Current timestamp: 23/06/2026 06:36:59
AgeAlertAnonymousAppealsApplicationsApply Or RegisterArea OutlineArrow DownArrow LeftArrow RightArrow UpAutomatic DoorsBack ArrowBusinessCalendarCashArrow DownArrow LeftArrow RightArrow Down[Missing text '/SvgIcons/Symbols/Titles/icon-chrome' for 'English (United Kingdom)']ClockCloseContactDirectionsDocumentDownloadDrawDrugExpandExternal LinkFacebookFb CommentFb LikeFiletype DefaultFiletype DocFiletype PdfFiletype PptFiletype XlsFinance[Missing text '/SvgIcons/Symbols/Titles/icon-firefox' for 'English (United Kingdom)']First AidFlickrFraudGive FeedbackGlobeGuide DogHealthHearing ImpairedInduction LoopInfoInstagramIntercom[Missing text '/SvgIcons/Symbols/Titles/icon-internet-explorer' for 'English (United Kingdom)']LaptopLiftLinkedinLocal Activity[Missing text '/SvgIcons/Symbols/Titles/icon-location' for 'English (United Kingdom)']LoudspeakerLow CounterMailMapMap PinMembershipMenuMenu 2[Missing text '/SvgIcons/Symbols/Titles/icon-microsoft-edge' for 'English (United Kingdom)']Missing PeopleMobility ImpairmentNationalityNorth PointerOne Mile RadiusOverviewPagesPaper PlaneParkingPdfPhonePinterestPlayPushchairRefreshReportRequestRestart[Missing text '/SvgIcons/Symbols/Titles/icon-rotate-clockwise' for 'English (United Kingdom)']Rss[Missing text '/SvgIcons/Symbols/Titles/icon-safari' for 'English (United Kingdom)']SearchShareSign LanguageSnapchatStart AgainStatsStats And Prevention AdviceStopSubscribeTargetTattosTell Us AboutTickTumblrTwenty Four HoursTwitter LikeTwitter ReplyTwitter RetweetUploadVisually ImpairedWhatsappWheelchairWheelchair AssistedWheelchair ParkingWheelchair RampWheelchair WcYoutubeZoom InZoom Out

Leave this site

Skip to main content

Skip to main navigation

Welcome

This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.

End User Asset Policy

1. Statement of Policy

The purpose of this document is to establish a policy for the management of end user ICT assets. The policy is dependent on an ICT inventory list that is regularly updated by both the ICT department and the Asset Custodian (the person issued with the IT asset in Dyfed-Powys Police). The policy ensures that ICT assets are tracked and controlled throughout their lifecycle at Dyfed-Powys Police.

Applies (but not limited) to: All categories of Dyfed-Powys Police officers and staff, whether full-time, part-time, permanent, fixed term, temporary (including agency staff, associates, and contractors), seconded staff and volunteers. Police Officers, staff and volunteers accessing and using Force assets and property must have due regard to the contents of this policy.

2. Policy Scope

This policy applies to all end user IT assets (physical devices) that are fully controlled by Dyfed-Powys Police. The policy applies to all Asset Custodians (the person issued with the IT asset in Dyfed-Powys Police) and their Line Managers who are responsible for ensuring that IT assets are returned to ICT when required.

 

3. Powers and Policy/Legal Requirements

This policy meets organisational requirements and is compliant with control measures as recommended both by the National Institute of Standards and Technology (NIST), primarily the ‘Identify’ function and range of related controls as part of the NIST Cybersecurity Framework, and by the National Cyber Security Centre (NCSC), namely ‘Asset management’ as part of the NCSC’s ’10 Steps to Cyber Security’. 

The Force complies with the following legislation and all other legislation as appropriate, including, but not limited to:

  • Computer Misuse Act 1990
  • Data Protection Act 2018
  • UK General Data Protection Regulation
  • Human Rights Act 1998
  • Official Secrets Act 1989
  • Electronic Communications Act 2000
  • Regulation of Investigatory Powers Act 2000 (RIPA)
  • Freedom of Information Act 2000

Related policies, standards, procedures, practices, including, but not limited to:

  • Dyfed-Powys Police Information Security Policy and Associated Standards
  • Dyfed-Powys Police Cyber Security Policy
  • Dyfed-Powys Police Acceptable Use Policy
  • Dyfed-Powys Police Data Protection Policy

 

