A recent cyber security issue that significantly affected a forensic science provider has raised the question of whether the community requires more specific requirements covering the range of possible types of IT security.
The National Cyber Security Centre (NCSC) was asked to consider what specific requirements could be considered for future versions of the codes.
The Regulator asks that all forensic science providers of any size, review their IT security, as informed by the text in annex A of the attached report, to:
- determine and address weaknesses
- identify and feedback on any significant practical challenges to implementation