Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
DomainKeys Identified Mail (DKIM)
DomainKeys Identified Mail (DKIM) verifies an email’s domain and ensures it has not been tampered with in transit. The receiving email service can then filter or reject email that fails the DKIM check. In order for DKIM to verify an emails domain it uses public key encryption to check email by creating a hash using the content of each outbound email. The sending service then encrypts the hash with its private key and adds it to the email header. This is the DKIM signature.
The receiving email service looks up the public key in the sender’s DKIM DNS (DOMAIN NAME SYSTEM) record then uses the public key to decrypt the DKIM signature on the email. It also generates a hash of the email in the same way the sending email service did. If the hash matches the decrypted DKIM signature then the email passes the DKIM check. This means the email came from where it says it came from and has not changed in transit.
Criminal Justice System: Data Standards Forum Guidance
An agreed and designed common data standards are used by the Criminal Justice System, ICT suppliers to support ICT communications between systems used by Criminal Justice Organisations (CJO) to support CJS operations. They are also used with open data standards as defined in the government’s Open Standards Principles. These common standards are also used to support data analytics, bidding for CJS contracts etc.
The selection of the CJS data standards is made by the CJS Data Standards Forum. This is a technical forum which has representatives from the principal CJOs.
There is a Data Standard Catalogue used to support the exchange of criminal justice information between different CJOs.
There are three different types of data standard reflected in the catalogued:
-
formatting standards
-
organisational structure standards
-
reference data standard
The Data Standard catalogue is constantly reviewed by the Data Standards Forum to ensure a set of standards is produced that is as small as possible while still being fit for purpose.
End User Device (EUD) Security Principles (Version 1.0)
The End User Device (EUD) Security Principles sets out 12 core guidance principles that underpin the safety and security of using devices that serve the purpose of working remotely. The twelve principles are as follows:
1. Data-in-transit Protection: Data should be protected as it transits from the EUD to any services the EUD uses.
2. Data-at-rest Protection: Data stored on the device should be satisfactorily encrypted when the device is in its “rest” state.
3. Authentication:
- User to device: the user is only granted access to the device after successfully authenticating to the device.
- User to service: The user is only able to access enterprise services after successfully authenticating to the service, via their device.
- Device to service: Only devices which can authenticate to the enterprise are granted access.
4. Secure Boot: An unauthorised entity should not be able to modify the boot process of a device, and any attempt to do so should be detected.
5. Platform Integrity and Application Sandboxing: The device can continue to operate securely despite potential compromise of an application or component within the platform,
6. Application allow Listing: The enterprise can define which applications are able to execute on the device, and these policies are robustly enforced on the device.
7. Malicious code detection and prevention: The device can detect, isolate and defeat malicious code which is present on the device.
8. Security policy enforcement: Security policies set by your organisation are robustly implemented across the platform.
9. External interface protection: The device is able to constrain the set of ports (physical and logical) and services exposed to untrusted networks and devices.
10. Device Update Policy: You are able to issue security updates and can remotely validate the patch level of your entire device estate.
11. Event Collection for Enterprise Analysis: The device reports security-critical events to your audit and monitoring service.
12. Incident Response: Your organisation has a plan in place to respond to and understand the impact of security incidents.
All of these principles must be considered when securing and deploying devices.
End User Device (EUD) Security Guidance
The End User Device (EUD) Security Principles sets out 12 core guidance principles that underpin the safety and security of using devices that serve the purpose of working remotely. The twelve principles are as follows:
-
Data-in-transit Protection
-
Data-at-rest Protection
-
Authentication
-
Secure Boot
-
Platform Integrity and Application Sandboxing
-
Application allow Listing
-
Malicious Code Detection and Prevention
-
Security policy Enforcement
-
External Interface Protection
-
Device Update Policy
-
Event Collection for Enterprise Analysis
-
Incident Response
All of these principles must be considered when securing and deploying devices.
Auditing Principles - Directive 2006/43/EC of the European Parliament and of the Council
Statutory auditors should adhere to the highest ethical standards and should be subject to professional ethics. This Directive aims at high-level to bring about harmonisation of statutory audit requirements as a result of lack of a harmonised approach to statutory auditing in the Community. This was the reason why the Commission proposed, in its 1998 Communication on the statutory audit in the European Union that a creation of a Committee on Auditing which could develop further action in close cooperation with the accounting profession and Member States be established.
The output/recommendation from the committee setup was a Recommendation was a set of Fundamental auditing Principles. The statutory audit requires adequate knowledge of matters such as company law, fiscal law and social law for Audit qualifications obtained by statutory auditors. In order to protect third parties, all approved auditors and audit firms should be entered in a register which is accessible to the public and which contains basic information concerning statutory auditors and audit firms.
It is important to note that good audit quality contributes to the orderly functioning of markets by enhancing the integrity and efficiency of financial statements.
Showing 86 to 90 of 204 entries.