National Security Inspectorate Sentinel House, 5 Reform Road, Maidenhead, SL6 8BY E: nsi@nsi.org.uk | W: nsi.org.uk Page 1 of 13 © NSI 2016 Dated: 20 September 2016 To: 1. All NSI Guarding Gold and Guarding Silver Companies who are approved for the management and operation of CCTV traffic enforcement cameras 2. Applicant Companies who wish to gain approval for the above scope of approval TECHNICAL BULLETIN No: 0033 Guidance on the implementation of BS 7958:2015 Annex D Management and operation of CCTV traffic enforcement cameras within BS 7958, the British Standard Code of Practice for Management and Operation of Closed Circuit Television (CCTV) (Supersedes BS 7958:2009 Annex B) BS 7958:2015 shows a publication date of the 31st August 2015 and is available through licensed outlets including NSI who can supply copies at a discounted rate. Annex D of BS 7958:2015 identifies recommendations for management and operation of CCTV traffic enforcement cameras and organisations that demonstrate compliance with Annex D, and also satisfy the relevant NSI criteria for approval, will be approved for the following scope: “The management and operation of CCTV traffic enforcement cameras, in accordance with the requirements of BS 7958:2015 Annex D and BS 7858:2012”. The 2015 edition of BS 7958 will now be applied to all NSI approval schemes where the criteria for approval requires compliance with BS 7958 as a condition of NSI approval. Annex D of the Standard will be applied with immediate effect, subject to the additional clarifications and guidance contained within this Technical Bulletin. Implementation timescale for Applicant Companies With immediate effect Applicant Companies will be audited against Annex D of the 2015 edition and any Improvement Needs recorded against clauses of the Standard will have to be satisfactorily addressed before approval can be granted. NSI Technical Bulletin No. 0033 Page 2 of 13 © NSI 2016 Implementation timescale for existing Approved Companies Companies holding NSI approval to Annex B of BS 7958:2009 will be expected to upgrade to Annex D of BS 7958:2015 by the end of June 2017. NOTE REGARDING THE STATUS OF BS 7958:2015 Although issued as a code of practice by the British Standards Institution, it is important to note that compliance with the recommendations given in BS 7958:2015 is regarded as mandatory for all companies wishing to maintain an NSI approval with respect to the provision of CCTV services; subject to any additional clarifications and guidance included within this Technical Bulletin or issued subsequently. The recommendations given in BS 7958:2015 Annex D must therefore be regarded as requirements in relation to NSI approval for the management and operation of CCTV traffic enforcement cameras. DETAILS OF THE CHANGES (Highlighted under the clauses of Annex D of the new Standard) Comments under each clause of BS 7958:2015 Annex D consist of a summary of the changes when compared with the corresponding clause within BS 7958:2009 Annex B. Where Annex D refers to a clause within the main body of the standard then changes to that clause are relevant along with any changes to Annex D itself. Where the actual wording of the standard is quoted it is reproduced in bold text. Where it is considered relevant to further clarify the specified requirement, additional guidance is included in italics. We will consider alternative methods of achieving compliance with specified requirements where these can be demonstrated to be equivalent. CONTENTS The contents page of BS 7958 shows that the ten numbered sections have been retained. The heading for section 6 reflects a change of terminology from ‘ CCTV Image Receiving Centre ’ to CCTV control centre and the heading for section 7 reflects a change of terminology from ‘ Response ’ to Incident handling . New annexes have been added and numbering of annexes have been changed as follows: NSI Technical Bulletin No. 0033 Page 3 of 13 © NSI 2016 Where previously Annex A (normative) of BS 7958:2009 related to Contractor responsibilities within BS 7958; Annex A (informative) of BS 7958:2015 now covers Surveillance Camera Code of Practice – 12 guiding principles. Where previously Annex B (normative) of BS 7958:2009 related to Management and operation of CCTV traffic enforcement cameras, Annex B (informative) of BS 7958:2015 now covers Data Protection Act 1998 – 8 guiding principles. Annex C (normative) of BS 7958:2015 now covers Contractor responsibilities within BS 7958. Annex D (normative) of BS 7958:2015 now covers Management and operation of CCTV traffic enforcement cameras. Annex E (normative) of BS 7958:2015 is a new annex covering Contracted remote CCTV control centre responsibilities within BS 7958. These responsibilities were understood to lie within Annex A of the previous standard whereas they are now clarified in the new