Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
Cyber Security: Data security
Step 7 from the 10 steps to Cyber Security covers the need to protect data where it is vulnerable.
Data needs to be protected from unauthorised access, modification, or deletion. This involves ensuring data is protected in transit, at rest, and at end of life (that is, effectively sanitising or destroying storage media after use). In many cases data will be outside your direct control, so it important to consider the protections that you can apply as well as the assurances you may need from third parties. With the rise in increasingly tailored ransomware attacks preventing organisations from accessing their systems and data stored on them, other relevant security measures should include maintaining up-to-date, isolated, offline backup copies of all important data
Cyber Security: Logging and monitoring
Step 8 from the 10 steps to Cyber Security covers how to design your systems to be able to detect and investigate incidents.
Collecting logs is essential to understand how your systems are being used and is the foundation of security (or protective) monitoring. In the event of a concern or potential security incident, good logging practices will allow you to retrospectively look at what has happened and understand the impact of the incident. Security monitoring takes this further and involves the active analysis of logging information to look for signs of known attacks or unusual system behaviour, enabling organisations to detect events that could be deemed as a security incident, and respond accordingly in order to minimise the impact.
BS 10008 Evidential Weight and Legal Admissibility of Electronic Information
This document outlines best practice for the implementation and operation of electronic information management systems, including the storage and transfer of information. It is designed to help you verify and authenticate all your information to avoid the legal pitfalls of information storage. BS 10008 outlines best practice for transferring electronic information between systems and migrating paper records to digital files. It also gives guidelines for managing the availability and accessibility of any records that could be required as legal evidence.
ISO 15489:2016 Data Records Management
ISO 15489 provides a framework for implementing records management systems - the lifecycle of records from creation through to disposal. Police forces can use this to inform internal records management systems such as the use of Share Point or use as an assessment when considering suppliers of systems, this could include case management.
This document was reviewed by the National Standards Assurance Board in July 2021 and still deemed current and of value to policing
[Added September 2021]
Publishing Accessible Documentation
There is a need under the Equality Act 2010 to ensure documents are readily available to users who have additional accessibility needs. This document explains how to publish accessible documents to meet the needs of all users under the accessibility regulations.
It covers:
- Writing accessible documents
- Making non-HTML documents accessible
- Creating a PDF/A for archiving purposes
- To save a PDF/A in Word, click Save As, change Save as type to PDF, click Options and tick 'PDF/A compliant'
The authors and National Standards Assurance Board accept that there is still a place for PDF documents, especially for archival purposes, but to ensure they are accessible in the future, they should be stored as PDF/A not the normal PDF format.
[Added September 2021]
Minimum standards schedule for the Retention and Disposal of Police Records (2020 v4)
The NPCC Guidance on The Minimum Standards for the Retention and Disposal of Police records has been produced by the NPCC Records Management Working Group to assist police forces in their statutory responsibility to comply with the Data Protection legislation (GDPR EU 2016/679 and Data Protection Act 2018), The Code of Practice on the Management of Police Information (2005) and other legislative requirements.
It contains
- The responisibilities for records retention and disposal
- Risks
- Benefits of a retention schedule
- Management of Police Information (MoPI)
- Maintenance
- Records Retention Tables for:
- Assets & products
- Crime and Case files
- Detecting
- Finance
- Information
- Organisation, Programmes & Projects
- People
- Preventing
- Property
- Prosecution
[Added September 2021]
ISO 17025:2017 General requirements for the competence of testing and calibration laboratories
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. BSI provide the documentation and appropriate licensing.
This standard is used to confirm or recognize the competence, impartiality and consistent operation of laboratories. It applies to all organizations performing tests and/or calibrations, including first, second and third-party laboratories.
Who is this standard for?
- Laboratories where testing and/or calibration is part of inspection or product certification
- Laboratory customers
- Testing organizations
- Regulatory authorities
- Accreditation bodies
- Organizations and schemes using peer assessment
Why should you use this standard?
It specifies general requirements for the competence, impartiality and consistent operation of laboratories. It looks at all of the requirements that testing and calibration laboratories and testing organizations have to meet to prove that they operate a quality system; are technically competent; and can generate technically valid results. It applies to all organizations performing laboratory activities, regardless of the number of personnel.
What’s changed since the last update?
