National Security Inspectorate Sentinel House, 5 Reform Road, Maidenhead, SL6 8BY E: nsi@nsi.org.uk | W: nsi.org.uk Page 1 of 19 © NSI 2016 Dated: 17 June 2016 To: 1. All NSI Guarding Gold and Silver Companies who are approved for the provision of security screened and trained personnel to conduct CCTV monitoring activities 2. Applicant Companies who wish to gain approval for the above scope of approval TECHNICAL BULLETIN No: 0030 Guidance on the implementation of BS 7958:2015 Annex C Contractor responsibilities within BS 7958, the British Standard Code of Practice for Management and Operation of Closed Circuit Television (CCTV) (Supersedes BS 7958:2009 Annex A) BS 7958:2015 shows a publication date of the 31st August 2015 and is available through licensed outlets including NSI who can supply copies at a discounted rate. Annex C of BS 7958:2015 identifies contractor responsibilities within BS 7958 and contractors that demonstrate compliance with Annex C, and also satisfy the relevant NSI criteria for approval will be approved for the following scope: “The provision of security screened and trained personnel to conduct Closed Circuit Television (CCTV) monitoring activities, in accordance with the requirements of BS 7958:2015 Annex C and BS 7858: 2012”. The 2015 edition of BS 7958 will now be applied to all NSI approval schemes where the criteria for approval requires compliance with BS 7958 as a condition of NSI approval. Annex C of the Standard will be applied with immediate effect, subject to the additional clarifications and guidance contained within this Technical Bulletin. NSI Technical Bulletin No. 0030 Page 2 of 19 © NSI 2016 Implementation timescale for Applicant Companies With immediate effect Applicant Companies will be audited against Annex C of the 2015 edition and any Improvement Needs recorded against clauses of the Standard will have to be satisfactorily addressed before approval can be granted. Implementation timescale for existing Approved Companies Companies holding NSI approval to Annex A of BS 7958:2009 will be expected to upgrade to Annex C of BS 7958:2015 by the end of June 2017. NOTE REGARDING THE STATUS OF BS 7958:2015 Although issued as a code of practice by the British Standards Institution, it is important to note that compliance with the recommendations given in BS 7958:2015 is regarded as mandatory for all companies wishing to maintain an NSI approval with respect to the provision of CCTV services; subject to any additional clarifications and guidance included within this Technical Bulletin or issued subsequently. The recommendations given in BS 7958:2015 Annex C must therefore be regarded as requirements in relation to NSI approval for provision of security screened and trained personnel to conduct CCTV monitoring activities. DETAILS OF THE CHANGES (Highlighted under the clauses of the new Standard) Comments under each clause of BS 7958:2015 Annex C consist of a summary of the main changes when compared with the corresponding clause within BS 7958:2009 Annex A. Where Annex C refers to a clause within the main body of the standard then changes to that clause are relevant along with any changes to Annex C itself. Where the actual wording of the standard is quoted it is reproduced in bold text. Where it is considered relevant to further clarify the specified requirement, additional guidance is included in italics. We will consider alternative methods of achieving compliance with specified requirements where these can be demonstrated to be equivalent. A summary of the main changes to be implemented is given in a section called “Summary of the Main Changes” at the end of the document. NSI Technical Bulletin No. 0030 Page 3 of 19 © NSI 2016 CONTENTS The contents page of BS 7958 shows that the ten numbered sections have been retained. The heading for section 6 reflects a change of terminology from ‘ CCTV Image Receiving Centre ’ to CCTV control centre and the heading for section 7 reflects a change of terminology from ‘ Response ’ to Incident handling . New annexes have been added and numbering of annexes have been changed as follows: Where previously Annex A (normative) of BS 7958:2009 related to Contractor responsibilities within BS 7958; Annex A (informative) of BS 7958:2015 now covers Surveillance Camera Code of Practice – 12 guiding principles. Where previously Annex B (normative) of BS 7958:2009 related to Management and operation of CCTV traffic enforcement cameras, Annex B (informative) of BS 7958:2015 now covers Data Protection Act 1998 – 8 guiding principles. Annex C (normative) of BS 7958:2015 now covers Contractor responsibilities within BS 7958. Annex D (normative) of BS 7958:2015 now covers Management and operation of CCTV traffic enforcement cameras. Annex E (normative) of BS 7958:2015 is a new annex covering Contracted remote CCTV control centre responsibilities within BS 7958. These responsibilities were understood to lie within Annex A of the previous standard whereas they are now clarified in the new Annex E. Annexes C, D and E are normative which makes them a formal part of the standard (where applicable to the services provided). The new List of tables consists of two tables: Table A.1 – 12 guiding principles of the Surveillance Camera Code of Practice and Table B.1 – 8 guiding principles of the Data Protection Act 1998. FOREWORD BS 7958:2015 was prepared by BSI Technical Committee GW/3 (Manned security services). The Foreword clarifies that the 2015 edition is a full revision of the Standard, which has been updated to reflect current good practice, and that it supersedes BS 7958:2009, which is withdrawn . INTRODUCTION The introduction includes references to the Protection of Freedoms Act 2012 [4] and the Regulation of Investigatory Powers Act 2000 [5]. NSI Technical Bulletin No. 0030 Page 4 of 19 © NSI 2016 A statement has now been included that monitoring for traffic offences does not require a SIA (Security Industry Authority) Licence. However, if operators monitoring for traffic offences, who are employed by organizations providing the service under contract, provide an additional security service involving use of CCTV then they are required to hold the SIA CCTV (Public Space Surveillance) Operator Licence prior to being deployed in contractual security work . Attention is drawn to the Surveillance Camera Code of Practice [7] and its 12 guiding principles, which are applicable to public space CCTV systems. It is relevant to remind companies that it is a condition of any NSI approval that organisations comply with appropriate legislation and in particular if relevant individuals are not in possession of either the appropriate SIA front-line or non-front-line licences then unless appropriate dispensations have been granted, NSI approval cannot be recommended or maintained. The list of areas whe re CCTV schemes are used and the public would have a ‘right to visit’ include two new areas i.e. e) sports grounds where access is unrestricted and f) public arenas such as sports stadiums and public places where events are held as an alternative to regular activities in those locations . The following two paragraphs of text have been deleted from the Introduction and incorporated in other relevant places within the new standard: “ This British Standard aims to provide recommendations on best practice to assist users in obtaining reliable information that can be used as evidence. Whilst some schemes might not need to meet the DPA [1] criteria, compliance with the code of practice is strongly recommended, particularly where schemes include an element of observation of the public. “ The clauses on the processing of data within this British Standard are applicable to the storage of recorded images/data from CCTV systems designed to operate normally in observation mode, e.g. garages, small shops, private businesses and private transport. ” 1. SCOPE The clarification of the scope is the inclusion of a sentence under the first paragraph to show that the standard now also applies to the monitoring of and management of public spaces, including automatic number plate recognition (ANPR) and traffic enforcement cameras . The second paragraph now includes the reference to BS 8591 as well as BS 5979. The scope has now been changed to cover also traffic enforcement schemes . The scope now includes that This British Standard takes due regard of the 12 guiding principles of the Surveillance Camera Code of Practice [7] (see Annex A) and the Information NSI Technical Bulletin No. 0030 Page 5 of 19 © NSI 2016 Commissioner’s CCTV Code of practice [8] and the Data Protection Act 1998 [1] principles (see Annex B). References to the Principles of the Surveillance Camera Code of Practice and the Principles of the Data Protection Act are given throughout the standard. 2. NORMATIVE REFERENCES BS 8591 the code of practice for remote centres receiving signals from alarm systems has been added to the list of reference documents. 3. TERMS and DEFINITIONS A number of changes have been made in this area. The previous list of 36 definitions has been decreased to 30 by removing definitions not needed. Therefore the reference numbers for some definitions have changed. The new headings and any changes are listed below. 3.1 New title and definition for CCTV control centre (previously CCTV Image Receiving Centre) secure central location for a CCTV scheme, where images are collected, used, disclosed, retained or disposed of The 2009 edition of BS 7958 only included a definition for a “central location for a CCTV scheme, where live images are monitored in real time and which has processing facilities”. 