Search - National Standard Microsite

Guidance on how organisations should secure their technology and services to protect UK government information classified as OFFICIAL. 

The vast majority of UK government public services are conducted at the Official classification. Business operations and services include information routinely used that can have damaging consequences if lost or stolen.

Security at Official is achieved through following good commercial practices and understanding security needs and matching these requirements to the latest available technology availabilities. 

Guidance for organisations deploying a range of end user device platforms as part of a remote working solution.

Modern smartphones, laptops and tablets provide users with great flexibility and functionality, and include security technologies to help protect information and as such this security guidance document is general to all end user devices (EUD) and their deployments to help harness its security capabilities without hindering its functioning ability by ensuring device configuration are set up correctly.

This guidance is to help optimise security functions, allow for greater user responsibility to reduce security complexity, maintaining user experience, logging and audit information and enable greater interoperability of IT systems.

Intelligence is information collected and gathered for the purpose of taking action. This process is continuous and critical to effective policing operations that allow for tactical options and prioritisation. Such intelligence can sometimes be classified as confidential or sensitive.

A Code of Practice has been issued by the secretary of state to develop a national intelligence model (NIM), which sets out principles and standards for chief officer and police and crime commissioners to adhere. Ensures the results of the standards are systematic for continuous progress and also helps promote compatibility of procedures and terminology for the (NIM) as well as monitor and evaluate the promulgation of good practice.

The code of the practice came into effect in January 2005.

All public services sending emails out on behalf of government organisations must follow all protocols, processes and guidelines to ensure that they secure their email service. This includes:

• the service providing users with mailbox access

• internal relays and gateways

• email filtering services

• third party services that send email on your behalf, like transactional email services

Key configurations are needed to ensure you email services run smoothly:

• Transport Layer Security (TLS)

• DomainKeys Identified Mail (DKIM)

• Domain-based Message Authentication, Reporting & Conformance (DMARC)

• Public Domain Name System (DNS)

• Ability to make administrative changes

If there are any changes made to your email security, ensure that you communicate such changes to all staff in your organisation.

This guidance applies to all email domains that public sector organisations run on the internet. It also helps ensures that public sector organisations exchanges email securely with other public sector organisations. Protecting emails in transit makes it difficult for domains to be spoofed.

All public sector emails must be kept secure by:

• encrypting and authenticating email in transit by supporting Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC) as a minimum

• making sure the recipient protects the data you send to them

• making email security invisible to end users as far as practically possible

Encryption and authentication only work if both the sender and the recipient use them.

The Government Digital Service recommends protecting email by:

• forcing TLS when sending to .gov.uk

• forcing TLS when sending to any other domains that supports it if the local risk profile requires it

• using extra encryption services if needs be

DomainKeys Identified Mail (DKIM) verifies an email’s domain and ensures it has not been tampered with in transit. The receiving email service can then filter or reject email that fails the DKIM check. In order for DKIM to verify an emails domain it uses public key encryption to check email by creating a hash using the content of each outbound email. The sending service then encrypts the hash with its private key and adds it to the email header. This is the DKIM signature.

The receiving email service looks up the public key in the sender’s DKIM DNS (DOMAIN NAME SYSTEM) record then uses the public key to decrypt the DKIM signature on the email. It also generates a hash of the email in the same way the sending email service did. If the hash matches the decrypted DKIM signature then the email passes the DKIM check. This means the email came from where it says it came from and has not changed in transit.

An agreed and designed common data standards are used by the Criminal Justice System, ICT suppliers to support ICT communications between systems used by Criminal Justice Organisations (CJO) to support CJS operations. They are also used with open data standards as defined in the government’s Open Standards Principles. These common standards are also used to support data analytics, bidding for CJS contracts etc.

The selection of the CJS data standards is made by the CJS Data Standards Forum. This is a technical forum which has representatives from the principal CJOs.

There is a Data Standard Catalogue used to support the exchange of criminal justice information between different CJOs.

There are three different types of data standard reflected in the catalogued:

• formatting standards

• organisational structure standards

• reference data standard

The Data Standard catalogue is constantly reviewed by the Data Standards Forum to ensure a set of standards is produced that is as small as possible while still being fit for purpose. 

