to add a new content
Resource
ISO/IEC 27002:2013 IT Security techniques - Code of Practice for Information Security Controls

This document informs the implementation of controls within an information security management system based on ISO 27001.

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

This International Standard is designed for organisations to use as a reference for selecting controls within the process of implementing an Information Security Management System (ISMS) based on ISO/IEC 27001. It can also be used as guidance for implementing commonly accepted information security controls.

All types of organisations including public and private sector, commercial and non-profit organisations collect collect, process, store and transmit information in many forms including electronic, physical and verbal and therefore the value of information goes beyond the written words, numbers and images. Knowledge can also be intangible such as concepts, ideas, knowledge, brands, reputation – these are all forms of intangible information. As a result vital information can be very valuable to an organisation’s and as such deserves and require protection against various hazards.

Therefore it is essential that an organisation identify its security requirements by 1. Assessing risk 2. Observing all statutory, regulatory and contractual requirements that an organisation has to satisfy 3. Setting principles, objectives and business requirements for information handling, processing, storing, communicating and archiving that an organisation has developed to support its operations.

Published 01/01/2013
Authoring body: International Organisation for Standardisation (ISO)
Standards
Resource
Security Policy Framework for HMG Organisations

This Framework describes the Cabinet Secretary and Official Committee on Security expectations of how HMG organisations and third parties handling HMG information and other assets will apply protective security to ensure HMG can function effectively, efficiently and securely.

The Security Policy Framework should be applied across Her Majesty’s Government and assets that are held by third parties in the wider public sector and by our commercial partners and personal responsibility and accountability should be undertaken to uphold the policy as attitudes and behaviours are key for exercising good security.

It is important to note that proper management, risk management, good governance and judgment and discretion remain the most form of effective security protection. 

Published 01/01/2018
Authoring body: Government Digital Service (GDS)
Policy
Resource
Facing the Camera - Guidance on police use of overt CCTV and facial recognition to locate persons on a watchlist in public

This code of practice issued by the Secretary of State (regulated by the Surveillance Camera Commissioner) under the Protection of Freedoms Act 2012 (PoFA) covers police forces in England & Wales. Chief officers must have regard to this code when using facial recognition algorithms as part of the operation of surveillance camera systems, or the use or processing of images or other information obtained.

The code only applies to the use of facial recognition technology and processing of images from surveillance cameras operated in 'live time' or 'near real time' operational scenarios.

The code includes considerations into:

  • Applicability
  • Biometrics
  • Ethics
  • Human Rights
  • Legal frameworks
  • Police policy documents
  • Governance
  • Evidence handling
  • Public engagement
  • Accountability and certification

Also included as an attachment is the National Surveillance Camera Strategy for context.

Published 01/11/2020
Authoring body: Surveillance Camera Commissioner (SCC)
Principles
Resource
Create and iterate an SPF record for email authentication

This document provides guidance on how to create and iterate a Sender Policy Framework record, which is a system of email authentication.

SPF works by providing domain owners a way to publish a list of the IP addresses which should be trusted for a given domain. A receiving email service can then check that a sending email service has an IP address which appears in the sender's published list.

If the IP address appears in the list of acceptable IPs, the receiving email service will forward the email to the recipient's inbox. If the receiving email service cannot confirm the IP address is valid, then it marks the email in accordance with the DMARC policy you have implemented on the domain the email is being sent from.

Published 02/07/2021
Authoring body: National Cyber Security Centre (NCSC)
Guidance
Resource
Criminal Justice System Exchange Data Standards Catalogue (Version 6)

The CJS Data Standards Catalogue is a collection of data standards used by Criminal Justice Organisations in England & Wales to support interoperability between their different ICT systems.

If you are a member of a Criminal Justice Organisation and work in the area of data standards then you too can help to shape that change. If you have any questions then please raise them with the Forum representative for your organisation by visiting https://www.gov.uk/guidance/criminal-justice-system-data-standards-forum-guidance

Published 01/01/2020
Authoring body: Criminal Justice System (CJS) Exchange Product Board
Reference Data / Templates
5 Entries Per Page

Showing 126 to 130 of 204 entries.