Secure by Design in Policing – Protecting Intelligence, Evidence, and Public Trust

• by Anthony Orjally
• Advent IM Blog

Policing occupies a uniquely sensitive space: it must secure intelligence sources, digital evidence, and highly personal data, while maintaining public trust in proportionate and lawful handling of information. Security lapses do not just expose data – they risk undermining investigations, prosecutions, and confidence in law enforcement.

Secure by Design provides a blueprint for policing organisations to shift from reactive patching to proactive assurance.

Protecting Digital Evidence

Digital forensics, body-worn video, and evidence management systems form the backbone of modern policing. Secure by Design mandates assurance of data integrity at the system level, ensuring chain-of-custody is maintained, tamper-resistance is assured, and disclosure processes stand up in court.

Safeguarding Intelligence Systems

National intelligence platforms and local data-sharing systems depend on Secure by Design controls: encryption, access governance, and auditing embedded from design stage. This ensures compliance with both GDPR and the stricter handling requirements under the College of Policing’s Authorised Professional Practice (APP).

GRC Implications

• Governance: Police and Crime Commissioners and Chief Constables must ensure Secure by Design accountability sits clearly within force governance structures.
• Risk: Threat modelling incorporates not only cyber adversaries but also insider threats, a recognised policing risk category.
• Compliance: Systems must align with NPCC cyber standards, ISO 27001, and statutory codes on data handling.

Example in Practice

A regional force’s Secure by Design implementation within its digital evidence management platform integrated early engagement of IAOs and Information Governance Officers. This prevented design flaws that would have left evidence vulnerable to unauthorised deletion, a risk that could have jeopardised active prosecutions.

Secure by Design is not simply a technical exercise for policing. It is a cultural transformation that ensures law enforcement can handle sensitive data with integrity, safeguard citizen rights, and maintain the operational effectiveness required to keep communities safe.

Written by Ellie Hurst, Commercial Director.