Annex E. Annexes C, D and E are normative which makes them a formal part of the standard (where applicable to the services provided). The new List of tables consists of two tables: Table A.1 – 12 guiding principles of the Surveillance Camera Code of Practice and Table B.1 – 8 guiding principles of the Data Protection Act 1998. FOREWORD BS 7958:2015 was prepared by BSI Technical Committee GW/3 (Manned security services). The Foreword clarifies that the 2015 edition is a full revision of the Standard, which has been updated to reflect current good practice, and that it supersedes BS 7958:2009, which is withdrawn . INTRODUCTION The introduction includes references to the Protection of Freedoms Act 2012 [4] and the Regulation of Investigatory Powers Act 2000 [5]. A statement has now been included that monitoring for traffic offences does not require a SIA (Security Industry Authority) Licence. However, if operators monitoring for traffic offences, who are employed by organizations providing the service under contract, provide an additional security service involving use of CCTV then they are required to hold the SIA CCTV (Public Space Surveillance) Operator Licence prior to being deployed in contractual security work . Attention is drawn to the Surveillance Camera Code of Practice [7] and its 12 guiding principles, which are applicable to public space CCTV systems. NSI Technical Bulletin No. 0033 Page 4 of 13 © NSI 2016 It is relevant to remind companies that it is a condition of any NSI approval that organisations comply with appropriate legislation and in particular if relevant individuals are not in possession of either the appropriate SIA front-line or non-front-line licences then unless appropriate dispensations have been granted, NSI approval cannot be recommended or maintained. The list of areas where CCTV schemes are used and the public would have a ‘right to visit’ include two new areas i.e. e) sports grounds where access is unrestricted and f) public arenas such as sports stadiums and public places where events are held as an alternative to regular activities in those locations . The following two paragraphs of text have been deleted from the Introduction and incorporated in other relevant places within the new standard: “ This British Standard aims to provide recommendations on best practice to assist users in obtaining reliable information that can be used as evidence. Whilst some schemes might not need to meet the DPA [1] criteria, compliance with the code of practice is strongly recommended, particularly where schemes include an element of observation of the public. “ The clauses on the processing of data within this British Standard are applicable to the storage of recorded images/data from CCTV systems designed to operate normally in observation mode, e.g. garages, small shops, private businesses and private transport. ” 1. SCOPE The clarification of the scope is the inclusion of a sentence under the first paragraph to show that the standard now also applies to the monitoring of and management of public spaces, including automatic number plate recognition (ANPR) and traffic enforcement cameras . The second paragraph now includes the reference to BS 8591 as well as BS 5979. The scope has now been changed to cover also traffic enforcement schemes . The scope now includes that This British Standard takes due regard of the 12 guiding principles of the Surveillance Camera Code of Practice [7] (see Annex A) and the Information Commissioner’s CCTV Cod e of practice [8] and the Data Protection Act 1998 [1] principles (see Annex B). References to the Principles of the Surveillance Camera Code of Practice and the Principles of the Data Protection Act are given throughout the standard. 2. NORMATIVE REFERENCES BS 8591 the code of practice for remote centres receiving signals from alarm systems has been added to the list of reference documents. NSI Technical Bulletin No. 0033 Page 5 of 13 © NSI 2016 3. TERMS AND DEFINITIONS A number of changes have been made in this area. The previous list of 36 definitions has been decreased to 30 by removing definitions not needed. Therefore the reference numbers for some definitions have changed. The new headings and any changes are listed below. 3.1 New title and definition for CCTV control centre (previously CCTV Image Receiving Centre) secure central location for a CCTV scheme, where images are collected, used, disclosed, retained or disposed of The 2009 edition of BS 7958 only included a definition for a “central location for a CCTV scheme, where live images are monitored in real time and which has processing facilities”. 3.2 CCTV scheme There are no changes except the Note has been moved to 3.3. 3.3 CCTV system There are no changes except the Note has been added from 3.2. 3.4 clean tape No change. 