Guidance on installation of CCTV at The University of Leicester

Transcription

1 Guidance on installation of CCTV at Prepared by: Alan Bettoney - Control Room Manager Andrew Gahagan Head of Business Systems Date: Monday, 02 October 2017 v.1.0 Page 1 Oct 2017

2 The purpose of this policy is to define the requirements for Surveillance Cameras (SCs) and provide guidance on the procedure for the installation of new cameras on the estate of University of Leicester. These guidelines are for use by external contractors or any University department wishing to install SCs at the University. It is intended that an effectively installed and managed system will safeguard and protect students staff and visitors and also comply with the General Data Protection Regulations 2018 and Surveillance Camera Commissioners guidelines. v.1.0 Page 2 Oct 2017

3 Defining the Requirement for Surveillance Considerations: To ensure the installation is fit for purpose, The Centre of Applied Sciences and Technology, CAST (formally The Home Office Scientific Development Branch) have provided guidelines that will satisfy the needs of installation and commissioning of cameras. The use of an Operational Requirement based on set out criteria for the installation of a system will give support to the use of any gathered data from the system in UK prosecutions if required. BSEN has guidelines, on requirements for the selection, planning, installation, commissioning, maintaining and testing of SC systems, further information and advice can be obtained in from the National Security Inspectorate Code of practice NCP 104 which sets out expectation of industry standards (it is structured and supports BSEN ) This guide details how these codes to be enacted at the University of Leicester Objectives of Surveillance at the University: The objectives of our surveillance system at the University of Leicester is set out in the Surveillance Camera Policy and Codes of Practice are to: Detect, prevent and reduce the incidents of crime Assist in the identification, apprehension and prosecution of offenders Assist in the identification of breaches of the University Charter, Statutes, Ordinances and Regulations Detect, prevent and reduce incidents of anti-social behaviour Create a safer University community Secure evidence to an acceptable standard to support criminal, civil and internal proceedings Assist the management and response to security incidents Provide assistance to emergency services Monitor the security of the University buildings and other assets Assist with health and safety requirements Assist in the control and management of traffic on University sites When considering a new camera installation these objectives must be considered. v.1.0 Page 3 Oct 2017

4 Defining the Issue Prior to installation of Surveillance Cameras the following points should be assessed; Is there a problem or need? What is the problem or need? Which defined objective/s is the installation going to achieve? Will surveillance solve this problem or assist in going towards negating it? What other solutions have been considered? Where should I install cameras? How should I record the images? Who needs access to images? A statement of needs based on the assessment of the problem should be created defining the problem to be solved and the solution hoped for. The defined issue will provide the basis for an Operational Requirement (OR) for each proposed camera. Operational Requirements Document An Operational Requirement is defined as : A statement of need based upon a thorough and systematic assessment of the problems to be solved and hoped for solutions Which should include: A statement of the problem Stakeholders An assessment of the risk Success criteria A defined problem Operational issues System requirements Identified management issues The required forms are attached in Appendix A. Electronic copies, once completed should be provided to the Head of Security to allow consultation and ratification. By utilising the OR approach the University can ensure compliancy with the Surveillance Camera Code of Practice and data protection legislation. v.1.0 Page 4 Oct 2017

5 Site Plan To assist in the Operational Requirement the areas of concern and coverage (proposed and existing) should highlighted on a site plan. The more detail included showing area to be covered by proposed cameras will help assess in the placing of lights and cameras especially with regard to fields of view, potential environmental and privacy impact problems. Privacy Impact Assessment Privacy Impact Assessments helps to identify the most effective way to comply with our Data protection obligations and also meet an individual s expectation of privacy. An effective PIA will allow us to identify and remedy problems at an early stage, reducing associated costs and damage to the reputation of the University which might otherwise occur. PIA's are an integral part of taking a privacy by design approach minimising the risks whilst allowing the aims of the project to be met. The Information Commissioner has issued a code of practice under section 51 of the Data Protection Act of a duty to promote good practice. PIA will help to negate complaints and ensure that a new project is compliant with recommendations by the Surveillance Camera Commissioner. Also compliance under the SCC 2nd Principle - The use of surveillance cameras must take into account its effect or likely effect on an individual\s privacy and the use of the cameras is justified and is justified on a continuing basis so as not to disproportionately interfere with privacy. PIA directs compliance with Article 8 of the Human rights Act which creates a right of expectation to a private and family life. Privacy in its simplest form is a person s right to be left alone, without unlawful intrusion and the ability of a person to maintain their own physical space or solitude which amongst other thing includes denying acts of surveillance by use of cameras. Privacy Impact Assessments will be completed by project lead or designated project manager. Information Assurance will oversee the Privacy Impact procedure, compliance and management in v.1.0 Page 5 Oct 2017

