PNC rules ‘no longer relevant’ as report demands Code of Practice update
Rules for accessing the Police National Computer (PNC) are “out of date’” and need to be updated, a report has concluded.
The PNC Code of Practice – designed to ensure the integrity of national police data – has not been revised since being introduced in 2005, according to Her Majesty’s Inspectorate of Constabulary (HMIC).
Inspectors said this has rendered much of the Code “no longer relevant” and asked the Home Office to update it by the end of April next year.
However, the report found that the ACRO Criminal Records Office is fully compliant with all parts of the Code that still apply, and praised its “effective and efficient” PNC use.
HMIC said: “One of the provisions in the Code is that it should be reviewed one year from the date of its commencement.
“The Code remains in force, but it has not been reviewed or revised since its introduction.
“We found much of the Code to be out of date and no longer relevant.”
ACRO has always maintained a ‘can-do’ attitude which, as the report highlights, is reflected in our flexibility and ability to meet ever-increasing and changing demands
The Home Office recognised the Code is in need of review and promised to work with ACRO and the National Police Chiefs’ Council to deliver this.
The HMIC review, published on Wednesday (April 5), found a “high standard” across all areas of ACRO’s work.
ACRO is mostly compliant with the PNC Code of Connection – which sets standards for anyone wanting to access the database – as staff are fully trained, motivated and security-conscious.
However, the organisation was criticised for storing PNC data on systems that are not subject to standard audits, and for not having clear plans for what it would do if forced to move out of its HQ.
ACRO is hosted by Hampshire Constabulary and is based with the county.
Managers believe that they would be able to use PNC terminals at two of the force’s other buildings if necessary.
Tests have shown this solution would only allow it limited functionality.
HMIC also said that ACRO could act on a recommendation previously given to Hampshire Constabulary about improving its ability to monitor IT systems.
And inspectors said there is “confusion among staff” about whether Hampshire Constabulary, the National Police Chiefs’ Council or the Home Office is responsible for ACRO.
Ian Readhead, Chief Executive of ACRO, thanked HMIC for its “detailed and thorough assessment”.
He said: “ACRO has always maintained a ‘can-do’ attitude which, as the report highlights, is reflected in our flexibility and ability to meet ever-increasing and changing demands.
“The areas where we can learn and improve include developing systems for monitoring and auditing, developing an effective business continuity plan, providing greater clarity on our arrangements and relationships to other organisations as well as better marketing of our services in general.
“We’re already addressing many of these issues and will progress this improvement work over the coming months.”