This standard had not been revised since 2005. This technical revision cancels and supersedes the previous edition and has made three main changes:
- A definition of “laboratory” has been added
- Risk-based thinking has been applied, enabling some prescriptive requirements to be replaced by performance-based requirements
- There is greater flexibility in the requirements for processes, procedures, documented information and organizational responsibilities
Frontline Digital Mobility - Connection Types
This guidance will explore the main connection types used by frontline officers and staff, whilst making recommendations about security and appropriate use. This guideline focuses on assisting forces to maximise their use of public 3G/4G (LTE) data networks prior to the delivery and adoption of the Emergency Service Network Data Services. This guideline does not cover voice services delivered over any of these networks.
Frontline Digital Mobility - Peripheral Keyboards
There are many types of keyboards available in the market place with many variances in terms of specification, features and of course price. This guidance explores these variances and makes recommendations (see section 4. Recommendations, page 2) to help forces make informed selections so as to accelerate their mobility maturity.
Frontline Digital Mobility - Portable Hotspots
Portable hotspots are a tried and tested peripheral. Advances continue to make them faster, better and smaller. There are many types of portable hotspots available in the market place with many variances in terms of specification, features and of course price. This guideline explores these variances and makes recommendations (see section 4. Recommendations, page 3) to help forces make informed selections to accelerate their mobility maturity.
Frontline Digital Mobility - Portable Power Banks
Portable power banks are a tried and tested peripheral. Advances continue to be made to make them faster, better and smaller. Yet there are many types of power banks available in the market place with many variances in terms of specification, features and of course price. This guideline explores these variances and makes recommendations (see section 4. Recommendations, page 3) to help forces make informed selections so as to accelerate their mobility maturity.
Frontline Digital Mobility - Laptop shells
A laptop shell is simply a laptop with no internal computing power, this is provided by connecting a smartphone to the laptop, which is then 'driven' by the keyboard, mouse and screen of the laptop 'shell'.
This guideline looks at the variances in terms of specification, features and price between the laptop shells currently available for pre-order. It explores the capabilities that a connected premium smartphone must have, such as DisplayPort and an appropriate “desktop mode”. Finally recommendations are made for forces who wish to be early adopters of this still immature technology (see section 4. Recommendations, page 4).
NPCC Digital Imaging and Multimedia Procedure (Version 3)
This document covers digital multimedia, inclusive of picture, video and audio in the proper capture and handling of digital data for police applications. This represents best practice to benefit the Police Service and Criminal Justice System (CJS).
Following the process set out within this document helps enhance the integrity of proper evidential gathering processes whilst reducing the risk of malicious manipulation.
National Standard for Incident Recording
This document contains the National Incident Category List (NICL) and the principles, guidance and definitions for the National Standard for Incident Recording (NSIR). NSIR was introduced to replace the wide variety of incident recording (and non-recording) that differed from force to force so that common understanding and recording practices would result in effective data provision and use. NSIR now supports effective recording of over 80% of calls
for service, ranging from messages to major incidents.
The NPIA conducted a full review of NSIR in 2009 on behalf of ACPO. This review recommended that NSIR was rationalised and simplified. The NPIA, working closely with the Home Office and Her Majesty’s Inspectorate of Constabulary (HMIC), have moved the focus of NSIR from incident recording to risk
assessment at the front end of service delivery. This aims to support improved identification and management of risks, threats to safety, vulnerability and repeat victims, particularly in relation to anti-social behaviour (ASB).
This document was reviewed by the National Standard Assurance Board in September 2021 and was found to be the most up to date document available, still supported by the NPCC
ALGOCARE - Algorithm assessment tool
ALGO-CARE has been created for policing to use as a decision-making framework for the deployment of algorithmic assessment tools in the policing context. This helps translate key public law and human rights principles into practical considerations and guidance that can be addressed by public sector bodies. Concerns around transparency and accountability cannot be addressed by a one-size-fits-all approach. The factors identified by Algo-care necessitate the careful drafting of procurement contracts with third party software suppliers to require disclosure of algorithmic workings in a way that would facilitate investigation.
ALGO-CARE is endorsed by the NPCC Business Change Council and the NPCC lead for Data Analytics. This was reviewed in September 2021 and found to still be current.