3.5 Definition for contractor has been simplified: party contracted by the owner to undertake agreed services 3.6 controlled environment The definition of controller (see 3.6 in the 2009 edition) has been deleted and replaced with staff (see 3.27 in the 2015 edition). Consequently there are changes to the numbering of definitions. The definition for controlled environment has now been replaced with: location in which data that might be offered as evidence are received, stored, reviewed or analysed, including at the CCTV control centre . 3.7 customer No change. 3.8 data No change. NSI Technical Bulletin No. 0033 Page 6 of 13 © NSI 2016 3.9 evidence copy The title of the definition has changed from evidential copy to evidence copy and the word ‘second’ has been removed from the definition, which is as follows: copy taken from the master copy with a clear audit trail which is offered as evidence 3.10 hard print copy No change. 3.11 Definition for incident has been simplified: activity that warrants a response 3.12 New definition for local procedures : documents relating to the processing of aspects of the CCTV scheme 3.13 Slight change to title of definition for manager(s) as there might be more than one manager. 3.14 Revised definition for master copy first copy to be produced, that is designated and documented as such and then stored securely pending its production (if required) at court as an exhibit NOTE All use and movement of the master copy is logged in an audit trail. 3.15 Slight change to the definition for monitoring period as there might be more than one procedure. length of time during which monitoring is carried out as defined by local procedure 3.16 operator No change (was 3.18 in 2009 edition). 3.17 New definition for operator’s log record, including date and time, for a workstation that also includes details of any events, plus details of activities such as maintenance and use 3.18 Revised definition for organization : sole or principal provider of CCTV monitoring services to a particular customer 3.19 owner No significant changes. 3.20 New definition for privacy impact assessment NSI Technical Bulletin No. 0033 Page 7 of 13 © NSI 2016 assessment of the impact a CCTV system has on an individual’s right to privacy NOTE Attention is drawn to the Human Rights Act 1998 [2] and the Data Protection Act 1998 [1]. Further guidance can be found in the Information Commissioner’s Conducting privacy impact assessments code of practice [9]. 3.21 There are no significant changes to the definition for process . However the definition has been made clearer: obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data NOTE This definition is taken from the Data Protection Act 1998 [1]. 3.22 Definition for recorded material has been simplified any data recorded on any medium that has the capacity to store data 3.23 Added wording “irrespective of time” to end of definition for recording material : any medium that has the capacity to store data and from which data can later be recalled, irrespective of time 3.24 Revised definition for recordings : electronic capture of images or data 3.25 remote centre No change. 3.26 secure storage No change. 3.27 New definition for staff personnel involved in the management and operation of CCTV 3.28 Definition for supervisor has been simplified person designated and trained to ensure the required operation of the CCTV scheme and to meet any procedural instruction issued by the owner or manager 3.29 temporary systems No change. 3.30 Definition for working copy has been simplified: NSI Technical Bulletin No. 0033 Page 8 of 13 © NSI 2016 copy of recordings which is used for review. NOTE Also referred to as the “slave copy”. Some definitions from the 2009 edition have been deleted because they are no longer used and some of the definitions have been re-numbered. Annex D (Normative): Management and operation of CCTV traffic enforcement cameras (previously Annex B of BS 7958:2009) Sometimes the Annex states that the recommendations of a particular clause of BS 7958 should be followed in which case this Technical Bulletin draws attention to the changes in the clause compared to the previous 2009 edition of BS 7958. Commentary on Annex D Text has been removed from B.1 (General) of BS 7958:2009 and included in a new Commentary on Annex D of BS 7958:2015. This text is informative and references to the Protection of Freedoms Act 2012 and the Data Protection Act 1998 have been added. D.1 Principles and management of the CCTV scheme D.1.1 Procedures For the purpose of this annex, procedures should be carried out in accordance with 4.3. Clause 4.3.2 on Methods for receiving and viewing data has been revised and expanded into clauses on 4.3.2 Information Security, 4.3.3 Access to data and 4.3.4 Supporting data. 4.3.1 General The last paragraph from the 2009 edition has become the first paragraph of the 2015 edition and has