to add a new content
Resource
Digital Evidence Storage v3.0

This is intended as a high-level overview of the requirements for digital evidence storage in a multimedia context. Ratings follow the MoSCoW system of Must, Should, Could and Won’t. The requirements are split into two sections, File Handling and Functionality. Systems must be compliant with the principles in the DSTL NPCC Digital Imaging and Multimedia Procedure v3.0 and Recovery and Acquisition of Video Evidence v3.0 and adhere to the Forensic Science Regulator Act 2021 and Statutory Code.

Published 06/12/2022
Authoring body: NPCC
Standards
Resource
NPCC framework for use of video evidence v3.0

This document is relevant to all police non-specialist front-line staff and forensic unitsi who utilise video evidence and to bring clarity around activities relating to recovery, acquisition, viewing and processing of CCTV. It outlines those activities that must be undertaken by Police Forces and accredited laboratories in line with the Forensic Science Regulator Act 2021 and Statutory Code. The following charts stipulate what level of training is required and whether force procedures must be in place to carry out Forensic Science Activities (FSAs) and mitigate the risks highlighted by the risk matrix where activities may be excluded from accreditation. This document has been created to support the recommendations of the NPCC CCTV Working Group and Specialist Capability Network and supersedes the now defunct Annex A and B CCTV Scope for Accreditation document, which was previously circulated by the NPCC as a supplement to the first Forensic Regulators FSR-C-119 Code of Practice and Conduct, now replaced by the Statutory Code and FSA Digital Forensics - Video Analysis, and FSA Basic Recovery and Acquisition of Images.

Published 06/12/2022
Authoring body: NPCC
Standards
Resource
ICT Asset Recovery Standard 7.0

Asset Disposal & Information Security Alliance (ADISA) is an organisation designed to improve risk management and data protection within business processes for IT asset retirement and disposal.

The ADISA ICT Asset Recovery Standard 7.0 is an updated version released in January 2020 from its first launch from its first launch in 2010. It better aligns to the updates and amendments of the Data Protection legislation including but not limited to the EU General Data Protection Regulation, the UK Data Protection Act and the Californian Consumer Privacy Act 2018.

This area covers asset management and data sanitisation. The ADISA ICT Asset Recovery Standard was developed to identify risk which might exist within this process and to then assess countermeasures which are in place to mitigate that risk.

 The objective of the ADISA Asset Recovery Standard is to ensure that every data bearing asset is managed throughout the process and that any resident data is sanitised in accordance with the client’s requirements or to industry best practice levels, to promote the re-use of assets through risk management and to help organisations comply with Data Protection Laws.

These are achieved by creating a physical environment within the ITAD process which offers equivalent levels of security to those in place when the asset is in its live environment, testing the abilities of the service provider to create and then maintain the chain of custody throughout the process, ensuring the process is consistent and repeatable, assessing current data sanitisation processes on ALL media types.

The Standard is presented in 10 Modules each covering different aspects in asset recovery and contain mandatory requirements.

There are current plans for version 8 of this document.

Published 01/01/2020
Authoring body: Asset Disposal & Information Security Alliance (ADISA)
Standards
Resource
Cyber Security: Asset management

Step 3 from the 10 steps to Cyber Security covers asset management, ensuring you know what data and systems you manage, and what business need they support.

Asset management encompasses the way you can establish and maintain the required knowledge of your assets. Over time, systems generally grow organically, and it can be hard to maintain an understanding of all the assets within your environment. Incidents can occur as the result of not fully understanding an environment, whether it is an unpatched service, an exposed cloud storage account or a mis-classified document. Ensuring you know about all of these assets is a fundamental precursor to being able to understand and address the resulting risks. Understanding when your systems will no longer be supported can help you to better plan for upgrades and replacements, to help avoid running vulnerable legacy systems.

Published 11/05/2021
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
Procurement policy notes

This collection brings together all procurement policy notes, providing guidance on best practice for public sector procurement, to better enable policing to have a consistent approach to the purchase of digital, data and technology solutions.

Published 01/10/2021
Authoring body: Cabinet Office / Crown Commercial Services (CCS)
Policy