Digital Processing Notices (NPCC extraction of digital content from devices guidance)
These Digical Processing Notices (DPN) provide the basis for the minimum recommended level of information to be both captured and provided to victims, witnesses and suspects by police forces. These forms replace those issued in 2019, to better implement the principles set out in the 2020 Bater-James ruling.
- DPNa - Devices taken from victims/witnesses (capture template and information for victims/witnesses)
- DPNb - Victim/witness Frequently Asked Questions (Information for victims/witnesses)
- DPNc - Devices taken from suspects (capture template and information for suspects
The guidance at the end of each section is particularly relevant on how to best implement these requirements into a solution.
Joint Crown Prosecution Service (CPS) & Police Principles for Redaction
This document contains the agreed principles for redaction of information from digital (and physical) material by police for legal or security reasons. Material includes statements, documentary exhibits, audio and video recordings, digital material, and other sources of information such as crime reports.
Effective redaction allows police and CPS to share and serve relevant information whilst complying with the Data Protection Act 2018 (DPA) and the Criminal Procedure and Investigation Act 1996 (CPIA 1996) / CPIA Code of Practice (CPIA Code) whilst protecting and safeguarding personal and sensitive data.
Police Assured Landing Zone (PALZ) Amazon Web Services (AWS) Blueprint
The AWS Police Assured Landing Zone (PALZ), is a set of configuration, code, security model and design decision rationale artefacts created specifically for policing workloads. The goal is to enable policing organisations to get started using cloud services more quickly, with confidence that they are implementing an assured set of baseline controls, reviewed by National Police Technology Council (NPTC), Police Digital Service (PDS) and National Police Information Risk Management Team (NPIRMT). These control documents are available in the PALZ documentation set. This will allow them to focus their efforts on activities and assurances unique to their workloads.
PALZ provides a landing zone with a multi-account structure aligned with AWS best practice including standardised AWS account and organisational unit (OU) structure, best-practice centralised networking and additional preventative and detective guardrails. It also provides a series of AWS Service Catalogue portfolios and products, which provide a self-service capability that greatly simplifies tasks such as the provisioning of new AWS accounts and the creation of private networks within an AWS account. Finally, PALZ integrates with a number of AWS security services to provide dashboards and alerts which support ongoing compliance monitoring, plus alignment to NEP designs for IAM and NMC.
PALZ has been through the NPTC “Security by Design” process. This process identifies key design decisions which are related to form a series of risks identified with common policing data. NPTC have used an independent third-party assessor to review the design decisions and generate the assurance documentation. This has been reviewed by the Police assuror, National Police Information Risk Management Team (NPIRMT), to approve the security controls and the solution design.
Note: This blueprint is marked OFFICIAL-SENSITIVE, for enquiries on access please contact the National Standards team who can put you in touch with the relevant team
Management of Police Information (MoPI) APP
This Authorised Professional Practice (APP) provides guidance to forces on meeting the requirements of the Management of Police Information (MoPI) Code of Practice in relation to the review, retention and disposal of policing information and records. This APP is supplemented by the Manual of Guidance, which provides a further level of operational data.
Police information refers to all information obtained, recorded or processed for a policing purpose. The Management of Police Information (MoPI) authorised professional practice (APP) provides a framework and guidelines for managing police information, complying with the law and managing risk associated with police information including data retention.
- Policing information is information held for a policing purpose. The MoPI Code of Practice definition of ‘policing purpose’ is:
- protecting life and property
- preserving order
- preventing the commission of offences
- bringing offenders to justice
- any duty or responsibility of the police arising from common or statute law
- Corporate information includes other organisational information, such as HR or finance records, minutes of meetings, policies and procedures.
There is further information on compliance with the Freedom of Information Act.
It should also be noted that the retention periods for biometric data are governed by the Protection of Freedoms Act 2012 and sit outside this APP.
ACPO Good Practice Guide for Digital Evidence (Version 5)
This ACPO guide contains a set of golden principles for management of digital evidence and guidance on each stage in the evidence lifecycle: Plan, Capture, Analyse and Present. This guide represents good practice across a broad digital forensic landscape for policing.
Although dated, this guide has been reviewed in March 2021 by the National Standards Assurance Board and deemed current and relevant.
