Hello, this is Alex Carmichael again (Chief Executive, SSAIB) reporting from the Commissioner’s Standard Strand. Before I get into this update blog I would like to thank all those representatives who attend the Standard Strand meeting and the organisations that allow them to come. It is only by their dedication that the work of this strand can move forward.
So, what are we up to and what are you going to see in the future? Well there are a number of areas we are working on to support the National Surveillance Camera Strategy.
The first is best practice guidance for in-house monitoring centres, monitoring their own camera systems. Such centres do not have to meet any requirements, except the Data Protection Act. It was felt (on advice from Ilker Dervish, NASCAM) that providing best practice guidance would aid in-house monitoring centres understand how they should secure, manage and operate such a centre. It will also help them meet the Surveillance Camera Code of Practice. The guidance will be split into two parts; a mandatory element which the monitoring centre should aim to meet, and a desirable element which will enable it to meet the published standards. This guidance is being put together in conjunction with the National Association of Surveillance Camera Managers (NASCAM) to whom the Standard Strand are very grateful.
On the installer front, we have decided to use the term “Service Provider” to mean integrator, installer or maintenance company, as this is the term used in the eagerly expected Surveillance Camera Commissioner’s Buyers Toolkit, which I know you cannot wait to get your hands on. For Service Providers we are putting together requirements based on current good practice, using the applicable standards stated on Tony’s web site (https://www.gov.uk/guidance/recommended-standards-for-the-cctv-industry) and enabling 3rd party certification of Service Providers to the applicable standards and current (to be amended) service requirements taken from the NPCC Guidelines on Police Requirements & Response to Security Systems, See Appendix S clause III (See: http://www.securedbydesign.com/security-systems-policy/). The Standards Strand is using the NPCC policy for the draft service requirements as these are what many CCTV Service Providers are currently certificated to.
On the wider monitoring centre front, the Standards Strand is putting together CCTV monitoring centre requirements, similar to the Service Provider above, using the same applicable standards
on Tony’s web site (https://www.gov.uk/guidance/recommended-standards-for-the-cctv-industry) as well as using an amended Appendix S, Clause III of the NPCC Guidelines on Police Requirements & Response to Security Systems (See above) for monitoring centres. The aim is to enable all types of monitoring centres to meet necessary requirements and, if they wish, to have 3rd Party Certification.
Two issues that have come to the forefront over the past year, the first is the introduction of the GDPR, which is being included into UK legislation and is going through Parliament (currently at the Commons report stage) as the updated Data Protection Bill and is expected to be published soon as the new revised Data Protection Act. Strong data protection (Privacy) is something the Standards Strand is very conscious of. From privacy by design from CCTV manufacturers, for service providers it means reviewing how they process personal data, for CCTV monitoring centres it means reviewing their current data protection procedures, storage and retrieval procedures and for consultants it is reviewing how they manage the personal data they hold on behalf of their clients.
The Standards Strand has been looking at Cyber Security (Mike Gillespie has the cyber lead) on what the Cyber requirements are for the various work streams within the Standards Strand. Both Mike and Buzz Coates have been working hard to ensure that the message gets out to all, that Cyber security needs to be included in all aspects of a surveillance camera system. Cyber security is something the Commissioner is passionate about and the strand is working hard to incorporate the appropriate guidance on cyber into his guidance and requirements.
CCTV Consultants is an area that the Standards Strand are working on, in conjunction with the Association of Security Consultants (Big thanks to Jon Laws and Andrew Sieradzki). One of the first issues that is still being debated, is what is a consultant!! To get around this it has been proposed that the requirements for a CCTV designer are developed (Not using the term “consultant”, this will then set the bench mark for any CCTV designer).
Through the good offices of CAST (ex HOSDB) and now part of Dstl (come on, keep up or are you as confused as we are with all the name changes?), the strand is looking at new technologies coming through and where practical and possible looking at standards or guidance for such technologies. Not an easy task, as many of the requirements for new technologies have many privacy issues that should be dealt with first by the ICO, as this will give the Standards Strand a framework to base technical guidance on a strong privacy foundation.
As you can see life is interesting in the Standards Strand with a diverse work load and many challengers, yet all the participants give their time up for free, but they all have the same goal in supporting the Commissioner to ensure CCTV in the UK meets end users needs by providing privacy by design supported by a standards and guidance framework.