Skip to site content Skip to main menu

Tell us whether you accept cookies

Published: 03 November 2023

Internal Audit Reports - 7 November 2023

Report Summary

To access the full document please open the PDF document above.

To view as accessible content please use the sections below. (Note that tables and some appendixes are not available as accessible content). 

Meeting

The publication discussed was referenced in the meeting below

Audit, Risk and Assurance Committee - 7 November 2023

Date : 07 November 2023

Location : online


Biometrics

Background:
As part of the 2023/2024 internal audit plan for the Scottish Police Authority (SPA), BDO as Internal Auditor perform an audit of compliance with the Code of Practice on the acquisition, retention, use and destruction of biometric data for criminal justice and police purposes in Scotland, as published by the Scottish Biometrics Commissioner.
The organisations in scope for this review are:
Police Scotland – who are responsible for the acquisition of biometric data and manage the retention and weeding of Criminal Justice DNA, and
SPA Forensic Services – who are responsible for managing the retention, use and weeding of all other DNA sample types and all fingerprint types. We note both Police Scotland and SPA FS jointly manage the use of criminal justice DNA.
The purpose of this audit was to review Police Scotland’s, and SPA Forensic Services’, levels of compliance with the Scottish Biometrics Commissioners Code of Practice.

Internal Audit Findings:
BDO are able to provide moderate assurance over the design and operational effectiveness of the arrangements in place to comply with the Scottish Biometrics Commissioners Code of Practice.
Overall, BDO found the controls governing the acquisition, use, retention and destruction of DNA and fingerprint biometric data to generally adhere with the new Code of Practice.
Throughout the review, BDO identified seven findings where there is an opportunity for improvement, four assessed as medium and three as low significance.


Summary of Findings of Biometrics Report:

TABLE

BDO have made recommendations regarding Police Scotland and SPA Forensic Services to effectively demonstrate adherence to the Code of Practice when completing the first annual self-assessment, including consideration of the strategy for both internal and external engagement to raise awareness of the new requirements, the intended strategic priorities, and of how biometric data is being managed in a manner which contributes to national outcomes.

SPA Considerations:

SPA welcomes the assurance this internal audit report brings relating to the levels of compliance with the Scottish Biometrics Commissioners Code of Practice.