6 relation to the retention and disclosure to the Information Commissioner and Camera Surveillance Commissioner. Projects that may require a PIA The core principal can be applied to any project which involves the use or collection of personal data or any other activity which could impact on the privacy of an individual. There are a variety of situations but not limited to: new surveillance (especially one which can monitor public areas) or upgrade or new application to an existing system ie. ANPR Legislation, policy or strategy which will impact on privacy through collection of information or through surveillance or other monitoring. A template to assist and produce uniformity of decision making and compliance regarding PIA's is attached in Appendix B. The full document can be downloaded 'ICO Conducting privacy impact assessments code of practice' Defining Issues It is this initial assessment that will help establish if a CCTV camera or system is the most appropriate and proportional response to the specific concerns marked on the site plan. It is this assessment that will identify if there are alternative options that should be considered. Risk Assessment What is the realistic likelihood of the activity highlighted happening? This can be referenced as: Low Medium High What would be the consequences if the activity was not monitored and/or recorded? This can be referenced as: Minimal Moderate Severe The final location, usage and need of any camera or system must be agreed by Head of Security. v.1.0 Page 6 Oct 2017

7 High Risk Likelihood Medium Low No CCTV Intervention 2 3 Minimal Moderate Severe Consequence Rating Camera purpose Once an assessment has been made and cameras are required, the need for specific standards of recognition by those cameras and system should be addressed using the CAST recommended criteria Detect: This level of detail can monitor for movement, direction speed within the field of view. Although a wide field of view the camera cannot fully pick out individual detail. Suggested surface area viewable on a monitor 10% of field of vision Observe: A more detailed view with a smaller field of vision. People and vehicles can be seen more clearly. Providing general awareness of types of vehicles and possibility of identifying them but to evidential quality beyond doubt. Suggested surface area viewable on a monitor 25% of field of vision. Recognise: At this level of magnification, someone who knows this person or car should be able to say, "That s him" or "that's not the man/car you are looking for." At this point, we can begin to accurately describe the individual in the scene. Suggested surface area viewable on a monitor 50% of field of vision v.1.0 Page 7 Oct 2017

8 Identification: Field of view is completely focused in for detail. The field of view is now tight onto an individual and has excluded much of the scene from view, with the capability to submit the images for evidential value. Suggested surface area viewable on a monitor 100% of field of vision To achieve the objectives, cameras should be considered for installation at the following (but not limited to), 1. Common access entrances to buildings (to include places of residence and retail outlets on the University estate) and have camera coverage subject to requirement and approval. 2. Access\egress routes to the estate to include roads, paths or gateways subject to requirement. 3. Open areas and spaces to which access is normally used by members of University or Public. 4. Buildings or sections of buildings designated as High Risk areas by Head of Security or subject to Legal or Governmental legislation. 5. Any other areas considered to be necessary for camera coverage at the discretion of the Head of Security and with the relevant compliancy. The locating of cameras should be considered for existing premises when planning new works, upgrades or alterations. v.1.0 Page 8 Oct 2017

9 Consideration should be given to the effect on existing CCTV when any works take place that is likely to interfere with or compromise the view or usage of the camera or system. Defining Issues It is this initial assessment that will help establish if a CCTV camera or system is the most appropriate and proportional response to the specific concerns marked on the site plan. It is this assessment that will identify if there are alternative options that should be considered. Risk Assessment What is the realistic likelihood of the activity highlighted happening? This can be referenced as: Low Medium High What would be the consequences if the activity was not monitored and/or recorded? This can be referenced as: Minimal Moderate Severe High Risk Likelihood Medium Low No CCTV Intervention Minimal Moderate Severe v.1.0 Page 9 Oct 2017