3.2 CCTV scheme There are no changes except the Note has been moved to 3.3. 3.3 CCTV system There are no changes except the Note has been added from 3.2. 3.4 clean tape No change. 3.5 Definition for contractor has been simplified: party contracted by the owner to undertake agreed services 3.6 controlled environment The definition of controller (see 3.6 in the 2009 edition) has been deleted and replaced with staff (see 3.27 in the 2015 edition). Consequently there are changes to the numbering of definitions. NSI Technical Bulletin No. 0030 Page 6 of 19 © NSI 2016 The definition for controlled environment has now been replaced with: location in which data that might be offered as evidence are received, stored, reviewed or analysed, including at the CCTV control centre . 3.7 customer No change. 3.8 data No change. 3.9 evidence copy The title of the definition has changed from evidential copy to evidence copy and the word ‘second’ has been removed from the definition, which is as follows: copy taken from the master copy with a clear audit trail which is offered as evidence 3.10 hard print copy No change. 3.11 Definition for incident has been simplified: activity that warrants a response 3.12 New definition for local procedures : documents relating to the processing of aspects of the CCTV scheme 3.13 Slight change to title of definition for manager(s) as there might be more than one manager. 3.14 Revised definition for master copy first copy to be produced, that is designated and documented as such and then stored securely pending its production (if required) at court as an exhibit NOTE All use and movement of the master copy is logged in an audit trail. 3.15 Slight change to the definition for monitoring period as there might be more than one procedure. length of time during which monitoring is carried out as defined by local procedure 3.16 operator No change (was 3.18 in 2009 edition). NSI Technical Bulletin No. 0030 Page 7 of 19 © NSI 2016 3.17 New definition for operator’s log record, including date and time, for a workstation that also includes details of any events, plus details of activities such as maintenance and use 3.18 Revised definition for organization : sole or principal provider of CCTV monitoring services to a particular customer 3.19 owner No significant changes. 3.20 New definition for privacy impact assessment assessment of the impact a CCTV system has on an individual’s right to privac y NOTE Attention is drawn to the Human Rights Act 1998 [2] and the Data Protection Act 1998 [1]. Further guidance can be found in the Information Commissioner’s Conducting privacy impact assessments code of practice [9]. 3.21 There are no significant changes to the definition for process . However the definition has been made clearer: obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data NOTE This definition is taken from the Data Protection Act 1998 [1]. 3.22 Definition for recorded material has been simplified any data recorded on any medium that has the capacity to store data 3.23 Added wording “irrespective of time” to end of definiti on for recording material : any medium that has the capacity to store data and from which data can later be recalled, irrespective of time 3.24 Revised definition for recordings : electronic capture of images or data 3.25 remote centre No change. 3.26 secure storage No change. NSI Technical Bulletin No. 0030 Page 8 of 19 © NSI 2016 3.27 New definition for staff personnel involved in the management and operation of CCTV 3.28 Definition for supervisor has been simplified person designated and trained to ensure the required operation of the CCTV scheme and to meet any procedural instruction issued by the owner or manager 3.29 temporary systems No change. 3.30 Definition for working copy has been simplified: copy of recordings which is used for review. NOTE Also referred to as the “slave copy”. Some definitions from the 2009 edition have been deleted because they are no longer used and some of the definitions have been re-numbered. Annex C (Normative): Contractor responsibilities within BS 7958 (previously Annex A of BS 7958:2009) Very often the Annex states that the recommendations of a particular clause of BS 7958 should be followed in which case this Technical Bulletin draws attention to the changes in the clause compared to the previous 2009 edition of BS 7958. Commentary on Annex C Some text has been removed from A.1 (General) of BS 7958:2009 and included in a new Commentary on Annex C of BS 7958:2015. This text is informative. Reference to the Protection of Freedoms Act 2012 [4] has been added. In addition, the commentary has the following new