National Policing Digital Strategy 2020-2030
The National Policing Digital Strategy sets out a new digital ambition for UK policing. It presents a set of tangible digital priorities and outlines the key data and technology building blocks required to deliver them.
The strategy contains 5 priorities:
- Seamless citizen experience
- Addressing harm
- Enabling officers & staff through digital
- Embedding a whole public system approach
- Empower the private sector
Automatic Number Plate Recognition Regulation 109 Supplier Specification (Version 2.2)
This document's aim is to clearly define to suppliers of in-car ANPR software the minimum requirements to meet Regulation 109 (as amended by the Vehicle Special Order - VSO) whilst at the same time maintaining operational effectiveness and officer safety. Going forwards in this document this version of software will be referred to as ‘Regulation 109 compliant’.
This covers any ANPR system with a screen viewable by the driver, for example bespoke in-car system, tablet device, mobile phone, this will be referred to as an in-car system.
National ANPR Standards for Policing and Law Enforcement
These standards articulate the requirements with which the police and other Law Enforcement Agencies (LEA) must comply to access the National ANPR Capability (NAC). This document includes a description of the legal basis for ANPR as well as the applicability of these standards. The standards comprise three main sections: Data Standards, Infrastructure Standards and Data Access and Management Standards.
National standards for compliance and audit of law enforcement ANPR
This document contains information on the auditing of ANPR systems, including audits of data standards, infrastructure, data access and management, and local systems.
National ANPR Technical Standards
This document prescribes the technical specifications for data within the National ANPR Service (NAS). The information within this document is intended to support compliance and consistency in the operation and management of NAS by the police and other law enforcement organisations.
Digital Asset Management System (DAMS) Standards
DAMS has been identified as a critical capability for the management and use of digital material within policing. This infographic describes the DAMS lifecycle, providing a high level explanation of the design, development and implementation stages of delivering a DAMS system. The supporting documents referred to in this document are currently going through a review and refresh.
Use the Contact Us tab at the top of the page to request further details.
Archiving of records in the public interest APP
This APP provides context for forces using the Information and Records Management Code of Practice to enable them to develop nationally consistent approach to identifying the proper regime of management and archiving for information records.
This guidance helps forces with the identification of records for long-term archiving and advises on how those records should be managed throughout their lifecycle, again securing consistency of approach.
Compliance with the Code and APP should help to increase the public’s confidence in how their information is handled.
Use the Contact Us tab at the top of the page to request further details.
Records Management Code of Practice
The Code provides high-level standards for information and records management (in the form of seven principles), as well as other supporting standards, such as personnel and organisational capabilities. It will also drive consistency in the way that forces manage their information and records.
Use the Contact Us tab at the top of the page to request further details.
Live Facial Recognition APP
Guidance for the overt deployment of live facial recognition technology to locate persons on a Watchlist. This is currently in draft format and is to be circulated to external stakeholders for consultation prior to submission to National Standards Assurance Board for publication on the platform.
Use the Contact Us tab at the top of the page to request further details.
Interoperability between Social Services / Health / Police
A project is underway to better automate the current manual data sharing for multi-agency safeguarding hubs, including the creation of data sharing agreement, data impact assessments, information assurance levels and data structures.
Procurement policy notes
This collection brings together all procurement policy notes, providing guidance on best practice for public sector procurement, to better enable policing to have a consistent approach to the purchase of digital, data and technology solutions.
Open Web Application Security Project Top Ten (OWASP)
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
Organisations adopting this document should start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is an effective first step towards changing the software development culture within an organisation into one that produces more secure code.
Forensic Science Regulator Information Legal Obligations (Issue 5)
This document was retired in June 2021.
The role of the forensic science regulator is to advise the Government and the criminal justice system on quality standards in the provision of forensic science. Recommend new requirements for new and improved standards and providing advice and guidance so that providers will be able to demonstrate compliance with common standards, in procurement and in courts
A key requirement of any standards framework in forensic science is that the output meets the requirements of the Criminal Justice System (CJS). This document sets out the view of the Regulator as to the legal landscape within which forensic scientists operate within the CJS.
There are legal obligations placed on expert witnesses as sources in the Criminal Justice System in England and Wales as Expert evidence is admissible “to furnish the court with scientific information which is likely to be outside the experience and the knowledge of a judge or jury”. This places the expert witness in a privileged position.