10 Consequence Rating The final location, usage and need of any camera or system must be agreed by Head of Security. Camera purpose Once an assessment has been made and cameras are required, the need for specific standards of recognition by those cameras and system should be addressed using the CAST recommended criteria Detect: This level of detail can monitor for movement, direction speed within the field of view. Although a wide field of view the camera cannot fully pick out individual detail. Suggested surface area viewable on a monitor 10% of field of vision Observe: A more detailed view with a smaller field of vision. People and vehicles can be seen more clearly. Providing general awareness of types of vehicles and possibility of identifying them but to evidential quality beyond doubt. Suggested surface area viewable on a monitor 25% of field of vision. Recognise: At this level of magnification, someone who knows this person or car should be able to say, "That s him" or "that's not the man/car you are looking for." At this point, we can begin to accurately describe the individual in the scene. Suggested surface area viewable on a monitor 50% of field of vision Identification: Field of view is completely focused in for detail. The field of view is now tight onto an individual and has excluded much of the scene from view, with the capability to submit the images for evidential value. Suggested surface area viewable on a monitor 100% of field of vision Camera Selection Guidance With the purpose of the camera know it should be possible to select a suitable camera to meet the requirement. Various elements need to be considered Field of Vision (FoV) v.1.0 Page 10 Oct 2017

11 The area the camera covers, this could be narrow if the target area is specific i.e. a car number plate or it could be wide i.e. covering a large open space, views should also be considered as these can be more effective centrally located to an area and minimise the number of cameras required. Camera Motion Cameras can be static (one fixed position), Pan Tilt Zoom (PTZ, a camera operator is able to move the camera around, or the camera can follow a pre-ordained movement cycle) or (A full 360 view is recorded simultaneously). Types of camera and capabilities will be recorded on the OR ie static, pan\ tilt\zoom\panoramic. Cameras can also be motion activated to include pre-record (a period of time before the motion is detected that is recorded and duration) or constant record. Frames Per Second This is the number of times a second the footage is recorded, in high flow, narrow field of vision installations this would higher than normal due to the limited time any person in actually in frame fps is an established minimum however some installations may require up to 30 fps. Recording Quality This is the bitrate of the recording, the lower the bitrate the worse the rendered image. This needs to be considered as a balance between the CAST recommendations against the storage requirements i.e. not all cameras are required to record at the highest available bitrate as the storage requirements for this would be prohibitive. The right record quality needs to be selected for the requirement. All cameras installed should be of High Definition capability and able to deliver at that quality, however this may be degraded as appropriate. Lighting Requirements The lighting available around the camera needs to be considered to ensure there is enough light to provide suitable images to meet the CAST recommendations at the times when the requirement for the camera is active. i.e. if the camera is to be used at night, is the area suitably lit, if not you should consider a camera with InfraRed (IR) capability. The position of surrounding lighting needs to be considered to ensure it will not white out the camera on being turned on or block the cameras FoV. v.1.0 Page 11 Oct 2017

12 Fixing Location The physical location of the camera is another key element in having an effective surveillance system. If the camera is located too high you might only see the top of heads/cars with no relevant detail, positioned to low it may be vulnerable to vandalism. From the chosen location can the required FoV be achieved and are there any physical barriers to the line of sight of the camera such as lamp posts, trees etc. External cameras should be capable of giving useable images under a variety of weather and lighting conditions and in such a position that sunlight or any other ambient lighting does not affect image capture. Consideration should be given to the type of cameras utilised in these locations as they may require additional housings and regular maintenance to ensure that the image quality is not degraded. Recording Retention Times Whilst not a direct selection requirement the period footage should be retained needs to be considered as again this needs to be a balance between the requirements and storage capacity. The minimum and maximum retention times for footage should be defined, the minimum is normally 30 days for higher risk areas and 15 days for lower risk areas Camera Feature Sets Cameras should have a capability to support video analytics and perimeter protection if required. Cameras should have the capability for privacy boarding to be enabled if required by the Privacy Impact assessment or at the discretion of the Head of Security. Cameras should be selected from the current Bosch Supplier Catalogue, the camera must support CHAPS authentication, be IP, utilise DHCP and have at least 2 streams available. The reason for the use of Bosch only equipment is that the University has knowledge on how these devices are hardened against unauthorised intrusion and are compatible with the University CCTV recording services. Cameras identified as critical cameras should also be supplied with ANR (automatic network replenishment) and a suitably sized/spec memory card for local recording should the network fail. Power/Data Requirements All cameras should be IP based and utilised Power over Ethernet (PoE) as their power where the power is provided by the network switch, PoE + and PoE ++ devices must be agreed by the IT Dept v.1.0 Page 12 Oct 2017

