Covert human intelligence sources: code of practice

6. Management of covert human intelligence sources

Tasking

6.1. Tasking is the assignment given to the CHIS by the persons defined at sections 7(6)(a) and (b) of RIP(S)A, asking them to obtain, provide access to or disclose information. Authorisation for the use or conduct of a CHIS will be appropriate prior to any tasking where such tasking involves the CHIS establishing or maintaining a personal or other relationship for a covert purpose.

6.2. Authorisations should not be drawn so narrowly that a separate authorisation is required each time the CHIS is tasked. Rather, an authorisation might cover, in broad terms, the nature of the source's task. If there is a step change in the nature of the task that significantly alters the entire deployment, then a new authorisation may need to be sought. If in doubt, advice should be sought from the IPC.

6.3. It is difficult to predict exactly what might occur each time a meeting with a CHIS takes place, or the CHIS meets the subject of an investigation. There may be occasions when unforeseen action or undertakings occur. When this happens, the occurrence must be recorded as soon as practicable after the event and if the existing authorisation is insufficient it should either be updated at a review (for minor amendments only) or it should be cancelled and a new authorisation should be obtained before any further such action is carried out.

6.4. Similarly, where it is intended to task a CHIS in a significantly greater or different way than previously identified, the persons defined at section 7(6)(a) or (b) of RIP(S)A must refer the proposed tasking to the authorising officer, who should consider whether the existing authorisation is sufficient or needs to be replaced. This should be done in advance of any tasking and the details of such referrals must be recorded. Efforts should be made to minimise the number of authorisations per CHIS to the minimum necessary in order to avoid generating excessive paperwork.

Handlers and controllers

6.5. Public authorities should ensure that arrangements are in place for the proper oversight and management of a CHIS, including appointing individual officers as defined in section 7(6)(a) and (b) of RIP(S)A for each CHIS.

6.6. Oversight and management arrangements for relevant sources, while following the principles of the RIP(S)A, will differ, in order to reflect the specific role of such individuals as members of public authorities.

6.7. The person referred to in section 7(6)(a) of RIP(S)A (the "handler") will have day to day responsibility for:

• dealing with the CHIS on behalf of the authority concerned;
• directing the activities of the CHIS;
• recording the information supplied by the CHIS; and
• monitoring the CHIS's security and welfare.

6.8. The handler of a CHIS will usually be of a rank or position below that of the authorising officer.

6.9. The person referred to in section 7(6)(b) of RIP(S)A (the "controller") will normally be responsible for the management and supervision of the "handler" and general oversight of the use of the CHIS.

Joint working

6.10. There are many cases where the activities of a CHIS may provide benefit to more than a single public authority. Such cases may include the prevention or detection of criminal matters affecting crime and disorder, requiring joint agency operational activity. For example, where a CHIS provides information relating to environmental health issues and offences of criminal damage, or in a joint police/local authority anti-social behaviour operation on a housing estate.

6.11. In cases where the authorisation is for the use or conduct of a CHIS whose activities benefit more than a single public authority, responsibilities for the management and oversight of that CHIS may be taken up by one authority or can be split between the authorities. The applicant controller and handler of a CHIS need not be from the same public authority, but the respective roles should be specified in a collaboration agreement. In such situations, however, the public authorities involved must lay out in writing their agreed oversight arrangements.

Security and welfare

6.12. Any public authority deploying a CHIS should take into account the safety and welfare of that CHIS when carrying out actions in relation to an authorisation or tasking, and the foreseeable consequences to others of that tasking. Before authorising the use or conduct of a CHIS, the authorising officer should ensure that a risk assessment is carried out to determine the risk to the CHIS of any tasking and the likely consequences should the role of the CHIS become known. This should consider the risks relating to the specific tasking and circumstances of each authorisation separately, and should be updated to reflect developments during the course of the deployment, as well as after the deployment if contact is maintained. The ongoing security and welfare of the CHIS, after the cancellation of the authorisation, should also be considered at the outset and reviewed throughout the period of authorised activity by that CHIS. Consideration should also be given to the management of any requirement to disclose information which could risk revealing the existence or identity of a CHIS. For example, this could be by means of disclosure to a court, or tribunal, or any other circumstances where disclosure of information may be required, and strategies for minimising the risks to the CHIS or others should be put in place. Additional guidance about protecting the identity of the CHIS is provided at paragraphs 8.26 and 8.27.

6.13. The CHIS handler is responsible for bringing to the attention of the CHIS controller any concerns about the personal circumstances of the CHIS, insofar as they might affect:

• the validity of the risk assessment;
• the conduct of the CHIS; and
• the safety and welfare of the CHIS.

6.14. Where appropriate, concerns about such matters must be considered by the authorising officer, and a decision taken on whether or not to allow the authorisation to continue.