It is important to note that expert evidence can only be given by a person who is an expert in the relevant field. An expert witness must provide the court with objective, unbiased opinion on matters within his expertise Witnesses must act with honesty and good faith.
Command & Control (C&C) Version 0.1
This document was retired in June 2021.
The Command and Control (C&C) solution is the incident management and deployment solution for police officers responding to incidents reports by the public.
Incidents are usually graded based on severity of the incident and officers have Service Level Agreements (SLA’s) target in responding to incidents especially serious/critical incidents. SLA’s may differ from police force.
The Data types included in C&C are:
-
Action Status
-
Application Function Code
-
Application Function Title
-
Bus Info Class
-
Calendar Entry Class
-
Calendar Entry Status
-
Competency Class
-
Date Type
-
Duty Class
-
DVLA M/V Manufacturer Code
-
Event Plan Status
-
Incident Class
-
Location Status
-
Message Priority
-
Message Status
-
Message Template Type
-
Method of Reporting Origin
-
Motor Vehicle Body Type Description
-
Organisation Class
-
Person Build
-
Person skin colour
-
PNC Access Reason
-
Person Shoe Type
-
Person Nationality
-
Person Eye Colour
-
Police EQP Avail Status
-
Police Officer Rank
-
Record Data Protection Status
-
Response Grade
-
Role
-
Sex
-
Special Constable Rank
-
Traffic Warden Rank
-
User Class ID
-
Plus many more.
Sender Policy Framework (SPF)
This document was retired in June 2021.
Sender Policy Framework (SPF) lets you publish a DNS record of all the domains or IP addresses you use to send email. Receiving email services check the record and know to treat email from anywhere else as spam.
Using a Sender Policy Framework (SPF) in an organisation lets you publish a Domain Name System (DNS) record of all the domains or (Internet Protocol) IP addresses you use to send email. Receiving email services check the record and know to treat email from anywhere else as spam.
You can include more than one sending service in your SPF record. For example, your corporate email service and an email marketing service.
Your SPF record also contains a qualifier option, which lets you:
- tell recipients to ignore your record while you test it
- mark, but not reject, email from an unknown source
UKAS Guidance on the Application of ISO/IEC 17025 Dealing with Expressions of Opinions and Interpretations
This document was retired in March 2021.
Laboratories within the UK who wish to demonstrate that they operate to a quality system, are technically competent and are able to generate technically valid results must now meet the ISO/IEC 17025 requirements. This replaced the ISO/IEC Guide 25 and EN 45001, and has now become the standard that UKAS now to assess a laboratory’s competence for the purposes of accreditation instead of UKAS publication M10.
The purpose of this document is to set down United Kingdom Accreditation Service (UKAS) policy, process and guidance on assessment and accreditation of laboratories
The difference in this policy set out is that laboratories UKAS policy that laboratory accreditation to ISO/IEC 17025 can now include the expression of opinions and interpretation of test/calibration results in reports as it is considered to be an inherent part of testing. Whereas before this was not permitted.
The laboratory’s documented quality system must reflect whether it is expressing opinions and interpretations and if so, for which activities. The process of interpreting test/calibration results for the purpose of expressing opinions and interpretations must be documented.
Intelligence Management Research & Analysis APP
This document was retired in July 2021. This was replaced by the wider Intelligence Management APP
Research and analysis are very important tools used in policing for intelligence purposes to understand crime and investigate criminal activity. It is a way of processing and analysing material and information presented to support decision-making. With this comes the intelligence cycle where a sequential process is undertaken to allow the information presented to be developed into intelligence. This involves the roles of the analyst, researcher, data sources, analytical techniques used, reports etc.
This guidance document helps to explain what the intelligence cycle is, the direction, collection and collation of relevant information, evaluation and analysis of the data. It goes into detail explaining the roles highlighted above as well crime theories and approaches, terms of reference, data sources, using statistics, and analytical techniques, output reports, dissemination of output report and on-going reviews.
National Firearms License Management System (NFLMS) Version 0.1
This document was retired in June 2021.
The National Firearms Licensing Management System provides a method for managing the licensing of firearms, shotguns and explosives. It records all individuals, companies and dealers who have applied for, or have been granted, a certificate.