4. Options and Contingencies

Asset Custodian (The person issued with the IT asset)

When an ICT asset is provided to an Asset Custodian, the Asset Custodian has the following responsibilities:

  • The Asset Custodian is responsible for returning their ICT asset either to the ICT department or their line manager when leaving employment or when transferring to another department.
  • The Asset Custodian is responsible for the care of the ICT asset. ICT assets that are lost or stolen should be reported immediately to the Assets Custodian’s line manager and to the ICT Department.
  • If a device is lost or stolen outside of office hours, the Asset Custodian should contact the Force Incident Manager (FIM), who will contact the out of hours ICT engineer. Depending on the device, they may also have to contact the Information Security Officer (ISO).
  • The ICT Department will advise the Asset Custodian if this is required. ICT Assets that are damaged should be reported to the Asset Custodians’ line manager and to the ICT department.
  • The asset inventory list will be held by ICT.

Line Managers

The line manager is responsible for returning the ICT asset to the ICT department to repurpose/re-issue the ICT asset to a new/another member of staff. If the asset contains data the ICT department will remove the data, before supplying it to a new user. 

Assets

Below is a list of ICT assets covered by this policy -

  1. Desktop and Laptop Computers
  2. Mobile Phones/ Mobile Data Terminals
  3. Airwaves Radio Sets
  4. Body Worn Video Devices
  5. Docking Stations and Monitors

When completing the scheduled asset self-assessment, the correct details of the device in the self-assessment should be recorded.

Data Breaches

In the event of a breach of this policy, DPP may take the following action.

  • restrict or terminate a user’s right to use Force systems and access to Information Assets.
  • where appropriate, disclose information to law enforcement and regulatory agencies and take legal action.
  • refer the matter to the Professional Standards Department for investigation which could result in criminal and/or misconduct proceedings.

The Code of Ethics principles are relevant to this policy –

  • Courage
  • Respect and Empathy
  • Public Service

 

5.  Take action and review

Policy Owner: This policy is owned by the Head of ICT who is responsible for regularly monitoring the policy for its effectiveness, challenges to the policy, any changes to NIST and NCSC guidance and any inefficiencies in relation to the implementation of this policy.

 

Approval Process: Approval of decisions regarding the implementation of the policy are made by the Information Assurance Board.

The asset inventory list will be held by the ICT department. Any findings are subject to review and where required are escalated to the Cyber Resilience Group, the role of which is to provide an oversight on all matters pertaining to the current and emerging cyber threat landscape and to define an appropriate and acceptable security posture for the Force.

Any issues that cannot be resolved by the Cyber Resilience Group or require escalation, will be formally considered at the Information Assurance Board.

Guidance and recommendations from relevant organisations, including NIST and NCSC are considered when reviewing this policy.

CODE OF ETHICS CERTIFICATE OF COMPLIANCE

This policy has been drafted in accordance with the Code of Ethics and has been reviewed on the basis of its content and the supporting evidence and it is deemed compliant with that Code and the principles underpinning it.

HUMAN RIGHTS ACT CERTIFICATE OF COMPLIANCE

This policy has been drafted in accordance with the Human Rights Act and has been reviewed on the basis of its content and the supporting evidence and it is deemed compliant with that Act and the principles underpinning it.

EQUALITY IMPACT ASSESSMENT

Section 4 of the Equality Act 2010 sets out the protected characteristics that qualify for protection under the Act as follows: Age; Disability; Gender Reassignment; Marriage and Civil Partnership; Pregnancy and Maternity; Race; Religion or Belief; Sex; Sexual Orientation.

The public sector equality duty places a proactive legal requirement on public bodies to have regard, in the exercise of their functions, to the need to:

  • eliminate discrimination, harassment, victimisation, and any other conduct that is unlawful under the Act;
  • advance equality of opportunity between persons who share a relevant protected characteristic and persons who do not share it;
  • foster good relations between persons who share a relevant protected characteristic and persons who do not share it.

The equality duty applies to all protected characteristics with the exception of Marriage and Civil Partnership, to which only the duty to have regard to the need to eliminate discrimination applies.

Carrying out an equality impact assessment involves systematically assessing the likely or actual effects of policies on people in respect of all the protected characteristics set out above. An equality impact assessment should be carried out on any policy that is relevant to the public sector equality duty. 

EQUALITY IMPACT ASSESSMENT COMPLETED: November 2025