paragraph Attention is drawn to the Surveillance Camera Code of Practice [7] and its principles which are applicable to public space CCTV systems. The Protection of Freedoms Act required the post of Surveillance Camera Commissioner to be created and led to the need for a Code of Practice for CCTV, which was published by the Home Office as the Surveillance Camera Code of Practice. C.1 General Item a) has been reworded: NSI Technical Bulletin No. 0030 Page 9 of 19 © NSI 2016 a) For CCTV control centres who offer other types of contracted monitoring services with the aim of gaining an emergency response, the control centre should meet the recommendations of BS 5979 or BS 8591. NOTE Refer to the NPCC policy on police requirements and response to security systems [19]. C2 Principles and management of the CCTV scheme C.2.1 Management Responsibilities C.2.1.1 Manager The recommendations of 4.4.3 should be followed . There is a slight change to item g) where “data media” replaces “data medium, e.g. tapes;” The following NOTES have been added to 4.4.3: NOTE 1: Attention is drawn to the Surveillance Camera Code of Practice [7] and Principles 4, 5 and 7 of the Data Protection Act 1998 [1]. NOTE 2: Attention is drawn to the Data Protection Act 1998 [1] in relation to the data controller. C.2.1.2 Supervisor The recommendations of 4.4.4 should be followed. There is a slight, but important, change to the wording in the first paragraph of 4.4.4 whereby it is clearer that the supervisor should bring to the immediate attention of the manager any matter affecting operation of the CCTV scheme, including any breach (or suspected breach) of the policy, procedural instructions, security of data or confidentiality . The list of items to be included in data recording systems has been shortened by removal of items a) the tape, or media, register; f) faults and maintenance records; and g) the security of data. The focus is on items that need to be recorded/logged. However the following item has been added to the list; d) the maintenance log Also the following Note has been added: NOTE 2: Attention is drawn to Principles 4 and 7 of the Surveillance Camera Code of Practice [7] and Principles 4 and 7 of the Data Protection Act 1998 [1]. NSI Technical Bulletin No. 0030 Page 10 of 19 © NSI 2016 C.2.1.3 Operator The recommendations of 4.4.5 should be followed. The first paragraph incorporates a change whereby the operator should work under the direction of the owner, manager or supervisor and in accordance with the policy and procedural practices. The addition of the word “supervisor” is intended to reflect true circumstances. This clause has been re-structured to some degree with re-organisation of the order of the text plus some changes to the text as follows: become proficient has been replaced with be proficient . This obviously reflects the need for operators to be proficient rather than at some later time. The following sentence has been added: Operators should have been appropriately screened for handling personal data and images. The kind of screening may vary depending on the requirements of other parties such as the police. The following note has been added: NOTE Attention is drawn to Principles 2, 6, 7, 8, 9 and 11 of the Surveillance Camera Code of Practice [7], Principles 1, 2, 3, 7 of the Data Protection Act 1998 [1] and the Private Security Industry Act 2001 [6]. The following paragraph has been added: The operator training and screening undertaken should be appropriate to the nature of surveillance camera system they are operating. The wording be trustworthy has been deleted from a different paragraph. This does not mean that operators should not be trustworthy. However it is difficult to detect lack of trustworthiness until something has happened. Therefore trustworthiness was not easily auditable. C.2.2 Personnel The recommendations of Clause 5 should be followed. Commentary on Clause 5 – No change other than editorial. 5.1 Security Screening No significant changes other than the inclusion of the word images in relation to employment that might involve the acquisition of such information. NSI Technical Bulletin No. 0030 Page 11 of 19 © NSI 2016 This emphasises the signi ficance of “images” in the context of CCTV and the need to security screen all personnel whose employment involves access to images as well as other kinds of information. 5.2 Recruitment and Selection No change. 