been re-worded as follows: Responsibility and accountability for all CCTV system activities should be clearly set out, and management and reporting functions should be regularly reviewed and audited. NOTE 1 draws attention to Principle 4 of the Surveillance Camera Code of Practice and Principle 7 of the Data Protection Act 1998. Where a CCTV system is used for more than one purpose (for example, crime prevention and detection and also for traffic management), those accountable for each purpose should be identified to facilitate effective joint working and decision making. Other than this, the requirements are unchanged. NSI Technical Bulletin No. 0033 Page 9 of 13 © NSI 2016 4.3.2 Information security This is a new clause containing the following requirements: Policies and procedures should be designed to ensure that any images or data are protected from unauthorized access and retained only until the purpose they have been retained for has been met, after which they should be destroyed. Retention lengths vary due to the purpose of the system but should be proportionate. These timescales should be reviewed on a regular basis in the light of changes to the aims and purpose of the system and in the light of experience. The CCTV scheme should have regard for the physical security of equipment used to store and process images and data. It should also have regard for IT security to ensure that unauthorized access is denied unless the user has the appropriate access level. Each scheme needs to build policies and procedures in terms of both physical and IT security to secure the data being held. These should be reviewed on a regular basis. A new NOTE draws attention to Principles 6 and 9 of the Surveillance Camera Code of Practice and Principles 7 and 8 of the Data Protection Act 1998. 4.3.3 Access to data This is a new clause containing the following requirements: Policies and procedures should be created to ensure that access to recorded images and stored data is restricted. These should also define who can gain access and under what circumstances access is approved and by whom. NOTE 1 states that access to images and data may be provided where permitted by legislation, for example where non-disclosure would be likely to prejudice the prevention and detection of crime or for national security purposes or where disclosure is authorized by a court of competent jurisdiction. There might be other limited reasons where disclosure of images to a third party is appropriate. Attention is drawn to the Data Protection Act 1998, particularly Principle 6. Policies and procedures should be in place to meet requests from individuals about images of themselves to manage those images where third parties are included. In addition there should be policies and procedures to deal with requests from public bodies for data information. The owner should not disclose data without a record of the request and the authorization, which should be retained for a minimum period of 2 years. NOTE 2 draws attention to the Freedom of Information Act 2000 and Principle 7 of the Surveillance Camera Code of Practice. 4.3.4 Supporting data This is a new clause containing the following requirements: NSI Technical Bulletin No. 0033 Page 10 of 13 © NSI 2016 Where data collected by a CCTV scheme are to be used to provide meta data (for example vehicle registration numbers from ANPR cameras or face recognition), the accuracy of information generated or provided from elsewhere such as databases should be regularly assessed to ensure that such data are fit for purpose. Reference data should only be retained for as long as necessary to fulfil the legitimate aims of the scheme. The inclusion of personal information from a reference database might be deemed to be covert surveillance; policies and procedures to identify when this might be the case and methods to manage surveillance should be implemented in schemes where this is appropriate. A new NOTE draws attention to the Regulation of Investigatory Powers Act 2000, Principles 7 and 12 of the Surveillance Camera Code of Practice and Principles 4 and 5 of the Data Protection Act 1998. 