to add a new content
Resource
Open Source Software - Exploring the Risk (Good Practice Guide 38)

This guidance seeks to assist a range of IA professionals in exploring the risks associated with the use of Open Source Software (OSS) products. It does so by prompting a number of ‘whole lifecycle’ issues and questions which potential users should ask themselves when making software choices, not just of OSS, but also of proprietary products. This is because there are no ‘right’ or ‘wrong’ answers when it comes to the security of OSS versus that of proprietary (typically closed source code) products. There are good and bad examples of each in this respect and no one type is inherently more, or less, secure than the other.

This guidance supports the Government ICT StrategyI objective of creating a level playing field for open source software solutions. It does not evaluate, recommend or otherwise offer judgement on the following:

Specific OSS products;
Savings in running costs that an organisation may realise by the adoption of OSS over proprietary products;
The legal risks that may arise, for example from issues concerning copyright, intellectual property, or infringement of licences

This guidance was reviewed by the National Standards Assurance Board in January 2021 and was deemed to still provide relevant information

Published 01/10/2015
Authoring body: Communications-Electronics Security Group (CESG) [HMG]
Guidance
Resource
ISO 90011:2018 Guidelines for Auditing Management Systems

This document informs the creation of auditing systems.

With many organisations now wanting to combine a number of management systems into one, there has been awareness to also combine auditing capabilities into one for these management systems. As a result the international standard BS EN ISO: 19011:2011 has created this standard to provide organisations the knowledge for auditing modern management systems, the principles and guidance to ensuring they deliver a high standard of auditing capabilities and that organisations do not fail which could have damaging effects such as losing out on contracts, certifications, and operational efficiency.

Organisations can save vast amount of time, money and resources, by applying a single approach to multiple management systems by streamlining their auditing processes and removing duplication of effort.

This document shed insights into planning, decision-making and evaluating audits.

The standard includes (but not limited to:

  • Scope

  • Principles of Auditing

  • Managing an audit programme

  • Establishing the Audit programme

  • Implementing the audit programme

  • Monitoring an audit programme

  • Reviewing and improving the audit programme

  • Conducting audit activities

  • Preparing audit report

  • Conducting audit evaluation

  • And much more

Fee applies of £254.00 (members price: £127.00) for accessing the standard.

Published 01/01/2018
Authoring body: British Standards Institution (BSI)
Standards
Resource
Criminal Intelligence Manual for Analysts

Intelligence is information (raw data) worked, evaluated in context to its source and reliability to create added value and meaning to its user (Information + Evaluation = Intelligence).

Analysis is about tracing their source to discover the general principles behind the information and ascertaining parts. Therefore we can say that intelligence analysis is about collecting and utilising information, evaluating it to process it into intelligence, and then analysing that intelligence to produce products to support informed decision-making. 

Analysis goes beyond the facts asking questions such as: 

  • What exactly is the problem?

  • What is it a problem?

  • What information do we already possess that is relevant to the problem?

  • Where is the information held?

  • How can we obtain it?

  • What meaning can we extract from the information?

  • Are we ready to take action with the information received?

The process of applying these questions, evaluating the answers, choosing the response and outputs/actions is the process and essence of what analysis is about. Analysis is going beyond the facts and digging deeper.

Therefore criminal intelligence analysis is the in-depth analysis of criminal activity, criminal information and the criminals. This also includes the retrieval and storage of digital/online content. The use of Information Technology has become ever so critical in the modern age.

Published 01/01/2011
Authoring body: United Nations Office on Drugs and Crime (UNODC)
Guidance
Resource
Video surveillance systems for use in security applications BS 62676

This document has been written by subject matter experts, together with many governmental organisations, test houses and equipment manufacturers to defined a common framework for video surveillance transmission in order to achieve interoperability between products. 

The 62676 series is divided into 4 independent parts:
Part 1: System requirements (with 2 sub-parts: General and Performance requirements)
Part 2: Video transmission protocols
Part 3: Analog and digital video interfaces
Part 4: Application guidelines

This standard is intended to assist Video Surveillance System suppliers, users (including law enforcement), integrators and other interested parties achieve a complete and accurate specification of the surveillance system. This standard standard does not specify the type of technology required for a certain observation task.

[Note that this document, despite being authored in 2014, has been reviewed by subject matter experts in April 2021 and deemed to still represent good practice and relevancy]

Published 01/05/2014
Authoring body: British Standards Institute (BSI)
Standards
Resource
Guidance on Automatic Number Plate Recognition (ANPR) Performance, Assessment and Optimisation

This guidance document suggests how to set up, maintain, monitor and maximise the performance of an ANPR system. It is written for law enforcement ANPR operatives and commercial installers on behalf of the National ANPR Strategy Board. It applies to ANPR systems that are part of the National ANPR Infrastructure (NAI) and may feed data into the National ANPR System (NAS).

Users should also consider the Data protection Act 2018 and Surveillance Camera Code of Practice when using this document.

Published 01/06/2020
Authoring body: Home Office
Guidance
Resource
Automatic Number Plate Recognition Regulation 109 Supplier Specification (Version 2.2)

This document's aim is to clearly define to suppliers of in-car ANPR software the minimum requirements to meet Regulation 109 (as amended by the Vehicle Special Order - VSO) whilst at the same time maintaining operational effectiveness and officer safety. Going forwards in this document this version of software will be referred to as ‘Regulation 109 compliant’.


This covers any ANPR system with a screen viewable by the driver, for example bespoke in-car system, tablet device, mobile phone, this will be referred to as an in-car system.
 

Published 01/10/2021
Authoring body: Home Office
Standards
Resource
National ANPR Standards for Policing and Law Enforcement

These standards articulate the requirements with which the police and other Law Enforcement Agencies (LEA) must comply to access the National ANPR Capability (NAC). This document includes a description of the legal basis for ANPR as well as the applicability of these standards. The standards comprise three main sections: Data Standards, Infrastructure Standards and Data Access and Management Standards.

Published 01/11/2020
Authoring body: Home Office
Standards
Resource
National standards for compliance and audit of law enforcement ANPR

This document contains information on the auditing of ANPR systems, including audits of data standards, infrastructure, data access and management, and local systems.

Published 01/09/2020
Authoring body: Home Office
Standards
Resource
National ANPR Technical Standards

This document prescribes the technical specifications for data within the National ANPR Service (NAS). The information within this document is intended to support compliance and consistency in the operation and management of NAS by the police and other law enforcement organisations.

Published 01/05/2021
Authoring body: Home Office
Standards