The End User Device (EUD) Security Principles sets out 12 core guidance principles that underpin the safety and security of using devices that serve the purpose of working remotely. The twelve principles are as follows: 

1. Data-in-transit Protection: Data should be protected as it transits from the EUD to any services the EUD uses. 

2. Data-at-rest Protection: Data stored on the device should be satisfactorily encrypted when the device is in its “rest” state. 

3. Authentication:

- User to device: the user is only granted access to the device after successfully authenticating to the device.

- User to service: The user is only able to access enterprise services after successfully authenticating to the service, via their device.

- Device to service: Only devices which can authenticate to the enterprise are granted access.

4. Secure Boot: An unauthorised entity should not be able to modify the boot process of a device, and any attempt to do so should be detected.

5. Platform Integrity and Application Sandboxing: The device can continue to operate securely despite potential compromise of an application or component within the platform, 

6. Application allow Listing: The enterprise can define which applications are able to execute on the device, and these policies are robustly enforced on the device.

7. Malicious code detection and prevention: The device can detect, isolate and defeat malicious code which is present on the device.

8. Security policy enforcement: Security policies set by your organisation are robustly implemented across the platform.

9. External interface protection: The device is able to constrain the set of ports (physical and logical) and services exposed to untrusted networks and devices. 

10. Device Update Policy: You are able to issue security updates and can remotely validate the patch level of your entire device estate.

11. Event Collection for Enterprise Analysis: The device reports security-critical events to your audit and monitoring service. 

12. Incident Response: Your organisation has a plan in place to respond to and understand the impact of security incidents.

All of these principles must be considered when securing and deploying devices.

The End User Device (EUD) Security Principles sets out 12 core guidance principles that underpin the safety and security of using devices that serve the purpose of working remotely. The twelve principles are as follows:

1. Data-in-transit Protection

2. Data-at-rest Protection

3. Authentication

4. Secure Boot

5. Platform Integrity and Application Sandboxing

6. Application allow Listing

7. Malicious Code Detection and Prevention

8. Security policy Enforcement

9. External Interface Protection

10. Device Update Policy

11. Event Collection for Enterprise Analysis

12. Incident Response

All of these principles must be considered when securing and deploying devices.

Statutory auditors should adhere to the highest ethical standards and should be subject to professional ethics. This Directive aims at high-level to bring about harmonisation of statutory audit requirements as a result of lack of a harmonised approach to statutory auditing in the Community. This was the reason why the Commission proposed, in its 1998 Communication on the statutory audit in the European Union that a creation of a Committee on Auditing which could develop further action in close cooperation with the accounting profession and Member States be established.

The output/recommendation from the committee setup was a Recommendation was a set of Fundamental auditing Principles. The statutory audit requires adequate knowledge of matters such as company law, fiscal law and social law for Audit qualifications obtained by statutory auditors. In order to protect third parties, all approved auditors and audit firms should be entered in a register which is accessible to the public and which contains basic information concerning statutory auditors and audit firms. 


It is important to note that good audit quality contributes to the orderly functioning of markets by enhancing the integrity and efficiency of financial statements. 


Digital CCTV installations vary greatly in terms of the recording methods as a result of varying solutions with different capabilities and functionality which are used to capture picture and video evidence with export facilities provided.

This document provides guidance on the retrieval of video from any digital CCTV system in its native file format and the methods for the production of working copies in non-native file formats, where this is necessary to facilitate further processing or replay in court.

The document contains a flowchart to help the user select the most appropriate retrieval method to use for any given CCTV system. Explanatory notes are also provided for each option and guidance

given for assessing the practicality and suitability of each technique to ensure that the right retrieval method is selected to uphold evidential integrity.

The guidance also covers the production of working copies, specifically where this involves a conversion between video formats.

Options have also been presented for final storage of the working copy. Information is given as to the suitability of each conversion technique and storage medium, so that appropriate choices can be made to best minimise the potential degradation in image quality.

A checklist of actions is provided when retrieving data to ensure that all relevant information is captured and evidential integrity is maintained.

The National Intelligence Model (NIM) is a well-established model within the policing world that was established in 2000 by the National Criminal Intelligence service (NCIS) and adopted by Association of Chief Police Officers (ACPO) to help to mange the use of setting strategic direction, making prioritised resourcing decisions, intelligently allocating resources in the most efficient manner, developing and outlining tactical plans, coordinating activities and managing associated risks.

