Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
All users of Dyfed-Powys Police ICT systems and information have a responsibility to ensure that both the information and information systems are reliable, secure and private. Our community and partners are entitled to expect that our ICT systems and the information held by them are secure. This policy supports the organisations values and behaviours, in particular acting with honesty and integrity, professionalism and taking personal responsibility.
This policy supports the Force Information Security Policy and aims to protect the integrity and security of information received and stored by Dyfed-Powys Police (DPP), it’s information technology systems and and all forms of electronic communications in order to maintain and protect the Force’s reputation, confidence of the public and support operational policing.
We must be able to demonstrate that our information is protected from both intentional and unintentional misuse. This is necessary to maintain the confidence and trust of our community and partners and to be compliant with relevant legislation and conditions of use (e.g. Codes of Practice or Codes of Connections).
The objectives of the Force Acceptable Use Policy are to:
The use of Force information or information systems by authorised personnel is permitted for policing purposes and where such activity supports the goals and objectives of the Force.
With the introduction of M365 comes the use of new products and apps. Users must read and accept statements that inform them of the procedures and constraints for the safe and appropriate use of the products when prompted to do so on accessing these platforms. These statements aim to prevent violations of the terms of usage and applicable laws when using them for Force business and/or while using devices owned by the Force.
The Acceptable Use Standard which supports this policy, provides clear guidance around what constitutes Law Enforcement Purposes and adds clarity and understanding about what is and what is not acceptable use of Force systems such as, but not limited to Niche, PNC, STORM, Crime Management, etc.
The policy applies (but not limited) to: All categories of Dyfed-Powys Police employees, whether full-time, part-time, permanent, fixed term, temporary (including agency staff, associates and contractors) or seconded staff. Any employee accessing and using Force assets and property must have due regard to the contents of this policy.
Under the College of Policing Authorised Professional Practice (APP) – Information Management, the Force Information Security Officer (ISO) is responsible for the development and implementation of information security policies and procedures within the Force in accordance with:
Compliance with this policy, associated procedures, guidance and standards provides assurance to partner agencies, third parties and the wider community that risks to Force information are being managed to a level acceptable to the wider policing and security community.
Failure to comply with this policy may lead to a breach in system or information security and may lead to disciplinary action.
Any suggestion that an individual is in breach of the standards required is thoroughly investigated and they may be liable to disciplinary action. Criminal and/or disciplinary action is taken against any user who wilfully misuses ICT systems made accessible to them by Dyfed-Powys Police.
Chief Officers, Local Policing Area Commanders, Directors and Heads of Departments are responsible for implementing the policy within their areas, and for adherence by their staff.
The Chief Officer lead for this policy and associated standard, is the Deputy Chief Constable (DCC) who is the Force Senior Information Risk Owner (SIRO).
All users must comply with this Acceptable Use policy as well as the Acceptable Use Standard and any other related policies, standards, procedures and individual system Security Operating Procedures (SyOPs).
Users must follow the College of Policing Code of Ethics at all times.
The Force complies with the following legislation and all other legislation as appropriate, including, but not limited to:
Related policies, standards, procedures, practices, including, but not limited to:
This policy applies to ALL users who access Dyfed-Powys Police information using any Dyfed-Powys Police ICT system or device belonging to or leased by Dyfed-Powys Police. It is to be read in conjunction with the Force Information Security Policy and Standards, and Acceptable Use Standard.
This policy is owned by the Information Management Business Area. The review process will be conducted by the Information Security Officer (ISO), on a bi-ennial basis to ensure the continued effectiveness of the Policy and taking into account any changes to legislation, national guidance etc.
The effectiveness of the Policy will be monitored on a regular basis over and above the two-year review period and any major concerns escalated as appropriate.
This policy is subject to audit by the Force’s internal or external auditors.
The SIRO and Information Assurance Board are kept informed of the information security status of the Force by means of regular reports and meetings.
Compliance with this policy is monitored via:
ALL Line Managers or Supervisors are required to ensure that the people they are responsible for, follow this Policy and associated Standard through dip-checking and proactively promoting compliance with requirements.
This policy has been drafted in accordance with the Code of Ethics and has been reviewed on the basis of its content and the supporting evidence and it is deemed compliant with that Code and the principles underpinning it.
This policy has been drafted in accordance with the Human Rights Act and has been reviewed on the basis of its content and the supporting evidence and it is deemed compliant with that Act and the principles underpinning it.
Section 4 of the Equality Act 2010 sets out the protected characteristics that qualify for protection under the Act as follows: Age; Disability; Gender Reassignment; Marriage and Civil Partnership; Pregnancy and Maternity; Race; Religion or Belief; Sex; Sexual Orientation.
The public sector equality duty places a proactive legal requirement on public bodies to have regard, in the exercise of their functions, to the need to:
The equality duty applies to all protected characteristics with the exception of Marriage and Civil Partnership, to which only the duty to have regard to the need to eliminate discrimination applies.
Carrying out an equality impact assessment involves systematically assessing the likely or actual effects of policies on people in respect of all the protected characteristics set out above. An equality impact assessment should be carried out on any policy that is relevant to the public sector equality duty.
EQUALITY IMPACT ASSESSMENT COMPLETED: February 2023