Search - National Standard Microsite

This document was retired in July 2021

This Guide demonstrates how the provision of an effective framework of Protective Monitoring of HMG ICT systems is an essential contribution to the treatment of information security risks.

Protective Monitoring is a set of business processes and contains essential support technology in monitoring and provide risk treatment to how ICT systems are used and to ensure accountability to the systems. This includes facilities of audit trails, audit logs and raising alerts.

However if these processes are not implemented or monitored it would be easy for the abuse of such ICT systems, the information that it possesses by users who wish to misuse the system and information.

The confidentiality, integrity and availability of public sector ICT systems are of upmost importance. This guide shows us how important implementing an effective protective monitoring process for the treatment of information security risks. Other factors must be considered with this, such as the necessary supporting infrastructure, manpower resource, skilled expertise and IA.

The aim of this guide is to provide advice on good practise to adhering to the protective monitoring obligations, the information that needs to be recorded and audited, events generated and alerted generated in response to potential misuse and abuse of the ICT systems as well as anticipated modes of attack.

Intended readers are for all Information Assurance (IA) practitioners.

This document was retired in July 2021

The Information Systems Strategy for the Police Service (ISS4PS) is an overarching strategy for Information and Communications Technology (ICT) and Information Systems (IS) for the Police service across the whole of England and Wales.

The ISS4PS policies calls on the police service to work together to adopt common standards, products, common administrative and citizen-focused services to help improve police performance and efficiency, and to reduce costs by establishing foundations and defining governance, securing alignment and delivering joined-up services across each force. 

As a result, in the coming years, the ISS4PS will become a major pillar underpinning police efforts to support Transformational Government, the creation of strategic forces, and be a key tool for the National Policing Improvement Agency.

It is important to note that the ISS4PS represents a collective view of key stakeholders ranging from the Home office, Association of Chief Police Officers (ACPO), Association of Police Authorities (APA), the various police forces and the Criminal Justice Information Technology (CJIT).

This document was retired in July 2021

The Information Systems Strategy for the Police Service (ISS4PS) version 3 is the overarching strategy for  Information Systems (IS)/Information Communication Technology (ICT) in policing. ICT Architecture is the technical foundation of an effective ICT strategy. The ISS4PS focuses on technology, data and application architecture, therefore as a result this document contains technical detail describing the architecture.

The ISS4PS is designed to assist in meeting many of the goals of government imperatives, such as, the National Policing Plan. In order for the Police Service to meet the demands set out, it must view itself as an enterprise operating at a national level. It also follows the e-GIF standards and principles, recognises the diversity of IS/ICT within the Police Service, and is cognisant of Criminal Justice System (CJS) technical architectures.

The key theme that runs throughout the ISS4PS is that the Police Service will develop more commonality and become more joined-up in its approach to IS/ICT services.

Intended readers are for ICT Directors, ICT central coordinators, ICT Solution Architects, service providers and technical staff at the Home Office, Association of Chief Police Officers (ACPO), Association of Police Authorities (APA), the Forces, and Criminal Justice Information Technology (CJIT).

This document was retired in July 2021

Information Risk Management play a major role in the Police Service and in government agencies. All government departments and agencies must produce an Information Risk Management policy, as it is a fundamental aspect to Information Security Strategy as it has a huge impact on IA policies, standards and procedures. This must include:

• Information risk appetite

• Compliance with all legal and regulatory requirements

• IA governance framework

• Technical risk assessment against all ICT systems

This document serves as part of the Security Policy Framework (SPF) and supports the SPF mandatory requirements. 

The aim of this standard is to provide twenty Risk Management Requirements (RMRs), which government agencies must use as the basis for Information Risk Management Policy as well as supporting the intended readers list.

Intended readers are senior Information Assurance (IA) related government posts, Senior Information Risk Owners (SIROs), Departmental Security Officers (DSOs), Information Asset Owners (IAOs), Information Risk Managers (IRM), Security & Information Risk Advisors (SIRAs), Information Assurance Analysts.

For further enquiries, or if you'd like to provide feedback, please email or fax: 

Email: enquiries@cesg.gsi.gov.uk

Fax: (01242) 709193 (for UNCLASSIFIED FAXES ONLY)

This document was retired in July 2021

Digital imaging has become firmly established in the mainstream of public life and as a key enabling technology for the Police Service and Criminal Justice System (CJS) and has enormous benefit for the swift and accurate outcome of investigations.

Digital Imaging is the capture, retrieval, storage or use of evidential digital images. The aim of this document is to detail the processes involved in the proper capture and handling of digital images for police applications and to define best working practice starting from the process of the initial preparation and capture of images, through the transfer and designation of Master and Working Copies, to the presentation in court and finally the retention and disposal of exhibits.

A key part of the digital imaging process is the creation of an identifiable and isolated Master reference as this procedure enhances the integrity of proper evidential gathering processes whilst reducing the risk of malicious manipulation. It is also important to note that broader range of technologies are now available for the capture and storage of digital imagery which will be discussed in the document.

Intended readers of this document are operational, administrative and judicial staff involved throughout all stages of the Criminal Justice System (CJS) and anyone handling digital imaging.