Information

Our Strategic Plan 2021/25 was approved by the Parliament Corporation and was laid before the Scottish Parliament on 24 November 2021.  A revised Strategic Plan was laid before the Scottish Parliament on 28 February 2023 and a further revised plan was laid in 2025. Below is a link to the revised plan. 

Strategic Plan

Our purpose and vision

To support and promote the adoption of lawful, effective and ethical practices in relation to the acquisition, retention, use and destruction of biometric data for criminal justice and police purposes in Scotland.  Our strategic priorities are directly aligned to the statutory functions of the Commissioner as established in Section 2(3) of the Scottish Biometrics Commissioner Act 2020.

Our values

• Independent
• Transparent
• Proportionate
• Accountable

In early 2025, we engaged the services of Evaluation Support Scotland to help us develop a theory of change logic model and an outcomes framework relative to our function to help us shape our next Strategic Plan.

A logic model for a policing oversight body such as the SBC visually outlines how our resources (inputs) are used in our activities to produce outputs, ultimately leading to desired outcomes and impacts. This framework helps clarify our role, processes, and our intended impact on the bodies to whom our functions extend to the benefit of those bodies and in turn to the people of Scotland. Accordingly, the logic model also serves as a tool for planning, implementation, monitoring, evaluation and for ensuring accountability and demonstrating effectiveness.

Please view our Logic Model & Outcomes Framework for further information.

This document sets out the Scottish Biometrics Commissioner's risk management plan in line with the Strategic Plan and annual Business Plan for the period.  It sets out our appetite for risk and how we assess the risks to achieving our Business Plan.  It should be read in conjunction with our Risk Management Policy, within the Scheme of Governance and Risk Management Handbook.

Risk Policy and Risk Register

The Scottish Biometrics Commissioner recognises that to deliver its strategic aims, objectives and priorities successfully, it needs sound corporate governance and control mechanisms in place.

This handbook sets out the roles, responsibilities and procedures for the effective and efficient conduct of the Scottish Biometrics Commissioner's business.

Scheme of Governance and Risk Handbook

As a Scottish Public Authority, the Scottish Biometrics Commissioner is committed to governance excellence and to being accountable and transparent for its decisions and activities.

The handbook contains details on the following:

• Governance and Internal Control
• Scheme of Delegation
• Code of Professional Conduct
• Whistleblowing Policy
• Anti-Fraud Policy
• Risk Management Policy

This Handbook for staff describes a range of our policies around records management and data protection.  The following policies are included:

• Records Management policy
• Business Classification Scheme
• File Management Guidance
• Retention and Disposal policy
• Information Sharing policy
• Records Management and Security Guidance
• Clear Desk and Screen policy
• Protective Marking System
• Complying with Information Legislation
• Data Protection policy and procedure
• Data Protection Impact Assessments
• Protocol for Data Security Incidents

Information Governance Handbook

Good records management is essential for the Scottish Biometrics Commissioner to function effectively.  Records management is the systematic control of our records throughout their life cycle, in order to meet operational business needs, statutory and fiscal requirements and community expectations.  Effective management of corporate information allows fast, accurate and reliable access to records, ensuring the timely destruction of redundant information and the identification and protection of vital and historically important records.

The Public Records (Scotland) Act 2011 places an obligation on named public authorities to prepare and implement a records management plan which sets out proper arrangements for the management of their records.  

Systematic management of records allows organisations to:

• know what records they have and locate them easily
• increase efficiency and effectiveness
• make savings in administration costs, both is staff time and storage
• support decision making
• be accountable
• achieve business objectives and targets
• provide continuity in the event of a disaster
• meet legislative and regulatory requirements, particularly as laid down by the Freedom of Information (Scotland) Act and the Data Protection Act
• protect the interests of employees, clients and stakeholders

(The above information has been sourced from National Records of Scotland)

Please find our first Records Management Plan which was submitted July 2023.  The Keeper's assessment report can be found here.

This guidance presents the Scottish Biometrics Commissioner's approach to the effective management of its records through retention and disposal.  This guidance is based on the Scottish Government's approach.

File Type Guidance

This Handbook for staff contains all our finance-related policies.  The following policies are included:

• Budgetary control and financial planning policy
• Budgetary control and financial planning procedure
• Finance processing procedures

Finance Policies

Our Communications & Engagement Strategy outlines our plans for the next two years. This strategy compliments our Strategic Plan, our Scheme of Governance, our Business Plans and our Publication Scheme.   

One of the aims of the strategy is to widen our reach and impact, by approaching our networks and identifying those niche and hard to reach audiences, many of whom are already in contact with our partners. 

