Police Digital Service has achieved accreditation against ISO 27001 – the international standard on information security management – as independently assured by an external accreditation body. This is a globally recognised benchmark of good practice and covers all organisational, physical and technical controls involved in an organisation’s information risk management processes.
PDS adopted the ISO Standard, to govern its information and cyber security, due to the strong pedigree and operational effectiveness of the Standard. A key requirement of the Standard is to maintain continuous improvement in information security management. To this end PDS recently completed its first annual surveillance audit and is committed to maintaining a secure framework of controls embracing both people and technology in the company’s future. This involves defining, maintaining and delivering a programme of improvements to build on the solid foundation achieved by PDS, support by our suppliers and partners.
PDS’s commitment to information security embraces the National Policing Digital Strategy key enabler of ‘Risk and Security’ to achieve priorities including enabling officers and addressing harm.
The accreditation noted the following positives:
- PDS’s Information Security Management System is well-maintained with suitable leadership and operational procedures in place.
- Information Security risks are well-managed and understood.
- People controls including training, awareness, pre-employment vetting and Acceptable Use Policy contribute to secure behaviours in the organisation.
- The adoption of the NEP Secure Design Blueprint to configure company cloud services provides a strong baseline for technical security controls.
- The importance of incident management and learning from incidents is well-understood and supported by operational processes.
PDS will display the BSI Mark of Trust to demonstrate our commitment to excellence in relation to information security.