The police service within the UK has to comply with information security requirements from various sources. Some of these are legislative and others are mandated by the Cabinet Office onto central government and public sector organisations.
There are also security requirements that must be met to allow interconnection to certain wide area networks. There are other standards which on their own are not mandatory, but which support the higher level policy requirements placed upon police forces. The list here does not include legislative aspects which apply to all organisations in the UK, such as the Data Protection Act, or broad legislation that applies to public sector organisations such as the Freedom of Information Act).
On this page you will find details and links to various documents that set out what the police have to adhere to, and some supporting documents that describe how compliance can be achieved.
Please note that this list is not exhaustive, nor will every standard be required in every circumstance. Adhering to these documents does not, by itself, guarantee that a solution will meet police security requirements. All systems introduced into police service must be accredited, and the Accreditor is responsible for ensuring the technical and procedural controls address the risks commensurate with the risk appetite of the organisation. In addition, systems processing very sensitive information may have requirements in excess of those contained in these documents.
The ACPO Community Security Policy (referenced below) sets out the following sources of Information Security Policy and Guidance. These are:
Police and Crime Commissioners have today approved a proposal to establish a national Police ICT Company for the first time in a move that could ultimately save police forces a sum estimated to be up to £465m a year.
The Company, … Read More