Our Communications & Engagement Strategy can be found here 

The aim of our Medium-Term Financial Strategy (MTFS) is to pull together in one place all known factors affecting the financial position and financial sustainability of our organisation over the medium term. The MTFS balances the financial implications of objectives and policies against constraints in resources and provides the basis for decision making. The MTFS is a living document that forms the basis of fiscal strategy for public bodies. The process of producing and updating the Medium-Term Financial Strategy can be as important as the document itself, in giving a focus to the future implications of policy decisions and discussion of priorities and external influences. Accordingly, we will update our MTFS on an annual basis.

The Scottish Biometrics Commissioner (SBC) have prepared this Medium-Term Financial Strategy. It covers the five-year period from fiscal years 2023/24 to 2028/29 to coincide with the remaining term of appointment for the current Commissioner. As such, it will straddle the period of two Strategic Plans. Firstly the Commissioners current four year Strategic Plan covering the period from 01 November 2021 to 30
October 2025, and most of the period of the subsequent 4-year Strategic Plan which will cover the period from 01 November 2025 to 30 October 2029, by which time the current Commissioner will have concluded his term of appointment.

Medium-Term Financial Strategy 2023/24 - 2028/29

The Scottish Biometrics Commissioner places a high value on quality media coverage and engagement. The purpose of this document is to set out our media policy and to provide guidance for staff on how to deal with approaches from the media as well as using the media to gain positive coverage for the work of our organisation. Guidance on social media is also provided.

 Media Management Policy

Our annual Business Plans set out the priorities of the Scottish Biometrics Commissioner (SBC) for the coming year to ensure the delivery of the outcomes set out in our Strategic Plan 2021/25. Our Business Plan is intentionally ambitious and builds on the achievements of earlier fiscal years where we have successfully delivered and consolidated the SBC function, achieving all objectives whilst operating within our allocated budget. 

Business Plan 2023/24

Business Plan 2024/25

Business Plan 2025/26

The Scottish Biometrics Commissioner on 25 October 2022 laid his first Annual Report and Accounts before the Scottish Parliament.

The report provides information on the Commissioner's functions in providing independent oversight of how biometric data and technologies are used for policing and criminal justice purposes in Scotland and information on our performance and finances.  A separate report from the external auditor of our financial statements will be published on the Audit Scotland website.

The Commissioner - Dr Brian Plastow said "My overall strategic conclusions from our activity in 2021 to 2022 is that the Parliament should have confidence in the ways in which biometric data and technologies are currently used for policing and criminal justice purposes in Scotland."

Annual Report & Accounts 2021/22

Annual Report & Accounts 2022/23

Annual (Operational) Report 2022/23

Annual Report & Accounts 2023/24

After the end of each financial year (1 April - 31 March), the Scottish Biometrics Commissioner must publish statements for that year on:

• expenditure on public relations, overseas travel, hospitality and entertainment and external consultancy
• details of any individual payments made that are over £25,000

View statements of expenditure and current contracts:

Statement of Expenditure 2022/23

Statement of Expenditure 2023/24

Details of current contracts

These quarterly governance meetings consider and sign-off corporate governance and strategic issues, and provide the Commissioner with assurance that the Scheme of Control protocols are being implemented effectively.

Governance decisions may be taken between formal meetings but are recorded and ratified at the next quarterly governance meeting.

The agenda, venue and time of the meeting are published no later than 5 working days before the meeting with any supporting papers.

The purpose of the monthly management team meeting is for the Commissioner and staff to share information and discuss tactical issues relating to the discharge of statutory obligations, corporate and operational performance, and progress with activity in support of the strategic plan.

The agenda, venue and time of the meeting is published no later than 5 working days before the meeting with any supporting papers.

The Scottish Biometrics Commissioner is committed to providing high-quality customer services.  If something goes wrong or you are dissatisfied with our services, please tell us.  This document describes our complaints procedure and how to make a complaints.  It also tells you about how we will handle your complaint and what you can expect from us.

Complaints Handling Procedure

Complaints Handling Procedure

Publication Scheme

The purpose of this guide is to:

• allow the public to see what information is and is not available in relation to each class
• state what charges may be applied
• explain how to find the information easily
• provide contact details for enquiries and to get help with accessing the information
• explain how to request information we hold that has not been published

Publication Scheme

This document sets out a roadmap listing the different records to be maintained by the Scottish Biometrics Commissioner.

File Plan

The Freedom of Information (Scotland) Act 2002 provides a right of access to all types of recorded information held by public authorities, sets out exemptions to that right and places a number of related obligations on public authorities, particularly in relation to Records Management and Publication Schemes.

Individuals have the right to request access to information, be informed whether or not the public authority holds that information and, subject to various statutory exemptions, be supplied with that information.

Please see our Publication Scheme and Disclosure Log before submitting a request as the information you seek may already be available.

As part of our commitment to demonstrate openness and transparency in respect of the information we hold, an anonymised version of all FOI responses will added to this Disclosure Log once they have been sent to requesters.