NIM has three levels which it operates on:

• Level 1 – Local/Basic Command Unit (BCU)

• Level 2 – Force and/or regional

• Level 3 – Serious and organised crime that is usually national or international

NIM doesn’t just only help to serve crime and intelligence decision-making but is expansive in its dynamics and touches on the general policing business and decision-making. It also serves as a standardised approach for gathering, co coordinating and disseminating intelligence, which can be integrated across all forces and law enforcement agencies.

NIM allows for greater consistency of policing across the UK, operational strategies to focus on key priorities, ensures more officers are focused on solving priority problems and targeting the most active offender, achieves greater compliance with human rights legislation, improves direction and briefing of patrols, helps to reduce rates of persistent offenders through targeting the most prolific and helps to improves integration with partner agencies.

The use of Body worn video (BWV) includes video and microphone both audio and visual recording. The recording can also be stored and exported.

BWV has become extremely in the video surveillance sector and within the Police Force, as officers are able to use BWV and capture key important evidence whilst on operational duty. However have been some issues around privacy, data security technical capabilities.

To ensure that BWV, is used for its intended purpose this standard has been written to provide operational and technical guidance to help strike a balance between safety and the privacy of the individuals being recorded and foster public trust in where and when BWV can be used.

Some of the activities in which BWV can be used are in emergency responses, night-time economy operations/events, security guarding, parking enforcement, door supervision.

Intended readers are Police officers, security companies, entertainment venues, local authorities.

Fees to accessing the standard may apply.

Intelligence is information (raw data) worked, evaluated in context to its source and reliability to create added value and meaning to its user (Information + Evaluation = Intelligence).

Analysis is about tracing their source to discover the general principles behind the information and ascertaining parts. Therefore we can say that intelligence analysis is about collecting and utilising information, evaluating it to process it into intelligence, and then analysing that intelligence to produce products to support informed decision-making. 

Analysis goes beyond the facts asking questions such as: 

• What exactly is the problem?

• What is it a problem?

• What information do we already possess that is relevant to the problem?

• Where is the information held?

• How can we obtain it?

• What meaning can we extract from the information?

• Are we ready to take action with the information received?

The process of applying these questions, evaluating the answers, choosing the response and outputs/actions is the process and essence of what analysis is about. Analysis is going beyond the facts and digging deeper.

Therefore criminal intelligence analysis is the in-depth analysis of criminal activity, criminal information and the criminals. This also includes the retrieval and storage of digital/online content. The use of Information Technology has become ever so critical in the modern age.

The role of the forensic science regulator is to advise the Government and the criminal justice system on quality standards in the provision of forensic science. Recommend new requirements for new and improved standards and providing advice and guidance so that providers will be able to demonstrate compliance with common standards, in procurement and in courts 


A key requirement of any standards framework in forensic science is that the output meets the requirements of the Criminal Justice System (CJS). 
 This document sets out the view of the Regulator as to the legal landscape within which forensic scientists operate within the CJS. 


There are legal obligations placed on expert witnesses as sources in the Criminal Justice System in England and Wales as Expert evidence is admissible “to furnish the court with scientific information which is likely to be outside the experience and the knowledge of a judge or jury”. This places the expert witness in a privileged position.

It is important to note that expert evidence can only be given by a person who is an expert in the relevant field. An expert witness must provide the court with objective, unbiased opinion on 
matters within his expertise 
Witnesses must act with honesty and good faith. 


Police engagement and communication is key to the success of community policing and having an effective presence in the area the police serves in. Developing and maintaining healthy and positive relationships with community leaders and the wider public is crucial for establishing engagement. Without this being able to prevent, detect or investigate and solve crime may become much more difficult, as well as bringing offenders to justice. It will reduce confidence and public image in the Police service as service to the public may become unworkable. There it is important that both the public and Police service both cooperate and be in intentional about developing strong relations.

It is important to the local police that communities have confidence and trust in the Police Service in order for the Police to carry out their duties effectively and to keep communities safe. Both parties play an essential role in the world of policing.

This document sets out the principles of engagement and communication, including public relations.

Asset Disposal & Information Security Alliance (ADISA) is an organisation designed to improve risk management and data protection within business processes for IT asset retirement and disposal.