13 prior to selection. Where the camera is defined as a critical camera the camera must have a local power supply (this is a requirement to protect the camera should the edge network fail, the camera can continue to record via local storage until the network issues are resolved). The network jack should be located no more than 2 meters from the cameras installation point, and not be subject to interruption or access by unauthorised persons. The cable run from camera to switch should not exceed 90m for PoE or 50m for PoE+ or PoE++ installations. Where this is not achievable a local power source should be supplied via a non-switched 13amp fused spur or equivalent for the installation location. Access to the University Security VLAN should be available from the connection switch location. (Requirement Summer 2017) Camera Hardening The guidance in appendix D of this document should be followed by the camera installer to ensure the camera is hardened against unauthorised access. Signage The CCTV system installed must include appropriate signage and a data protection agreement. CCTV signs that are used must contain information relevant to the University for it to be legal. Signs must state purpose of the scheme, details of the Data controller ie. University of Leicester with contact number and address. A4 size (or larger) signage is recommended for external use, entrances to sites or buildings. A5 repeater signs should be located at strategic locations throughout the site as reminders to users of the site. The CCTV signage will be erected by the company supplying the CCTV system and placed at points around the University in agreement with the Head of Security. The CCTV signs will be supplied by the University of Leicester and will be legally compliant and corporate design. Cameras capable of viewing public and public areas must be used in conjunction with a public CCTV licence. v.1.0 Page 13 Oct 2017

14 Maintenance The system must be serviced to maintain the quality of images recorded. Preventative maintenance schedule should include periodic checks and in any case at least twice a year full system tests to measure performance against purpose and that equipment is still working to produce the requirements. This work will be carried out by a University nominated supplier. Corrective maintenance should have a specified response time for emergency servicing and or assistance for remote rectification of problems. All equipment should be added to the University asset register with a depreciation period of 3 years, an acknowledgement should also be made that any installed equipment has a lifespan and replacement should be planned for after 5-7 years active use (or sooner if end of life notification is made by the supplier). General guidance on common installations is available below, for more guidance on these factors please speak to the Security Management Group. Cameras at entry points to buildings: must record an Identification quality image of all persons entering the premises and be capable of producing CAST specified Identification images at the monitor. must be mounted at a suitable height - looking towards the person s face. where practicable, should be mounted internally with provision for good sustained lighting. record at 30 frames per second Cameras at cycle racks: must be able to record an Identification quality image. must be mounted at a suitable height where possible at height to avoid being maliciously damaged but still capable of good identification. be supported with suitable lighting record at 15 frames per second Cameras at barrier entry points must be able to record quality image in order to obtain vehicle registration numbers. v.1.0 Page 14 Oct 2017

