Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
Cyber Security Architectural Principles
This document provides all National Policing and its partners with a clear set of security architectural principles, which are the foundation to build, design and implement secure solutions.
Data Protection
On the 25th May 2018 the Data Protection Act 2018 was implemented by the UK as the General Data Protection Regulation also known as GDPR. It controls how personal information is captured and used by organisations and the government.
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’ and must ensure that the information they obtain is for a lawful purpose, used fairly and must be transparent about its intended purpose of usage and used explicitly for that purpose only.
Data should also not be kept for more than is necessary, and whilst it is kept, should be kept up to date and handled and secured in a way that does not compromise its protection from unauthorised processing, loss of theft of data.
It is important to note that there is stronger legal protection for more sensitive information such as race, health, sex life, orientation, ethnic background. There are separate safeguards for personal data relating to criminal convictions and offences.
Under the Data Protection Act 2018, an individual has the right to find out what information the government and other organisations holds about them and this ideally should be provided to the individual within 1 month.
To make a complaint about the misuse of personal information or lack of security it should be made to the organisation, following their response the complaint can also be made to the Information Commissioner’s Office.
ICO
casework@ico.org.uk
Telephone: 0303 123 1113
NCSP Management of High Risk Applications standard v1.1
This standard outlines the minimum requirements and controls that must be met to ensure the secure management of applications identified as high risk.
NCSP Robotic process automation guideline
This guideline describes best practice risk management controls for using Robotic Process Automation (RPA) for the purpose of automating manual administrative overheads for National Policing Forces and applications
NCSP MS Power platform guideline v1.0
This guidance is to assist members of the UK policing community of trust in the design, setup and use of Microsoft’s Power Platform service, incorporating Power Apps, Power Automate, and Power Pages.
NCSP Vetting requirements for policing guideline v1.3
This guidance describes the requirements for access to policing assets including premises, information, and information systems. This document should be read in conjunction with the Statutory Vetting Code of Practice and Authorised Professional Practice on Vetting
NCSP Security Management standard v1.1
This standard describes the requirements to implement and maintain an effective cyber security management system as required by the National Policing Community Security Policy Framework.
Implementation of this standard will help members to ensure that adequate management controls and oversight is in place to mature their cyber resilience
Security Management Standard v1.0
This standard describes the requirements to implement and maintain an effective cyber security management system as required by the National Policing Community Security Policy Framework.
Implementation of this standard will help members to ensure that adequate management controls and oversight is in place to mature their cyber resilience.
NCSP Security Governance standard v1.1
This Standard defines the requirements to implement Security Governance as mandated in the National Community Security Policy
NCSP Safe Deployment of High Risk Applications Guideline v1.1
This guideline outlines approaches to follow for any use of high risk applications to reduce risk.