The ADISA ICT Asset Recovery Standard 7.0 is an updated version released in January 2020 from its first launch from its first launch in 2010. It better aligns to the updates and amendments of the Data Protection legislation including but not limited to the EU General Data Protection Regulation, the UK Data Protection Act and the Californian Consumer Privacy Act 2018.

This area covers asset management and data sanitisation. The ADISA ICT Asset Recovery Standard was developed to identify risk which might exist within this process and to then assess countermeasures which are in place to mitigate that risk.

 The objective of the ADISA Asset Recovery Standard is to ensure that every data bearing asset is managed throughout the process and that any resident data is sanitised in accordance with the client’s requirements or to industry best practice levels, to promote the re-use of assets through risk management and to help organisations comply with Data Protection Laws.

These are achieved by creating a physical environment within the ITAD process which offers equivalent levels of security to those in place when the asset is in its live environment, testing the abilities of the service provider to create and then maintain the chain of custody throughout the process, ensuring the process is consistent and repeatable, assessing current data sanitisation processes on ALL media types.

The Standard is presented in 10 Modules each covering different aspects in asset recovery and contain mandatory requirements.

There are current plans for version 8 of this document.

European Pool against Organised Crime (EPOC IV) was introduced in 2004 as the Eurojust Case Management System.  It facilitates the secure storage of case-related personal data, the exchange of information amongst National Members and the analysis of that data.

EPOC also provides a set of tools to facilitate interoperability of national systems and can be used as a component to support international cooperation in national systems.   

Reference Dataset consists of:

• Currency Class

• EU EPOC Country (Bulgarian)

• EU EPOC Country (English)

• EU EPOC Country (French)

• EU EPOC Country (Lithuanian)

• EU EPOC Country (Slovene)

• EU EPOC Crime Type (Bulgarian)

• EU EPOC Crime Type (English)

• EU EPOC Crime Type (French)

• EU EPOC Crime Type (Lithuanian)

• EU EPOC Crime Type (Slovene)

• EU EPOC Currency Type (English)

• EU EPOC Currency Type (Lithuanian)

• EU EPOC Drug Code (English and Other Languages) L1 (English)

• EU EPOC Drug Code (English and Other Languages) L2 (Other Languages)

• EU EPOC Drug Code (Lithuanian)

• Home Office Drug Codes L2 (Description)

• ISO 3166-1 Country Codes 2 Char

An investigation is undertaken when a crime has been reported and a police officer investigates the circumstance following all lines of enquiry of the situation to determine if a crime has been conducted and where a person/s should be charged with an offence, or if the person who offended is guilty.

Under the Home Office counting rules, when members of the public are making a complaint, victims should be believed for the matter of recording a crime unless it's clear that the incident did not happen. An investigators duty is to gather and test all material presented including witness accounts/statements and use technical and scientific expertise to maximise evidential opportunity.

The following outcomes may be that the suspect is prosecuted in court, receives an out of court disposal, community resolution or charges dropped. A lot of the times investigators may not find enough evidential material to make a charging decision either as a result of lack of evidence or not enough lines of enquiry to pursue. However the investigation outcome must still be recorded accurately for intelligence purposes and especially for future use, as this will help police identify crime hotspots and help reduce crime rates.  

The Police and Criminal Evidence Act 1984 (PACE) and the associated Codes of Practice set out the legislation and standards for dealing with people who come into contact with the police. Whilst members of the public are detained in custody, officers and staff should treat them in a way that is dignified and takes account of their human rights and individual needs. The Police force are only allowed to use force within a custody suite which is deemed necessary, proportionate and lawful and must be recorded by officers who have undergone appropriate and adequate training.

The PACE covers the following:

• police use of force

• lawful arrest

• searches

• designation of a police station

• police resources

When an officer makes an arrest, they are personally responsible for the risk assessment and welfare of the detained person. This responsibility continues until the suspect is handed over to the custody officer for a decision regarding detention. For a member of the public to be detained at a police station the following must be addressed and considered by the Custody officer:

• the grounds for detention

• whether to grant bail

• whether to authorise or refuse detention

It is possible for an individual arrested not to be detained if the custody officer believes that there are insufficient grounds for detention. The reasons must be and the detainee must be released.