15 must be mounted at a suitable height with a field of view capable of observing the traffic flow. Recording Equipment/Services The University provides a centralised secure CCTV recording management service which must be utilised for all CCTV installations, however in new locations/outlaying properties it may be necessary to provide local recording facilities as an extension to this service for the purposes of resilience and limiting network traffic over constrained pipe. Therefore, the requirements for locating recording equipment is document below. UPS should be provided to the service also in designated high risk areas to avoid exposure during power outages. Once a camera design has been agreed the Security Management Group will advise if this is a requirement and will specify the equipment required, locations and cost. Recording equipment should be located in a secure room to prevent unauthorised access, tampering, or removal. The facility should be secured with electronic access control, door forced alarms and a camera to cover entry to the room. The room should have no other purpose other than that of providing data services. A minimum rack space of 9u should be allowed for CCTV recording equipment. The University recording management service provides a secure method for transferring images from the system into a format that can be played back on any compatible computer utilising WORM DVD discs, (Write once, read many) and should complies with BS8495:2007 to protect the digital audit trail. There must be no interruption in recording during playback process or researching instant events. The University recording management service provides a secured facility which is password protected to ensure the integrity of the captured images. Access to the service is restricted to authorised trained personnel only. Any requirement to access the service must be agreed with the Head of Security. Where outstations are required to access CCTV recording/live view services, suitable training and individual access accounts will be provided. v.1.0 Page 15 Oct 2017

16 All images produced by the system will be time and date stamped The guidance set out in this document does not restrict the University from altering, imposing restrictions or guidance on the needs for a particular project, alteration or addition in order to secure methods, infrastructure, soft\hardware, peripherals or other requirement commensurate with the policy of the University for good governance and practical application. An Aide Memoire setting out requirements of third party providers\contractors, details regarding infrastructure and provision by The University are set out in Appendix C v.1.0 Page 16 Oct 2017

17 Appendix A Level 1 Operational Requirement Statement of Problem Stakeholders Risk Assessment Success Criteria Specify the problem\potential problem requiring CCTV Level 2 Operational Requirement (Define problem) Persons involved in project The likelihood of the potential problems occurring : Low Medium High Consequences if the activity is not monitored Minor Moderate Severe If such occurrences are not monitored the potential consequences :Safety of University personnel Financial loss Offenders escape justice Enhance University safety Reduce crime Minimise any loss Control traffic flow Explanation of Results Location Activity Purpose of Observation Target speed Camera name Situated Operational Issues Safety, damage, theft anti-social behaviour ( see University Detect, observe, recognise, identify Monitoring When Monitored Where Monitored Response Track person walking, running, cyclist, observe vehicle etc Staffing requirements Proactive \reactive Main control room Security officers, Police System requirements Alerts Displays Recording Export Any alerts on system Images viewed live Images on video wall HD,frame speed, time ll lapse, Exported to DVD, evidential level, all pc s, Police compliance v.1.0 Page 17 Oct 2017

18 Appendix B Privacy impact assessment template This template is an example of how you can record the PIA process and results. You can start to fill in details from the beginning of the project, after the screening questions have identified the need for a PIA. The template follows the process that is used in the code of practice. Step one: Identify the need for a PIA Explain what the project aims to achieve, what the benefits will be to the organisation, to individuals and to other parties. You may find it helpful to link to other relevant documents related to the project, for example a project proposal. Also summarise why the need for a PIA was identified (this can draw on your answers to the screening questions). Step two: Describe the information flows You should describe the collection, use and deletion of personal data here and it may also be useful to refer to a flow diagram or another way of explaining data flows. You should also say how many individuals are likely to be affected by the project. Consultation requirements Explain what practical steps you will take to ensure that you identify and address privacy risks. Who should be consulted internally and externally? How will you carry out the consultation? You should link this to the relevant stages of your project management process. You can use consultation at any stage of the PIA process. Step three: Identify the privacy and related risks Identify the key privacy risks and the associated compliance and corporate risks. Larger-scale PIAs might record this information on a more formal risk register. a. Privacy issue b. Risk to individuals c.compliance risk d. Associated organisation / corporate risk Step four: Identify privacy solutions Describe the actions you could take to reduce the risks, and any future steps which could be necessary. a. Risk b. Solution(s) c. Result: is the risk eliminated, reduced, or accepted? d. Evaluation: is the final impact on individuals after implementing each solution a justified, compliant and proportionate response to the aims of the project? v.1.0 Page 18 Oct 2017

