Police Forces/PSNP ITHCs

Case Study

Police forces are entrusted with huge amounts of personal and other sensitive data which must be stored and processed in accordance with information security and legislative requirements.

The Challenge

The National Policing Digital Strategy (2020-2030) clearly lays out the challenges faced by UK policing: ‘We need to respond to more complex criminality, requiring more specialist skills, with an accelerating demand from cyber-crime, set against an enduring challenge around efficiency, effectiveness and funding.’

Police forces are entrusted with huge amounts of personal and other sensitive data which must be stored and processed in accordance with information security and legislative requirements. With the increased adoption of digital technology, the sector is seeing a rapid shift to cloud-based services for better citizen engagement, secure hosting, and collaboration. However, traditional technical infrastructure still exists which typically spans wide geographic areas with multiple physical locations such as police stations and kiosks. Policing also has critical systems such as 999 control rooms and national systems supporting operational capability.

There are also compliance requirements from GDPR for protecting personal data to the recently introduced Security Assessment for Policing (SyAP) managed by Police Digital Services.

The common theme for all the above is a need to manage information security risks in a manner that allows policing to deliver its objectives efficiently whilst defending against emerging cyber threats.

The Solution

Aristi has a long history of working with UK emergency services. In 2013, we won the SC Magazine Information Security Project of the Year (Europe) for our work with the South West Fire & Rescue Services. More recently, we acted as independent information assurance advisors to the National Enabling Programmes (NEP) for the development of blueprints for Microsoft 365 collaboration tools which were rolled out across UK police forces during the pandemic. We continue to support national systems as well as individual police forces, providing cyber advice and guidance and risk management.

Aristi is a National Cyber Security Centre (NCSC) approved CHECK penetration test company and we have been testing Police systems since 2016. Our testers hold NPPV3 and security clearances and are familiar with the technologies that constitute a modern Police force IT environment including the nuances and complexities that come with conducting an assessment in a live operational environment.

Large-area and complex networks are assessed in a manner appropriate to the force, which may include testing of representative systems or sample testing if required, in order to ensure that an accurate and detailed picture of the security posture of the force is obtained and reported. We have proven experience in assessing networks of differing security classifications including ensuring that PSNP specific testing requirements are met where appropriate, as well as reviewing system build configurations against national build standards e.g., the NEP blueprints.

We work with forces to ensure that testing of critical infrastructure is handled in a manner that does not impact live services. This could for example include limiting concurrent testing of systems or by structuring the testing activities so that services can be flexibly maintained during the assessment.

The Outcome

We continue to build long term partnerships with our Police clients who trust us to deliver high quality assessments tailored to specific needs. Our experience of policing systems combined with testing expertise provides a unique blend of service that is contextualised and collaborative. From initial engagement and scoping to the delivery of the test report, we work closely with our police clients to ensure they get best value and achieve the outcomes they set out to achieve, whether that be compliance with national standards or gauging the security posture for system assurance.

Our success in delivering cyber services to policing is evidenced by the amount of positive feedback we receive.

Testimonials

“One of the easiest PSNP ITHC’s I’ve conducted thanks to the professionalism and expertise of your colleagues, makes it all the better for everyone when time isn’t wasted trying to collate information during the onsite engagement so thanks to them all. Really pleased.”

Programme Coordinator

“Just wanted to reach out and say a big that you to Rob and the Team for their exceptional level of service. Not only did they deliver the entire scope, but they also worked alongside our IT Teams to overcome technical configuration issues.”

Information Security Manager

“I’ve worked on a few Aristi PSNP ITHC’s now and just to let you know we’ve found this report, as ever, very thorough and useful. Great work by your team.”

IT Project Manager

Procurement Frameworks

Aristi understand the challenges of procurement in Policing and as such we are delighted to offer several ways for which your projects can coordinate with our team and your procurement teams to ensure a swift and easy procurement process. Aristi are on:

·       PDS Testing Framework (easy route to market to direct award or provide comparison quotes developed by Police Digital Services)

·       Crown Commercials Services 3 (a reliable and well-known procurement framework)

·       Fortrus Framework (a great route to market with a very efficient and seamless quoting and ordering process)

Aristi also have other ways for Police forces to be able to procure from us if the above do not suit your procurement team so please get in touch through our website form.

Telephone
0121 222 5630
E-mail
info@aristi.co.uk

Got an enquiry? Please don't hesitate to contact us.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Our Services

Cyber Security

We support public and private sector organisations to reduce their cyber exposure.

To find out more, click the read more button below. Or, alternatively please get in touch.

Our Services

Managed Security

We can manage your cyber security and data protection for you.

To find out more, click the read more button below. Or, alternatively please get in touch.

Our Services

Training

We provide training courses for key roles and general user security awareness.

To find out more, click the read more button below. Or, alternatively please get in touch.