Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
Protective monitoring is essential to identify and detect threats to ICT systems.
The active use of protective monitoring tools supports the identification of signs of attack, unusual system behaviour, or activity that is not in accordance with organisational policies. The retrospective use of protective monitoring tools supports the investigation and understanding of identified incidents.
The use of protective monitoring within Dyfed-Powys Police not only supports the protection of local systems, but also provides assurance to partner agencies and organisations as to the security of Dyfed-Powys Police ICT systems and the data held on these systems.
Dyfed-Powys Police is supported by the National Management Centre (NMC), the nationally-supported cyber security protection facility for police forces across England and Wales, who carry out a monitor and alert function on behalf of the Force.
The business processes and technology used as part of protective monitoring within Dyfed-Powys Police provide oversight as to how ICT systems are used, or misused, and provide assurance of user accountability in the use of ICT facilities.
Examples of protective monitoring include, but are not limited to, the inspection of firewall logs, the investigation of security alerts, and the monitoring of intrusion detection systems.
The main aims of protective monitoring are:
Dyfed-Powys Police deploys protective monitoring systems across the Force network. Users must accept that at some time their activities, whilst accessing or processing information, may be subject to scrutiny and monitoring.
Applies (but not limited) to: All categories of Dyfed-Powys Police Officers and staff, whether full-time, part-time, permanent, fixed term, temporary (including agency staff, associates and contractors), seconded staff and volunteers. Police Officers, staff and volunteers accessing and using Force assets and property must have due regard to the contents of this policy.
This policy does not over-ride any existing procedures or policies nor negate any existing guidance regarding Information Security, Data Protection or Acceptable Use, however, it does supplement such policies, with a specific focus on the protective monitoring of the Dyfed-Powys ICT network, and the data held within or transported by it.
Securing data is of paramount importance to Dyfed-Powys Police, particularly in relation to the need to protect data in line with the requirements of the Data Protection Act 2018 and the UK General Data Protection Regulation.
Any loss of the ability to access information or interference with its integrity could have a significant effect on the efficient operation of Dyfed-Powys Police. It is therefore essential for the continued operation of Dyfed-Powys Police that the confidentiality, integrity and availability of all ICT systems is maintained at a level which is appropriate to Dyfed-Powys Police needs.
Protective monitoring is a key requirement to ensure:
Non-compliance with this policy could have a significant effect on the efficient operation of Dyfed-Powys Police activities as a result of potential/actual harm to Force systems, services and data, and could lead to legal and/or reputational damage to the Force.
This policy meets organisational requirements and is compliant with control measures as recommended both by the National Institute of Standards and Technology (NIST), primarily the ‘Detect’ function and range of related controls as part of the NIST Cybersecurity Framework, and by the National Cyber Security Centre (NCSC), namely ‘Logging and Monitoring’ as part of the NCSC’s ’10 Steps to Cyber Security’.
The Force complies with the following legislation and all other legislation as appropriate, including, but not limited to:
Related policies, standards, procedures, practices, including, but not limited to:
Policy Owner: The policy is owned by the Head of ICT who is responsible for regularly monitoring the policy for its effectiveness, challenges to the policy, any changes to NIST and NCSC guidance, and any inefficiencies in relation to the implementation of this policy.
Approval Process: Approval of decisions regarding the implementation of the policy are made by the Information Assurance Board.
The following Code of Ethics principles are relevant to this policy:
Accountability - We are answerable for our decisions, actions and omissions.
Fairness - We treat people fairly.
Honesty - We are truthful and trustworthy.
Integrity - We always do the right thing.
Leadership - We lead by good example.
Objectivity - We make choices based on evidence and our best professional judgement.
Openness - We are open and transparent in our actions and decisions.
Respect - We treat everyone with respect.
Selflessness - We act in the public interest.
Protective monitoring is carried out by the ICT Department. Any findings are subject to review and where required are escalated to the Cyber Resilience Group, the role of which is to provide oversight on all matters pertaining to the current and emerging cyber threat landscape, and to define an appropriate and acceptable security posture for the Force.
Any issues that cannot be resolved by the Cyber Resilience Group or require escalation will be formally considered at the Information Assurance Board.
Guidance and recommendations from relevant organisations, including NIST and NCSC are considered when reviewing this policy.
This policy has been drafted in accordance with the Code of Ethics and has been reviewed on the basis of its content and the supporting evidence and it is deemed compliant with that Code and the principles underpinning it.
This policy has been drafted in accordance with the Human Rights Act and has been reviewed on the basis of its content and the supporting evidence and it is deemed compliant with that Act and the principles underpinning it.
Section 4 of the Equality Act 2010 sets out the protected characteristics that qualify for protection under the Act as follows: Age; Disability; Gender Reassignment; Marriage and Civil Partnership; Pregnancy and Maternity; Race; Religion or Belief; Sex; Sexual Orientation.
The public sector equality duty places a proactive legal requirement on public bodies to have regard, in the exercise of their functions, to the need to:
The equality duty applies to all protected characteristics with the exception of Marriage and Civil Partnership, to which only the duty to have regard to the need to eliminate discrimination applies.
Carrying out an equality impact assessment involves systematically assessing the likely or actual effects of policies on people in respect of all the protected characteristics set out above. An equality impact assessment should be carried out on any policy that is relevant to the public sector equality duty.
EQUALITY IMPACT ASSESSMENT COMPLETED: January 2024