Quickly exit this site by pressing the Escape key Leave this site
We use some essential cookies to make our website work. We’d like to set additional cookies so we can remember your preferences and understand how you use our site.
You can manage your preferences and cookie settings at any time by clicking on “Customise Cookies” below. For more information on how we use cookies, please see our Cookies notice.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Your cookie preferences have been saved. You can update your cookie settings at any time on the cookies page.
Sorry, there was a technical problem. Please try again.
This site is a beta, which means it's a work in progress and we'll be adding more to it over the next few weeks. Your feedback helps us make things better, so please let us know what you think.
Request:
Q1. Who provides your digital evidence management (DEMS) system?
Q2. What date does this contract end and are there any extension periods to this date as part of the contract?
Q3. What is the net spend on your current DEMS contract?
Q4. What procurement route do you intend to use when going to market for a new solution?
Q5. Who is the main contact in charge of your DEMS contract and the current solution?
Response:
Extent and Result of Searches to Locate Information
To locate the information relevant to your request searches were conducted within North Yorkshire Police.
I can confirm that the information you have requested is held by North Yorkshire Police.
Decision
I have today decided to disclose some of the located information to you.
Q1. I have decided to exempt providing you with the digital evidence management (DEMS) system used by North Yorkshire Police pursuant to section 31(1)(Law Enforcement) of the Freedom of Information Act 2000 (the Act). Please see the exemption below.
Q2. 31st March 2028 with option for 4 more years
Q3. £469,927.00 per annum
Q4. Tender via Government Frameworks
Q5. Head of ICT
Exemption Explanation
Section 31 – Law Enforcement
Section 31 is a prejudice-based qualified exemption and there is a requirement to articulate the harm as well as carrying out a public interest test.
Evidence of Harm
The Harm Test process requires North Yorkshire Police to consider any possible harm that might arise as a result of placing the requested information into the public domain. This process considers the potential harm to:
Policing is an information-led activity, and information assurance (which includes information security) is fundamental to how the Police Service manages the challenges faced. In order to comply with statutory requirements, the College of Policing Authorised Professional Practice for Information Assurance has been put in place to ensure the delivery of core operational policing by providing appropriate and consistent protection for the information assets of member organisations, see below link:
https://www.app.college.police.uk/app-content/information-management/
Commercial DEMS Providers are vitally important in the Criminal Justice system - not only do they play a crucial role by supporting UK Policing with the security and storage of vast amounts of digital evidence that can be gathered or generated during investigations, but they help manage the chain of custody; keeping relevant audit logs so that the digital evidence can be relied upon in Court.
Whilst not in any way questioning the motives of the applicant, it must be taken into account when considering potential harm that a disclosure under the Freedom of Information Act 2000 is made to the world at large, rather than a private correspondence. Specific details of the DEMS used by North Yorkshire Police would be extremely useful to those involved in criminality as it would enable them to create a map of those most critical to the Law-and-Order sector, and specifically target those proving the most assistance.
The risk of such is significant and real, whether it is in relation to the DEMS or any other aspect of policing within the context of digital evidence, such as the use of Forensic Service Providers. For example, in 2019 Eurofins (one of the UKs largest FSPs) suffered a highly sophisticated ransomware attack which severely disrupted UK Policing and the Criminal Justice system.
https://www.helpnetsecurity.com/2019/06/24/eurofins-ransomware-attack/
As demonstrated, the threat of cyberattacks is clear and remains ever present, which if successful, such an attack would have devastating consequences for law enforcement as a whole.
Factors favouring Disclosure - Confirming the names of DEMS providers would be of interest to the public, namely give insight into the solutions used by the police to manage and store vast amounts of digital evidence.
Factors favouring Non-Disclosure - Measures are put in place to protect the community we serve and as evidenced within the harm, to provide the information requested would allow individuals intent on disrupting law enforcement to target specific companies using the information obtained to maximise the impact.
Taking into account the current security climate within the United Kingdom, and the previous Eurofins cyber-attack, no information which may aid criminality should be disclosed. It is clear that it would have an impact on a Force’s ability to carry out the core duty of enforcing the law and serving the community.
The public entrust the Police Service to make appropriate decisions with regard to their safety and protection and the only way of reducing risk is to be cautious with what is placed into the public domain.
Balance Test - The Police Service is charged with enforcing the law, preventing and detecting crime and protecting the communities we serve. In order to effectively and robustly carry out those duties, external services are utilised which are vital to investigating criminal activity. Weakening the mechanisms used to investigate any type of criminal activity would have a detrimental impact on law enforcement as a whole. To provide the information requested, despite the known risks of cyber-attacks, would undermine any trust or confidence the public have in the Police Service. Therefore, at this moment in time, it is our opinion that the balance test favours against disclosure.
Pursuant to Section 17(1) of the Act this letter acts as a Refusal Notice in response to part of your request.
Please note that systems used for recording information are not generic, nor are the procedures used locally in capturing the data. It should be noted therefore that this force’s response to your questions should not be used for comparison purposes with any other responses you may receive.