Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
Cybersecurity Framework NIST (Version 1.1)
National Institute of Standards and Technology (NIST), covers a wide range of topics including Bioscience, Chemistry, Advanced Communications, Cybersecurity, Energy, Materials, Nanotechnology, Neutron research, Physics, Health, Infrastructure, Public Safety, Standards, Transportation and many more.
NIST also cover a wide range of publications, laboratories and programs, Research projects, Services and Resources Software, Data, Computer Security Resource Center, and News and Events.
Under Cybersecurity, there is a framework developed to help organisations to better understand and improve their management of cybersecurity risk.
The Cybersecurity framework consists of standards, guidance, and best practices.
It stages of the framework:
-
Identify
-
Protect
-
Detect
-
Respond
-
Recover
The cyber security framework help organisations prioritise, become flexible and cost-effective in promoting and dealing with protection and resilience of critical infrastructure and other parts critical to the national security and economy.
For further information and/or questions about the Cybersecurity Framework please contact: cyberframework@nist.gov
Technology Code of Practice
The Technology Code of Practice is a set of criteria to help government design, build and buy technology. Technology Code of Practice should be used for all technology projects and programmes and should be aligned to the mandatory code and as much as possible align the organisation’s technology and business strategies to the Technology Code of Practice.
Following the Technology Code of Practice will help introduce or update technology so that it:
-
meets user needs, based on research with your users
-
is easier to share across government
-
is easy to maintain
-
scales for future use
-
is less dependent on single third-party suppliers
-
provides better value for money
-
makes use of open standards
Organisations must consider all points of the Technology Code of Practice as part of the Cabinet Office spend control process as it’s used as a cross-government agreed standard in the spend controls process. Where legacy technology limits your ability to adhere to the standard, you must explain this to the GDS Standards Assurance team.
Defence Industry Security Notices
Industry Security Notices (ISNs)
A Industry Security Notice (ISN) is an official document that tells people in industry about important instructions, guidance or other information relating to security.
Information from Ministry of Defence, that provides updates.
-
‘ISN 2014/04 Farnborough International Air Show 2014: exhibition clearances’ has been removed
-
‘ISN 2014/01: Government Security Classification Scheme’ updated April 2014
-
‘ISN 2011/05 Defence & Security Equipment International (DSEi) 2011: exhibition clearances’ has been removed
-
‘ISN 2011/02: incident report’ has been superseded by ‘2011/07: incident reporting’
-
‘ISN 2011/03: Nato personnel security clearances’ has been superseded by ‘2014/03: Procedure for UK contractors to obtain Nato personnel security clearances’
Recruitment Guidance - Candidate Management
Ensuring that the right candidates are selected for policing roles is essential. Employing the right selection process is essential to make the most efficient use of money, time and resources and can have the following benefits:
-
Reduce the probability of selecting individuals who will not perform at their jobs effectively.
-
Better value at the national Assessment process
-
Minimises disproportionality in outcomes for underrepresented groups
-
Maximise candidates potential by supporting, them and ensuring a positive candidate experience.
It is known that not all forces handle their recruitment process in the same way in the early process and therefore causes discrepancies in the way people are recruited in the police force. A sifting solution is being undertaken that aims to help effectively mange candidates. Whilst this is still on-going, this document aims to help police forces consider some key principles for an effective end-to-end recruitment process.
Each area should be considered:
-
Recruitment strategy
-
Attraction campaign and positive action
-
Registration
-
Force selection
-
National Assessment Process
-
Post-assessment process activity
-
Appointment
Monitoring of each area and collaborating with other learning providers are critical to the improvement, maximisation and best practise of the selection process.
Secure Sanitisation of Storage Media (Version 1.0)
Data sanitisation is a key aspect to any organisations dealing with data storage media and who want to ensure that unauthorised parties do not gain access to their data.
Data sanitisation has to do with the safe removal, treatments and disposal of sensitive information from storage media devices to guarantee that retrieval and reconstruction of data is not possible or may be very difficult to reproduce as some forms of sanitisation will allow you to re-use the media, while others are destructive in nature and render the media unusable.
There could be many reasons why an organisation may want to sanitise its data:
-
Re-use purposes – new user device allocation, re-purpose or resell device.
-
Repair purposes - return or repair faulty device
-
Disposal purposes – dispose of device
-
Destruction purposes – destroy information held on device or the device itself.
There are risks associated with improper sanitisation as key data may still remain on the device, such as:
-
Sensitive data may end up with the wrong people who can expose the sensitive data
-
Loss of control over information assets
-
Private or personal data could be leaked and used to commit fraud or identity theft.
-
Intellectual property could be used leading to reputational loss
Whilst this may not be entirely a sanitisation issue, it is part of it and one way to combat these risks is using encryption.
Showing 76 to 80 of 204 entries.