The dataset consists of:
-
Action
-
Addresstype
-
Alarmtype
-
Applicationstatus
-
Approvaltype
-
Calibre
-
Capacitytype
-
Certificatestatus
-
Certificatetype
-
Clubstatus
-
Colour
-
Condition
-
Constructiontype
-
Enquirytype
-
Ethnicity
-
Logeventtype
-
Manufacturer
-
Measurement
-
Nationality
-
Occupation
-
Personmarkertype
-
Sex
-
Weaponcategory
-
Weaponclass
-
Weapondisposalcode
-
Weaponstatus
-
Weapontype
Corporate Data Model (CorDM) Version 7.3
This document was retired in July 2021.
Aligned to PND Context v3.2.2. CorDM 7.3 uses the same versions of CV lists (where common) as PND Context v3.2.
Reference dataset consists of:
AbscondercirculationInstitutionType
AccomodationResourceType
AccountTransactionType
AccountType
ACPOCodeLevel4Type
ACPOCodeQualifierType
ActionSpecificationType
ActionType
ActivityPriorityType
ActivityStatusType
AdministrationAreaType
AlarmActivationAccessType
AlarmFacilityPurposeType
AlarmFacilityReasonType
BankAccountType
BloodGroupType
BodyPositionType
BuildingUnitType
CalendarEntryType
CalendarType
CalibreType
CaseFileType
CaseIssueType
CaseStatusType
CasualtyType
CellType
CheckType
ChequeType
ChildProtectionCaseStatusType
CHISRewardType
CHISMotiveType
CHISStatusType
CollectionType
ColourType
CommercialOrganisationType
CompetencyType
ComplextionType
Plus many more
Authentication and Credentials for use with HMG Online Services (Good Practice Guide No. 44) (Issue 2)
This document was retired in July 2021.
This document is good practice guidance to Her Majesty’s Government (HMG) public service providers to describing how types of credentials supports support user authentications to HMG online services.
HMG online public services can be a high target for many sources of threats and as such may pose a significant level of risk. As a result Public service providers must be aware of the credential choices of authentication levels that relate to HMG online services. There are three high-levels of authentication:
-
Authentication demonstrates that authentication requestor possesses the credential for a legitimate account.
-
Authentication provides confidence that the credentials is being used/or with explicit consent by a legitimate account holder and might support civil proceedings.
-
Authentication provides confidence that the credentials is being used/or with explicit consent by a legitimate account holder and might support criminal proceedings.
The level of assurance assigned to an authentication credential has many factors incorporated into and is considered against the threat levels associated with the Government service provider.
Some of the factors considered are the type of credential required, the on-going management of the credential by the identity Provider (IDP), the quality and extent of monitoring and reactions by the IDP, the Information Assurance (IA) maturity of the authentication provider and much more.
The CESG Information Assurance Standards and Guidance welcomes feedback. To leave feedback and review please email enquiries@cesg.gsi.gov.uk
National security Strategy & Strategic Defence & Security Review 2015
This document was retired in July 2021
National Security and economic security are dependent on each other, and if any wants to thrive, both have to thrive. The security of the nation is dependent upon a strong economy, and a strong economy is dependent upon strong security. Therefore the Defence budget is seen as critical to the government to maintain strong national security.
With the threat to the UK ever increasing, from the rise of ISIS and greater instability in the Middle East, risk of pandemics such as COVID 19, threat of Cyber attacks, the world is more dangerous and uncertain than ever before and as such investing in our security is of upmost importance.
This document sets out our National Security Strategy and how we will implement it within the UK. The UK’s priorities are to deter state-based threats, tackle terrorism, remain a world leader in cyber security and ensure we have the capability to respond rapidly to crises as they emerge. Therefore the vision can be determined as to promote a secure and prosperous United Kingdom, with global reach and influence using strategic enablers such as the Armed Forces, Security & Intelligence Agencies, Diplomatic service overseas and our Allies.
Protective Monitoring for HMG ICT Systems
This document was retired in July 2021
This Guide demonstrates how the provision of an effective framework of Protective Monitoring of HMG ICT systems is an essential contribution to the treatment of information security risks.
Protective Monitoring is a set of business processes and contains essential support technology in monitoring and provide risk treatment to how ICT systems are used and to ensure accountability to the systems. This includes facilities of audit trails, audit logs and raising alerts.
