Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
National Policing Community Security Principles V1.3
This document provides all National Policing and its partners with a clear set of information security principles, which are the foundation to all information security activity.
National Policing Community Security Policy v1.3
This Policy provides confirmation of management intent, in support of the Community Security Principles. This Policy will define how the principles are to be achieved, at a high level. Detail to support this Policy will be in the form of standards, control objectives and other supporting documentation.
National Policing Community Security Policy Framework v1.3
This framework provides all National Policing and its partners with a clear guide of how information security policies and standards work in National Policing, the objectives of the framework, whom the framework and its supporting policy and principles apply to, whom has accountability for information security and risk and how policies will be governed.
National Policing Community Security Policy v1.2
National Policing will maintain public trust by securing our data and by applying a consistent, proportional approach to technology risk across policing. The Community Security Policy (CSP) is an integral part of the Community Security Policy Framework and combined with Community Security Principles and the supporting standards, control objectives and other supporting documentation will help policing maintain public trust in its management of information assets. This Policy should be read in conjunction with the National Policing Community Security Policy (CSP) Framework, and Community Security Principles with which this policy is aligned. The audience, scope, objectives, governance and exception process for this policy are defined by the National Policing Community Security Policy Framework, which can be found in Knowledge Hub. For clarity this policy has been approved by the Police Information Assurance Board (PIAB) and applies to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing. This policy has taken into consideration and is aligned with industry best practice, which includes ISO/IEC 27002:2022, CIS Controls v8 (Center for Information Security), NIST Cyber Security Framework, CSA Cloud Controls Matrix v4 (Cloud Security Alliance) and NCSC 10 Steps to Cyber Security.
National Policing Community Security Principles v1.2
Principles are general rules and guidelines, intended to be enduring and seldom amended, that inform and support and prioritise the way in which National Policing decides which ideas, initiatives and/or opportunities are to be progressed (and warrant investment) and those that are not. These principles are a fundamental part of the National Policing Community Security Policy Framework and provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of information security capabilities can be assembled. The primary focus of these principles is to provide the starting point for, setting the policy, standards and control objectives, which support the Community Security Policy Framework. The audience, scope, objectives, and governance for these principles are defined by the National Policing Community Security Policy Framework, which can be found on Knowledge Hub. For clarity these principles are approved by the Police Information Assurance Board (PIAB) and apply to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing.
National Policing Community Security Policy Framework v1.2
This framework defines the holistic approach to information and technology risks by aligning to Government Security standards, guidance from the National Cyber Security Centre (NCSC) and industry best practice. The National Policing Community Security Policy Framework supports a proportionate baseline standard of cyber security for National Policing to deliver its operational and strategic objectives. As the cyber threat landscape facing the UK Police forces continues to evolve, so must the means by which forces maintain their security posture. The purpose of the National Policing Community Security Policy Framework is to provide the structure for information security for National Policing, suppliers, and partners to carry out their services securely.
National Police Information Security Risk Management Risk Balance Case Template
The National Policing Information Security Risk Management Framework provides the foundations of risk management across policing in line with the Police Cyber Assurance Framework (PCAF).
This template must be completed in conjunction with the National Security Risk Management Framework and Guidance.
The Risk Decision Document should be a single document that outlines any national risk, and the recommended measures for mitigating it. The template is organised into sections, each containing specific guidance points on content to be included.
National Police Information Security Risk Management Framework
This framework is to ensure that all security risks are identified, assessed, and managed in accordance with best practice in order to facilitate improved governance. It is mandatory for all information systems that hold Police information or which deliver an operational service to policing to undergo a risk assessment, as stipulated in the National Policing Community Security Policy. The Security Risk Management Framework mutually supports the Police Cyber Assurance Framework (PCAF). The framework supports the requirements of the National Community Security Policy (NCSP.)
POLE Data Standards Catalogue v1.0
The intended purpose of this standard is to promote interoperability and improve the data quality of systems by converging on a common set of POLE data definitions used within Policing. POLE data definitions describe how People, Objects, Locations and Events (POLE) should be formatted.
There are 44 POLE entities described in this standard including:
- 20 person entities
- 13 object entities
- 5 location entities
- 6 event entities
The standard defines the attributes (field size, format, type) used to create the entities and contains and “entity x attribute map”. It also contains validation rules for these attributes.
This standard is owned by the National Police Chiefs Council (NPCC) and should be regarded as the default data standard for all POLE entities.
Along with the standard, the POLE data model (POLE v1.1.accdb) and data dictionary (POLE data standards - Data dictionary v1.1.xlsx) are also attached below.
IDENTITY AND ACCESS MANAGEMENT STANDARD
This standard defines the requirements which, when applied, will define identity and access management
standards to national policing IT systems. Areas considered include account management, access control
mechanism, privilege access, account provisioning, account review, access suspension and termination,
guest accounts, third party access and audit requirements.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable
reference for community members, notably those who build and implement IT systems on behalf of
national policing.
This standard also relates to other PDS standards such as passwords, system access, PAM, vetting, which
the audience should also consider
Showing 1 to 10 of 14 entries.