhancing its reputation and credibility
-
reducing legal and financial exposure
-
reducing direct and indirect costs of disruptions
-
protecting life, property and the environment
-
providing confidence in the organisation’s ability to succeed
-
improving its capability to remain effective during disruptions
-
addressing operational vulnerabilities
The management process of BCMS are categorised by the following:
-
policy
-
planning
-
implementation and operation
-
performance assessment
-
management review
-
continual improvement
The outcomes of maintaining a BCMS are shaped by the organisation’s legal, regulatory, organisational and industry requirements, products and services provided, processes employed, size and structure of the organisation, and the requirements of its interested parties.
ISO/IEC 27013:2015 IT Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The relationship between information security management and service management is so close that many organisations already recognise the benefits of adopting the two International Standards for these domains. There are a number of advantages in implementing an integrated management system.
Benefits:
-
Enhanced credibility, with internal and external customers
-
Lower cost of an integrated programme of two projects
-
Reduction in implementation time due to the integrated development of processes common to both standards
-
Better communication, reduced cost and improved operational efficiency through elimination of unnecessary duplication
-
a greater understanding by service management
This International Standard is intended for use by persons with knowledge of both of the International Standards ISO/IEC 27001 (information security management system (ISMS) and ISO/IEC 20000-1 (a service management system (SMS)) and provides guidance on the implementation of both international standards.
ISO/IEC 27001:2013 IT Security techniques — Information Security Management Systems — Requirements
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The implementation of an information security management system is a strategic decision for an organisation that is influenced by the organisation’s needs and objectives, security requirements, the organisational processes and thus the International Standard has been setup to establish, implement, maintain and continually improve an information security management system.
The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. This also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation and is applicable to all organisations, irrespective of size and structure.
ISO/IEC 27000:2020 IT Security techniques - Information Security management systems - Overview & Vocabulary
The International Organisation Standardisation (ISO) and the International Electrotechnical Commission (IEC) form the specialised system for worldwide standardisation. National bodies that are apart of the ISO or IEC participate through technical committees in the development of International standards to deal with particular areas of technical activities.
ISO/IEC in light of information technology provides an international standard and overview by for management systems by which a model can be followed in setting up and operating a management system. Information Security Management System (ISMS) is responsible for ensuring continuous development of the international management system standards.
Through the various standards developed, organisations can develop and implement a framework for managing and protecting the security of the information assets and systems including financial information, intellectual property, employee details, customer, client and third parties personal details.
The ISMS Standard includes standards that define requirements for an ISMS, provides direct support and guidance for the overall process to implement and maintain an ISMS standard, address conformity assessment for ISMS and provide terms and definitions for the international standard.
ISO/IEC 27002:2013 IT Security techniques - Code of Practice for Information Security Controls
This document informs the implementation of controls within an information security management system based on ISO 27001.
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
This International Standard is designed for organisations to use as a reference for selecting controls within the process of implementing an Information Security Management System (ISMS) based on ISO/IEC 27001. It can also be used as guidance for implementing commonly accepted information security controls.
All types of organisations including public and private sector, commercial and non-profit organisations collect collect, process, store and transmit information in many forms including electronic, physical and verbal and therefore the value of information goes beyond the written words, numbers and images. Knowledge can also be intangible such as concepts, ideas, knowledge, brands, reputation – these are all forms of intangible information. As a result vital information can be very valuable to an organisation’s and as such deserves and require protection against various hazards.
Therefore it is essential that an organisation identify its security requirements by 1. Assessing risk 2. Observing all statutory, regulatory and contractual requirements that an organisation has to satisfy 3. Setting principles, objectives and business requirements for information handling, processing, storing, communicating and archiving that an organisation has developed to support its operations.
Security Policy Framework for HMG Organisations
This Framework describes the Cabinet Secretary and Official Committee on Security expectations of how HMG organisations and third parties handling HMG information and other assets will apply protective security to ensure HMG can function effectively, efficiently and securely.
The Security Policy Framework should be applied across Her Majesty’s Government and assets that are held by third parties in the wider public sector and by our commercial partners and personal responsibility and accountability should be undertaken to uphold the policy as attitudes and behaviours are key for exercising good security.
It is important to note that proper management, risk management, good governance and judgment and discretion remain the most form of effective security protection.
Facing the Camera - Guidance on police use of overt CCTV and facial recognition to locate persons on a watchlist in public
This code of practice issued by the Secretary of State (regulated by the Surveillance Camera Commissioner) under the Protection of Freedoms Act 2012 (PoFA) covers police forces in England & Wales. Chief officers must have regard to this code when using facial recognition algorithms as part of the operation of surveillance camera systems, or the use or processing of images or other information obtained.
The code only applies to the use of facial recognition technology and processing of images from surveillance cameras operated in 'live time' or 'near real time' operational scenarios.
The code includes considerations into:
- Applicability
- Biometrics
- Ethics
- Human Rights
- Legal frameworks
- Police policy documents
- Governance
- Evidence handling
- Public engagement
- Accountability and certification
Also included as an attachment is the National Surveillance Camera Strategy for context.
Create and iterate an SPF record for email authentication
This document provides guidance on how to create and iterate a Sender Policy Framework record, which is a system of email authentication.
SPF works by providing domain owners a way to publish a list of the IP addresses which should be trusted for a given domain. A receiving email service can then check that a sending email service has an IP address which appears in the sender's published list.
If the IP address appears in the list of acceptable IPs, the receiving email service will forward the email to the recipient's inbox. If the receiving email service cannot confirm the IP address is valid, then it marks the email in accordance with the DMARC policy you have implemented on the domain the email is being sent from.
Criminal Justice System Exchange Data Standards Catalogue (Version 6)
The CJS Data Standards Catalogue is a collection of data standards used by Criminal Justice Organisations in England & Wales to support interoperability between their different ICT systems.
If you are a member of a Criminal Justice Organisation and work in the area of data standards then you too can help to shape that change. If you have any questions then please raise them with the Forum representative for your organisation by visiting https://www.gov.uk/guidance/criminal-justice-system-data-standards-forum-guidance.
Showing 121 to 130 of 204 entries.