However if these processes are not implemented or monitored it would be easy for the abuse of such ICT systems, the information that it possesses by users who wish to misuse the system and information.
The confidentiality, integrity and availability of public sector ICT systems are of upmost importance. This guide shows us how important implementing an effective protective monitoring process for the treatment of information security risks. Other factors must be considered with this, such as the necessary supporting infrastructure, manpower resource, skilled expertise and IA.
The aim of this guide is to provide advice on good practise to adhering to the protective monitoring obligations, the information that needs to be recorded and audited, events generated and alerted generated in response to potential misuse and abuse of the ICT systems as well as anticipated modes of attack.
Intended readers are for all Information Assurance (IA) practitioners.
Understanding ISS4PS Volume 1
This document was retired in July 2021
The Information Systems Strategy for the Police Service (ISS4PS) is an overarching strategy for Information and Communications Technology (ICT) and Information Systems (IS) for the Police service across the whole of England and Wales.
The ISS4PS policies calls on the police service to work together to adopt common standards, products, common administrative and citizen-focused services to help improve police performance and efficiency, and to reduce costs by establishing foundations and defining governance, securing alignment and delivering joined-up services across each force.
As a result, in the coming years, the ISS4PS will become a major pillar underpinning police efforts to support Transformational Government, the creation of strategic forces, and be a key tool for the National Policing Improvement Agency.
It is important to note that the ISS4PS represents a collective view of key stakeholders ranging from the Home office, Association of Chief Police Officers (ACPO), Association of Police Authorities (APA), the various police forces and the Criminal Justice Information Technology (CJIT).
Implementing ISS4PS Volume 2
This document was retired in July 2021
The Information Systems Strategy for the Police Service (ISS4PS) version 3 is the overarching strategy for Information Systems (IS)/Information Communication Technology (ICT) in policing. ICT Architecture is the technical foundation of an effective ICT strategy. The ISS4PS focuses on technology, data and application architecture, therefore as a result this document contains technical detail describing the architecture.
The ISS4PS is designed to assist in meeting many of the goals of government imperatives, such as, the National Policing Plan. In order for the Police Service to meet the demands set out, it must view itself as an enterprise operating at a national level. It also follows the e-GIF standards and principles, recognises the diversity of IS/ICT within the Police Service, and is cognisant of Criminal Justice System (CJS) technical architectures.
The key theme that runs throughout the ISS4PS is that the Police Service will develop more commonality and become more joined-up in its approach to IS/ICT services.
Intended readers are for ICT Directors, ICT central coordinators, ICT Solution Architects, service providers and technical staff at the Home Office, Association of Chief Police Officers (ACPO), Association of Police Authorities (APA), the Forces, and Criminal Justice Information Technology (CJIT).
HMG IA Standard Number 1 & 2 Information Risk Management (Issue 4)
This document was retired in July 2021
Information Risk Management play a major role in the Police Service and in government agencies. All government departments and agencies must produce an Information Risk Management policy, as it is a fundamental aspect to Information Security Strategy as it has a huge impact on IA policies, standards and procedures. This must include:
-
Information risk appetite
-
Compliance with all legal and regulatory requirements
-
IA governance framework
-
Technical risk assessment against all ICT systems
This document serves as part of the Security Policy Framework (SPF) and supports the SPF mandatory requirements.
The aim of this standard is to provide twenty Risk Management Requirements (RMRs), which government agencies must use as the basis for Information Risk Management Policy as well as supporting the intended readers list.
Intended readers are senior Information Assurance (IA) related government posts, Senior Information Risk Owners (SIROs), Departmental Security Officers (DSOs), Information Asset Owners (IAOs), Information Risk Managers (IRM), Security & Information Risk Advisors (SIRAs), Information Assurance Analysts.
For further enquiries, or if you'd like to provide feedback, please email or fax:
Email: enquiries@cesg.gsi.gov.uk
Fax: (01242) 709193 (for UNCLASSIFIED FAXES ONLY)
Digital Imaging Procedure (Version 2.1)
This document was retired in July 2021
Digital imaging has become firmly established in the mainstream of public life and as a key enabling technology for the Police Service and Criminal Justice System (CJS) and has enormous benefit for the swift and accurate outcome of investigations.
