Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
Government Security Classification (GSM)
This document describes how HM Government classifies information assets into OFFICAL, OFFICIAL SENSITIVE, SECRET and TOP SECRET to ensure information can be protected but also efficiently shared. This is not a statutory scheme, but operates within the requirements of the Official Secrets Acts (1911 and 1989) and the Freedom of Information Act (2000) and Data Protection legislation.
National Policing Community Security Policy (5.7)
Please note this is an OFFICIAL-SENSITIVE document, to request access please use the 'Contact Us' tab to raise a general query
National Police information, systems and networks must be safeguarded to ensure the Police Community can meet their statutory and regulatory responsibilities. The Police Community meets these responsibilities through a community of trust and by the implementation of this Community Security Policy (CSP).
This document relates to all National Police information; systems/services and networks, for which Chief Officers or Chief Executives are Joint Data Controllers. Furthermore it extends to all systems whether national or local that connect to access police information.
Extraction of material from digital devices APP
This document sets out the obligations on the police under the Data Protection Act 2018 and how these interact with other relevant legislation and case law. It provides police officers and staff with a set of principles to inform how they obtain digital devices – most often mobile phones but also laptops and other computers – from victims, witnesses and suspects for the purpose of an investigation and how they then extract the digital material from those devices. It will also help the public understand the responsibilities of the police when gathering evidence, obtaining devices and accessing the material held on them.
Cyber Essentials guidance
Most cyber attacks are conducted by unskilled individuals and are very basic in nature and cyber security is an important aspect to guard any organisation from cyber attacks. There are five essential technical controls that any organisation can put in place the following:
-
Use a firewall to secure your internet connection
Many organisations will have a dedicated boundary firewall which protects their whole network. This effectively creates a ‘buffer zone’ between your IT network and other, external networks.
-
Choose the most secure settings for your device an software
always check the settings of new software and devices and where possible, make changes which raise your level of security. For important accounts such as banking and IT administration, you should use two-factor authentication
-
Control who has access to your data and services
To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role.
-
Protect yourself from viruses and other malware
Viruses are another well-known form of malware (malicious software). These programs are designed to infect legitimate software, passing unnoticed between machines. A user may open an infected email attachment, browse a malicious website, or use a removable storage drive, such as a USB memory stick, which is carrying malware. You can use anti-malware/virus software to detect and treat them.
-
Keep your devices and software up to date
Manufacturers and developers release regular updates which not only add new features, but also fix any security vulnerabilities that have been discovered. Therefore it is important that manufacturers support the device with regular security updates.
10 Steps to Cyber Security
This guidance is designed to help organisations protect themselves in cyberspace and best practises for cyberspace security. It relays the task of defending your networks, systems and information into its essential components.
It is important to note, when dealing cyberspace protection, the organisation knows the kinds of cyber attacks it expects to understand what protection would be needed.
Note: This high level guidance provides context on the 10 steps. Each step is also individually signposted on the National Standards platform.
Showing 141 to 145 of 204 entries.