5.3 Training The previous sub-clause headings 5.3.1 (General) and 5.3.2 (Plan) have been removed to leave the main heading (5.3) and the order of the text has been changed. The 2009 edition used the terms “ employees ” and “ staff ” and these were not defined. In order to provide a clearer set of requirements t he term “staff” has been defined (see 3.27 in the 2015 edition) and the term “employees” has been withdrawn. The new clause 5.3 opens with a revised paragraph as follows: New staff should be supervised until the training is complete. Training should be carried out by suitably qualified persons. The 2009 edition stated that there should be a formal training plan that includes information on the following and in a sense it was difficult to draw the line in terms of what formal means. This position has been simplified to Training should include the following and then there is a list of items to be included. The list of training items is the same as in the 2009 edition apart from the following: Expansion of item e): e) all relevant legal issues and codes of practice, e.g. the Surveillance Camera Code of Practice [7] and the Information Commissioner’s CCTV Code of Practice [8]; Removal of item f): f) the progression to nationally recognized qualifications, e.g. NVQ, SVQ, City & Guilds; The NOTE has been revised: NOTE 1: BS 7499, BS 5979 and BS 8591 give further guidance on training. The following statement has been deleted: “ A minimum period of training should be stated that is appropriate to ensure at least the minimum competence to carry out the specified duties. ” This has been replaced with a clearer statement: The period of training should be sufficient to ensure that staff are able to carry out the specified duties . NSI Technical Bulletin No. 0030 Page 12 of 19 © NSI 2016 Conversion of NOTE 1 in the 2009 edition to normative text: Good training is essential to achieve effective and proper use of CCTV; the operator should be trained to be able to react to potential incidents, to monitor the event accurately and not lose information that could be pertinent to any future investigation. NOTE 2 has been added to the 2015 edition: NOTE 2 Attention is drawn to the Criminal Procedure and Investigation Act 1996 [12], which lists procedures that ensure all relevant information, including that which could substantiate the case for the defence, is catalogued. C.2.3 CCTV Control Centre C.2.3.1 General The recommendations of 6.1 should be followed. References to CCTV Image Receiving Centre have been replaced with CCTV control centre . The following change of text has been made: Toilet and kitchen facilities for CCTV control centre staff should be provided. The standard does not stipulate these facilities need to be inside the CCTV control centre. There is a new second paragraph which states: The needs of lone workers in single staffed CCTV control centres should be taken into account. NOTE 1 See BS 8484 for guidance on the provision of lone worker device services. This would include means for raising the alarm in case of a medical emergency affecting a lone CCTV control centre operator. There is a change of text from “have the means for direct communication with the law enforcement agencies” to have the means of communication with the emergency services . This avoids the need to interpret the meanin g of “direct”. The need to sign a visitors’ log now applies to entering and exiting the CCTV control centre. The standard now states law enforcement agency officers should be granted the right to enter the CCTV control centre at any time for liaison and security objectives. The following note has been added: NSI Technical Bulletin No. 0030 Page 13 of 19 © NSI 2016 NOTE In a centre which conforms to BS 5979 and BS 8591, adherence to the access protocols is required by law enforcement agencies. This means law enforcement agencies must adhere to the access protocols just like any other party. C.2.3.2 Health and safety The recommendations of 6.3 should be followed. The first paragraph has been re-worded as follows: The shift patterns should be documented and sufficient breaks should be included to ensure the health and productivity of the operating staff. The main change here is the requirement to document shift patterns and show how sufficient breaks are included. The following notes have been added. NOTE 2 Attention is drawn to the Health and Safety (Display Screen Equipment) Regulations 1992 [14], Regulation 4. NOTE 3 Attention is drawn to the Working Time (Amendment) Regulations 2002 [11]. C.2.4 Response C.2.4.1 Incident Policy No changes. C.2.4.2 Time scale of the response No changes. C.2.4.3 When observation and/or recording is needed The recommendations of 7.5 should be followed. Clause 7.5 of the 2015 standard has been re-worded as follows: The local procedures should indicate the times at which incident observation and/or recording is needed. NOTE The local procedures might include the time immediately after an incident (direct incident response), for example: a) Until arrest/curtailment; or b) During a whole incident, initiated by an