Digital Imaging is the capture, retrieval, storage or use of evidential digital images. The aim of this document is to detail the processes involved in the proper capture and handling of digital images for police applications and to define best working practice starting from the process of the initial preparation and capture of images, through the transfer and designation of Master and Working Copies, to the presentation in court and finally the retention and disposal of exhibits.
A key part of the digital imaging process is the creation of an identifiable and isolated Master reference as this procedure enhances the integrity of proper evidential gathering processes whilst reducing the risk of malicious manipulation. It is also important to note that broader range of technologies are now available for the capture and storage of digital imagery which will be discussed in the document.
Intended readers of this document are operational, administrative and judicial staff involved throughout all stages of the Criminal Justice System (CJS) and anyone handling digital imaging.
Police Use of Digital Images
This document was retired in July 2021, replaced with the newer version covering images, video and audio (multimedia)
We live in a modern digital age society, where technological advancement is at the forefront of many initiatives and change, and as such evidential information have become ever so crucial than ever before.
With the high usage of smart phones, laptops, the Internet and social media, digital images and recordings are pivotal in police investigation. This cannot be underestimated. They are now a useful source of evidence for criminal justice purposes. Other evidences such as eye witness accounts, police statements are still highly valuable pieces of information and should neither be underestimated. Both together provide a holistic picture when investigating criminal cases.
As a result, the Police have a key role in managing, capturing, editing, processing, preparing cases, disclosing this to the Crown Prosecution service (CPS), storing, retaining and disposing of digital images carefully and according to guidelines highlighted. This document aims to offer practical guidance and advice on the role police play in digital imaging.
For more information and enquiries please see details below.
Email: soc@npia.pnn.police.uk
Telephone: 0870 241 5641
ACPO/ACPOS Information Systems Community Security Policy (Version 3.3)
This document was retired in July 2021
Information security enables the police Service to deliver their core operational duties by ensuring that information are safely secured, stored and kept confidential. This also includes ensuring accuracy of information gathered.
Information management, governance and assurance are vital functions within the police Service in ensuring that the police are able to provide protection to members of the public and ensure a proper assessment of threat, risk and harm are undertaken. This includes the gathering, processing, transfer of information as well as systems and networks and supporting processes.
ACPO/ACPOS have set out clear expectations and strategies in this document for the management and security of information that includes system interconnection security policies, force information security policies, risk management and accreditation document sets and business continuity plans.
National Policing Community Security Policy (Version 4.3)
This document was retired in July 2021.
Police information, systems and networks must be safeguarded and protected to ensure the Police Service can meet their statutory and regulatory responsibilities. The Police Service meets these responsibilities by the implementation of this Community Security Policy (CSP) which encompasses appropriate Information Assurance (IA) policies and guidance.
The Police Service also support the need for appropriate safeguards and the effective management of all information processes, and are committed to helping protect all community member information assets from identifiable threats, internal or external, deliberate or accidental.
The CSP have strategic aims that:
1. Enable the delivery of policing by providing appropriate and consistent protection for the information assets
2. Comply with statutory requirements and meet the expectations of the Police Service to manage information securely
3. enable forces, agencies and relevant organisations to understand the need to implement the IA policies identified herein, so the Police Service is able to meet its legal, statutory and regulatory requirements.
Code of Practice and Conduct - Forensic Science Regulator (Issue 3)
The Codes of Practice and Conduct for Forensic Science Investigators, providers and practitioners is about ensuring quality standards are upheld to the highest order to the codes set out in the document. This code of Practice also set out the additional requirements requirement for accreditation is provided, particularly for digital forensics, firearms classification, drugs and toxicology.
This document has been written to assist organisations with understanding and interpreting the requirements of the standards, particularly BS/EN ISO/IEC 17025.
When the provisions in the Codes are fully implemented by all forensic science providers and practitioners and are understood by all end users, the potential for a forensic science quality failure to cause a miscarriage of justice will be substantially reduced and will provide a clear indication to customers and the public of what to expect.
It is important to note that forensic science quality framework does not operate in isolation and therefore it has been recommended that all interested parties in the all forensic science space should read the appendices to the Codes (FSR-C- series) and guidance documents (FSR-G-series) relevant to their areas of expertise, and also the general guidance document on cognitive bias effects (FSR-G-217). The forensic science quality framework does not operate in isolation.
Showing 151 to 200 of 200 entries.