19 Step five: Sign off and record the PIA outcomes Who has approved the privacy risks involved in the project? What solutions need to be implemented? a. Risk b. Approved solution c. Approved by Step six: Integrate the PIA outcomes back into the project plan Who is responsible for integrating the PIA outcomes back into the project plan and updating any project management paperwork? Who is responsible for implementing the solutions that have been approved? Who is the contact for any privacy concerns that may arise in the future? a. Action to be taken b. Date for completion of actions c. Responsibility for action d. Contact point for future privacy concerns v.1.0 Page 19 Oct 2017

20 Appendix C Guidance on the deployment of the University CCTV service to third party providers 1. The University shall make available, at cost and via the University provided network, CCTV recording infrastructure. This will provide: 30 days retention of footage Service Resiliency Intelligent Video Analytics Managed Access Control A secure recording environment. 2. The University will provide monitoring and static recording functions through the Universities Security Control Room 3. The University will act as the data controller for this information and discharge responsibility for any access to live views or recorded footage under written agreement by the Information Security Office and the Head of Security. 4. All cameras must be compatible for use on the Bosch Video Management System (BVMS) including CHAPS authentication. Alternative specifications must be agreed with the University prior to tender. Allowance for BVMS licenses should be made when selecting cameras as these licenses will be procured by the University. 5. Installation and commissioning of camera end points must follow the Universities best practice policy on securing CCTV end points. 6. All cameras should be IP enabled and utilise PoE as there power source, the use of any PoE+ or PoE++ devices must be agreed with the University IT Department. 7. It is expected that all camera be HD capable, with a maximum of 12.5fps for the recording stream. 8. Cameras should allow for the usage of video analytics and provide a masking ability where required to protect the privacy of non-university properties. 9. All cameras shall be supported with a purpose, risk and requirement document detailing the purpose of the camera, the risk assessment for the camera, the specification requirements of the camera including any special functions the camera may require i.e. pan tilt zoom, panoramic functions, auxiliary input/outputs, alarms etc. 10. The camera scheme design will give consideration to expected lighting conditions, glare control, night vision in unlit areas, to suit the security risk assessment established by the University Head of Security. 11. The camera scheme design will be agreed with the University Head of Security during the design phase. 12. The camera scheme design will define if the camera should be passive (record on motion), active (pre record on motion) or constant (always recording). 13. Cameras should be located on all entrances with the purpose of identifying people entering buildings utilising a fixed camera. Where large public spaces are to be covered panoramic cameras should be considered. 14. Where required and agreed, access to live and recorded footage on site will be via University controlled access utilising a University deployed pc with appropriate software and individual user permissions. Access will not be granted to nonpersonal accounts. 15. If required monitor screens on site through the usage of suitable decoders and mounted screens. Any requirement for this should be agreed with the UOL Head of Security during the design phase. 16. Following the design phase agreement to the design need to be sought from the University IT Service who will need to then supply suitable network capacity to meet the design requirements v.1.0 Page 20 Oct 2017

21 17. Suitable end point maintenance contracts should be in place to ensure the cameras are serviced twice per year and any faults are fixed, the University can extend our end point maintenance contract out, at cost, if required. 18. The CCTV signage will be erected by the company supplying the CCTV system and placed at points around the University in agreement with the Head of Security. The CCTV signs will be supplied by the University of Leicester and will be legally compliant and of corporate design. 22/02/2017 A Gahagan v.1.0 Page 21 Oct 2017

22 Appendix D Hardening the IP Cameras Firstly upgrade to latest CPP firmware. We tested the following settings with common platform CPP4 firmware version The existing practise is to authenticate web access using a common password which is at risk of becoming known. New deployments must use the IP Camera Password Generator script which generates unpredictable, stable passwords based on devices IP addresses. Ensure that passwords are set: User Management: <Set passwords as provided by the IP Camera Password Generator script> General configuration: Time server IP address: , Recording -> Storage Management: Managed by VRM Network -> DHCP: On After applying the following changes the IP cameras will no longer be exposing unsecured network services: Network -> HTTP browser port: Off Network -> Telnet support: Off Network -> Advanced -> Cloud-based services -> Operation: Off Network -> Network Management -> SNMP: Off Network -> Network Management -> UPNP: Off Limit access to the campus network to prevent accidental Internet exposure: Network -> IPv4 Filter -> mask , mask v.1.0 Page 22 Oct 2017