alarm. NSI Technical Bulletin No. 0030 Page 14 of 19 © NSI 2016 The list of guidelines b) 1) to b) 9) in the 2009 edition relating to non-incident related issues has been withdrawn since the focus is on response to incidents. C.2.5 Privacy and disclosure issues The following paragraph has been added to this section: Managers should ensure that the recommendations of Clause 8 are followed whenever they are carried out by the contracted personnel. Also the NOTE has been extended to include the Protection of Freedoms Act 2012 [4] . The following sentence has been deleted from the first paragraph of 8.3 (Subject access disclosure (a named subject)): “ The owner should ensure that the requested data has no connection with any existing data held by law enforcement agencies. ” The reason is that it might not be possible to know this in all cases. The last paragraph of 8.3 of the 2009 edition, along with NOTE 3, regarding search requests has been converted into an informative NOTE in the new edition. NOTES have been extended to include references to Principles of the Data Protection Act, Principles of the Surveillance Camera Code of Practice and BS ISO 27001 for guidance on information security. There are no other significant changes to Clause 8 (Privacy and disclosure issues). C.2.6 Recorded material register C.2.6.1 Media Use, storage and disposal The recommendations of 9.2 should be followed. There are no changes. C.2.6.2 Making Recordings The recommendations of 9.4 should be followed. There are no significant changes. The word “efficiently” has been replaced with “correctly” in item 9.4 a) of the new standard. The last paragraph in the 2009 edition has been split into a requirement and a NOTE. The requirement reads: All documentation should be auditable. NSI Technical Bulletin No. 0030 Page 15 of 19 © NSI 2016 The NOTE reads: NOTE When using digital CCTV systems, see the processes outlining the export of media in Digital imaging procedure [16] and UK Police Requirements for Digital CCTV Systems [17]. C.2.6.3 Tape loading/unloading for analogue CCTV systems The recommendations of 9.5 should be followed. There are no changes. C.2.7 Documentation C.2.7.1 Logs The recommendations of 10.2 should be followed. There are no significant changes. The word contractual has been deleted from 10.2 d). C.2.7.2 Administration documents The recommendations of 10.3 should be followed. There are no changes to this section apart from the following note being added: NOTE Attention is drawn to Principle 6 of the Data Protection Act 1998 [1] and Principle 7 of the Surveillance Camera Code of Practice [7]. NSI Technical Bulletin No. 0030 Page 16 of 19 © NSI 2016 SUMMARY OF THE MAIN CHANGES (Highlighted under the clauses of the new Standard) This section is intended to focus on the main changes to be implemented. Comments under each clause of BS 7958:2015 Annex C consist of a summary of the main changes when compared with the corresponding clause within BS 7958:2009 Annex A. Where the actual wording of the standard is quoted it is reproduced in bold text. Where it is considered relevant to further clarify the specified requirement, additional guidance is included in italics. We will consider alternative methods of achieving compliance with specified requirements where these can be demonstrated to be equivalent. Annex C (Normative): Contractor responsibilities within BS 7958 (previously Annex A of BS 7958:2009) Commentary on Annex C Reference to the Protection of Freedoms Act 2012 [4] has been added. In addition, the commentary has the following new paragraph Attention is drawn to the Surveillance Camera Code of Practice [7] and its principles which are applicable to public space CCTV systems. C.2.1.2 Supervisor There is a slight, but important, change to the wording in the first paragraph of 4.4.4 whereby it is clearer that the supervisor should bring to the immediate attention of the manager any matter affecting operation of the CCTV scheme, including any breach (or suspected breach) of the policy, procedural instructions, security of data or confidentiality . C.2.1.3 Operator This clause has been re-structured to some degree with re-organisation of the order of the text plus some changes to the text as follows: Operators should be proficient in the control of cameras and operation of all equipment forming part of the CCTV scheme . The following sentence has been added: Operators should have been appropriately screened for handling personal data and images. The kind of screening may vary depending on the requirements of other parties such as the police. NSI Technical Bulletin No. 0030 Page 17 of 19 © NSI 2016 The following paragraph has been added: The operator training and screening undertaken should be appropriate to the nature of surveillance camera system they are operating. C.2.2 Personnel 5.1 Security Screening No significant changes other than the inclusion of the word images in relation to employment that might involve the acquisition of such information. This emphasises the significance of “images” in the context of CCTV and the need to sec urity screen all personnel whose employment involves access to images as well as other kinds of information. 