If your organisation stores, processes, or manages Law Enforcement Data (LED) on behalf of UK police forces, you may be required to undergo a Police Assured Secure Facility (PASF) audit. We offer expert PASF audit services to help you achieve and maintain compliance.

A PASF Review Checklist is a formal audit that certifies your facility meets the strict security requirements set by the Police Digital Service (PDS). It is essential for any third-party provider or partner working with Classified LED.

Who Needs a PASF Audit?

A PASF audit is essential for organisations handling LED, as it ensures compliance with strict security standards, protects sensitive LED, and demonstrates trustworthiness.

Validation is mandatory for many partners and, as per PDS guidance, PASF validation is aligned with the old CMAT standard. The review period depends on the classification and volume of the LED:

• Official: Low & Medium – Review after three years
• Official-Sensitive: Low & Medium – Review after two years
• Official/Official-Sensitive: High – Review after one year
• Secret and above or any site requiring corrective measures – Review after corrective actions or as directed

You may need PASF certification if you’re a cloud or data centre provider, technology vendor, local authority, or private security or support service working with LED.