Non-confidential facts and advice to the Deputy Mayor for Policing and Crime (DMPC)
1. Introduction and background
1.1. Communications, ANPR & Digital Forensic data is complex and it is unfeasible to process manually. The scale and complexity of the data is growing and with the current manual processing & investigation of the data, the amount of resource required has reached unsustainable levels.
1.2. There is a need for software to process, analyse, map & create court exhibits. This software has the following benefits:
• Save up to 95% of the time spent manually processing data
• Make much more efficient use of the resources
• Progress investigations faster
• Deliver more successful outcomes at court
1.3. Therefore it is a priority to deliver a software solution to standardise the processing, analysis & mapping of communications data, and other digital forensic data.
1.4. The current process requires analysts to cleanse captured data, analyse and present output to investigation teams and CPS/court. This data stems from mobile devices (phones/tablets) and call data records. The job undertaken is to review and present the data in the form of schedules and maps.
1.5. There are numerous challenges as Call Data Records (CDRs) are received in multiple formats. This issue is exacerbated when dealing with large and complex cases and multiple devices.
2. Issues for consideration
2.1. This information is contained in the restricted section of the report.
3. Financial Comments
3.1. The £1.5m is made up as follows:
• £0.4m for the creation of a capital item.
• Convert revenue to capital for the purchase of storage and add to the MPS capital plan.
• £0.3m p.a. will be required for revenue costs from 2019/20 to 2022/23.
4. Legal Comments
4.1. MPS Directorate of Legal Services (DLS) has been consulted as part of the assurance process and no concerns have been raised to date. Key stakeholders, including DLS will be engaged throughout the procurement phase to ensure no issues arise.
4.2. The communications data analysed in the tool will be legally obtained and retained under the Regulation of Investigatory Powers Act 2000 (RIPA).
4.3. Under Paragraph 4.13 of the MOPAC Scheme of Delegation and Consent provides that Deputy Mayor for Policing and Crime has authority to approve all requests to go out to tender for contracts of £500,000 or above, or where there is a particular public interest.
4.4. The Mayor’s Officer for Policing Crime is a contracting authority as defined in the Public Contracts Regulations 2015 (“the Regulations”). All awards of public contracts for goods and/or services valued at £181,302 or above will be procured in accordance with the Regulations.
5. Commercial Issues
5.1. The strategic route to market as endorsed by Crown Commercial Services for cloud-based software as a service offering is the Crown Commercial Services Framework Agreement (Digital Marketplace G-Cloud 10). The contract will be awarded to a single supplier with an initial contract for 2 years with a 1 + 1 year renewal option.
• The product will require minimal training
• Deploying the product will enable benefits realisation
• Realisation of benefits also highlights greater efficiency
5.2. All the solutions within the scope of this procurement are already in use across the 43 UK police forces as well as a number of other law enforcement agencies. The MPS have engaged with a number forces and the NCA to gain an understanding of the process they have followed in selecting a product to ensure there is an open and transparent process.
5.3. All solutions being considered as part of this process can be procured via the G-Cloud 10 Framework and within the total stated cost of this paper.
6. GDPR and Data Privacy
6.1. The MPS is subject to the requirements and conditions placed on it as a 'State' body to comply with the European Convention of Human Rights and the Data Protection Act (DPA) 2018. Both legislative requirements place an obligation on the MPS to process personal data fairly and lawfully in order to safeguard the rights and freedoms of individuals.
6.2. Under Article 35 of the General Data Protection Regulation (GDPR) and Section 57 of the DPA 2018, Data Protection Impact Assessments (DPIA) become mandatory for organisations with technologies and processes that are likely to result in a high risk to the rights of the data subjects.
6.3. The Information Assurance and Information Rights units within MPS will be consulted at all stages to ensure the project meets its compliance requirements.
6.4. Once a supplier has been selected, a DPIA will be completed with that supplier to ensure full compliance. The project will ensure a privacy by design approach, which will allow the MPS to find and fix problems at the early stages of any project, ensuring compliance with GDPR. DPIAs support the accountability principle, as they will ensure the MPS complies with the requirements of GDPR and they demonstrate that appropriate measures have been taken to ensure compliance.
7. Equality Comments
7.1. This tool will only be utilised by MPS Officers and Staff and therefore an Equalities Impact Assessment (EIA) will be undertaken as part of implementing the chosen solution to ensure it is compatible with the standard reasonable adjust software tools already available on the MPS IT estate. The EIA will be compiled in consultation with the Strategy Diversity & Inclusion team.
7.2. This EIA will be regularly reviewed and support and guidance from the Strategy Diversity and Inclusion team will be maintained throughout the lifecycle of this project.
8. Background/supporting papers