5.3 Training The new clause 5.3 opens with a revised paragraph as follows: New staff should be supervised until the training is complete. Training should be carried out by suitably qualified persons. The 2009 edition stated that there should be a formal training plan that includes information on the following and in a sense it was difficult to draw the line in terms of what formal means. This position has been simplified to Training should include the following and then there is a list of items to be included. The list of training items is the same as in the 2009 edition apart from the following: Expansion of item e): e) all relevant legal issues and codes of practice, e.g. the Surveillance Camera Code of Practice [7] and the Information Commissioner’s CCTV Code of Practice [8]; The following statement has been deleted: “ A minimum period of training should be stated that is appropriate to ensure at least the minimum competence to carry out the specified duties. ” This has been replaced with a clearer statement: The period of training should be sufficient to ensure that staff are able to carry out the specified duties . Conversion of NOTE 1 in the 2009 edition to normative text: Good training is essential to achieve effective and proper use of CCTV; the operator should be trained to be able to react to potential incidents, to monitor the event accurately and not lose information that could be pertinent to any future investigation. NSI Technical Bulletin No. 0030 Page 18 of 19 © NSI 2016 C.2.3 CCTV Control Centre C.2.3.1 General References to CCTV Image Receiving Centre have been replaced with CCTV control centre . The following change of text has been made: Toilet and kitchen facilities for CCTV control centre staff should be provided. The standard does not stipulate these facilities need to be inside the CCTV control centre. There is a new second paragraph which states: The needs of lone workers in single staffed CCTV control centres should be taken into account. NOTE 1 See BS 8484 for guidance on the provision of lone worker device services. This would include means for raising the alarm in case of a medical emergency affecting a lone CCTV control centre operator. The need to sign a visitors’ log now applies to entering and exiting the CCTV control centre. The standard now states law enforcement agency officers should be granted the right to enter the CCTV control centre at any time for liaison and security objectives. The following note has been added: NOTE In a centre which conforms to BS 5979 and BS 8591, adherence to the access protocols is required by law enforcement agencies. This means law enforcement agencies must adhere to the access protocols just like any other party. C.2.3.2 Health and safety The first paragraph has been re-worded as follows: The shift patterns should be documented and sufficient breaks should be included to ensure the health and productivity of the operating staff. The main change here is the requirement to document shift patterns and show how sufficient breaks are included. C.2.4 Response C.2.4.3 When observation and/or recording is needed Clause 7.5 of the 2015 standard has been re-worded as follows: NSI Technical Bulletin No. 0030 Page 19 of 19 © NSI 2016 The local procedures should indicate the times at which incident observation and/or recording is needed. NOTE The local procedures might include the time immediately after an incident (direct incident response), for example: c) Until arrest/curtailment; or d) During a whole incident, initiated by an alarm. The list of guidelines b) 1) to b) 9) in the 2009 edition relating to non-incident related issues has been withdrawn since the focus is on response to incidents. C.2.5 Privacy and disclosure issues The following paragraph has been added to this section: Managers should ensure that the recommendations of Clause 8 are followed whenever they are carried out by the contracted personnel. C.2.6 Recorded material register C.2.6.2 Making Recordings The last paragraph in the 2009 edition has been split into a requirement and a NOTE. The requirement reads: All documentation should be auditable. The NOTE reads: NOTE When using digital CCTV systems, see the processes outlining the export of media in Digital imaging procedure [16] and UK Police Requirements for Digital CCTV Systems [17].