Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
Digital Evidence Storage v3.0
This is intended as a high-level overview of the requirements for digital evidence storage in a multimedia context. Ratings follow the MoSCoW system of Must, Should, Could and Won’t. The requirements are split into two sections, File Handling and Functionality. Systems must be compliant with the principles in the DSTL NPCC Digital Imaging and Multimedia Procedure v3.0 and Recovery and Acquisition of Video Evidence v3.0 and adhere to the Forensic Science Regulator Act 2021 and Statutory Code.
NPCC framework for use of video evidence v3.0
This document is relevant to all police non-specialist front-line staff and forensic unitsi who utilise video evidence and to bring clarity around activities relating to recovery, acquisition, viewing and processing of CCTV. It outlines those activities that must be undertaken by Police Forces and accredited laboratories in line with the Forensic Science Regulator Act 2021 and Statutory Code. The following charts stipulate what level of training is required and whether force procedures must be in place to carry out Forensic Science Activities (FSAs) and mitigate the risks highlighted by the risk matrix where activities may be excluded from accreditation. This document has been created to support the recommendations of the NPCC CCTV Working Group and Specialist Capability Network and supersedes the now defunct Annex A and B CCTV Scope for Accreditation document, which was previously circulated by the NPCC as a supplement to the first Forensic Regulators FSR-C-119 Code of Practice and Conduct, now replaced by the Statutory Code and FSA Digital Forensics - Video Analysis, and FSA Basic Recovery and Acquisition of Images.
ICT Asset Recovery Standard 7.0
Asset Disposal & Information Security Alliance (ADISA) is an organisation designed to improve risk management and data protection within business processes for IT asset retirement and disposal.
The ADISA ICT Asset Recovery Standard 7.0 is an updated version released in January 2020 from its first launch from its first launch in 2010. It better aligns to the updates and amendments of the Data Protection legislation including but not limited to the EU General Data Protection Regulation, the UK Data Protection Act and the Californian Consumer Privacy Act 2018.
This area covers asset management and data sanitisation. The ADISA ICT Asset Recovery Standard was developed to identify risk which might exist within this process and to then assess countermeasures which are in place to mitigate that risk.
The objective of the ADISA Asset Recovery Standard is to ensure that every data bearing asset is managed throughout the process and that any resident data is sanitised in accordance with the client’s requirements or to industry best practice levels, to promote the re-use of assets through risk management and to help organisations comply with Data Protection Laws.
These are achieved by creating a physical environment within the ITAD process which offers equivalent levels of security to those in place when the asset is in its live environment, testing the abilities of the service provider to create and then maintain the chain of custody throughout the process, ensuring the process is consistent and repeatable, assessing current data sanitisation processes on ALL media types.
The Standard is presented in 10 Modules each covering different aspects in asset recovery and contain mandatory requirements.
There are current plans for version 8 of this document.
Cyber Security: Asset management
Step 3 from the 10 steps to Cyber Security covers asset management, ensuring you know what data and systems you manage, and what business need they support.
Asset management encompasses the way you can establish and maintain the required knowledge of your assets. Over time, systems generally grow organically, and it can be hard to maintain an understanding of all the assets within your environment. Incidents can occur as the result of not fully understanding an environment, whether it is an unpatched service, an exposed cloud storage account or a mis-classified document. Ensuring you know about all of these assets is a fundamental precursor to being able to understand and address the resulting risks. Understanding when your systems will no longer be supported can help you to better plan for upgrades and replacements, to help avoid running vulnerable legacy systems.
Procurement policy notes
This collection brings together all procurement policy notes, providing guidance on best practice for public sector procurement, to better enable policing to have a consistent approach to the purchase of digital, data and technology solutions.