4.3.5 Use of temporary systems within the scheme Previously 4.3.3 in the 2009 edition. No changes. D.1.2 Audit For the purpose of this annex, the audit should be carried out in accordance with 4.3.7. Previously 4.4 in the 2009 edition. There are no changes except for a new NOTE 2 that draws attention to Principle 10 of the Surveillance Camera Code of Practice. Item a) has been reworded: a) For CCTV control centres who offer other types of contracted monitoring services with the aim of gaining an emergency response, the control centre should meet the recommendations of BS 5979 or BS 8591. NOTE Refer to the NPCC policy on police requirements and response to security systems [19]. D.1.3 Annual report For the purpose of this annex, the annual report should be prepared in accordance with 4.3.6. Previously 4.5 in the 2009 edition. There are no changes except for additional requirements to be included in the assessment of the scheme’s performance as follows: 4) • an assessment of the scheme’s impact on its objectives, including: • the number of privacy impact assessments completed; NSI Technical Bulletin No. 0033 Page 11 of 13 © NSI 2016 • the number of reviews of footage by police and authorized agencies; and • the number of incidents per camera for the previous twelve months. A new NOTE 2 draws attention to Principle 10 of the Surveillance Camera Code of Practice. D.1.4 Management Responsibilities D.1.4.1 General No changes compared to B.2.4.1 of the 2009 edition. D.1.4.2 Owner For the purpose of this annex, the owner’s responsibilities should be carried out in accordance with 4.4.2. Previously 4.6.2 in the 2009 edition. There are no significant changes compared to B.2.4.2 of the 2009 edition except that the owner is also responsible for carrying out a privacy impact assessment . A new NOTE 3 draws attention to Principles 1 and 9 of the Surveillance Camera Code of Practice and Principle 2 of the Data Protection Act 1998. D.1.4.3 Manager For the purpose of this annex, the manager ’s responsibilities should be carried out in accordance with 4.4.3. Previously 4.6.3 in the 2009 edition. There is a slight change to item g) where “data media” replaces “data medium, e.g. tapes;” The following NOTES have been added to 4.4.3: NOTE 1: Attention is drawn to the Surveillance Camera Code of Practice [7] and Principles 4, 5 and 7 of the Data Protection Act 1998 [1]. NOTE 2: Attention is drawn to the Data Protection Act 1998 [1] in relation to the data controller. D.1.4.4 Supervisor For the purpose of this annex, the supervisor ’s responsibilities should be carried out in accordance with 4.4.4. Previously 4.6.4 in the 2009 edition. NSI Technical Bulletin No. 0033 Page 12 of 13 © NSI 2016 There is a slight, but important, change to the wording in the first paragraph of 4.4.4 of the 2015 edition whereby it is clearer that the supervisor should bring to the immediate attention of the manager any matter affecting operation of the CCTV scheme, including any breach (or suspected breach) of the policy, procedural instructions, security of data or confidentiality . The list of items to be included in data recording systems has been shortened by removal of items a) the tape, or media, register; f) faults and maintenance records; and g) the security of data. The focus is on items that need to be recorded/logged. However the following item has been added to the list; d) the maintenance log Also the following Note has been added: NOTE 2: Attention is drawn to Principles 4 and 7 of the Surveillance Camera Code of Practice [7] and Principles 4 and 7 of the Data Protection Act 1998 [1]. D.1.4.5 Operator For the purpose of this annex, the operator ’s responsibilities should be carried out in accordance with 4.4.5. Previously 4.6.5 in the 2009 edition. The first paragraph of 4.4.5 of the 2015 edition incorporates a change whereby the operator should work under the direction of the owner, manager or supervisor and in accordance with the policy and procedural practices. The addition of the word “supervisor” is intended to reflect true circumstances. This clause has been re-structured to some degree with re-organisation of the order of the text plus some changes to the text as follows: become proficient has been replaced with be proficient . This obviously reflects the need for operators to be proficient rather than at some later time. The following sentence has been added: Operators should have been appropriately screened for handling personal data and images. The kind of screening may vary depending on the requirements of other parties such as the police. The following note has been added: NSI Technical Bulletin No. 0033 Page 13 of 13 © NSI 2016 NOTE Attention is drawn to Principles 2, 6, 7, 8, 9 and 11 of the Surveillance Camera Code of Practice [7], Principles 1, 2, 3, 7 of the Data Protection Act 1998 [1] and the Private Security Industry Act 2001 [6]. The following paragraph has been added: The operator training and screening undertaken should be appropriate to the nature of surveillance camera system they are operating. The wording be trustworthy has been deleted from a different paragraph. This does not mean that operators should not be trustworthy. However it is difficult to detect lack of trustworthiness until something has happened. Therefore trustworthiness was not easily auditable. D.2 Recording equipment There are no changes compared to B.3 of the 2009 edition. D.3 Monitoring of traffic There are some minor editorial changes compared to B.4 of the 2009 edition. Also the reference to the “Rugby” atomic clock in B.4.1 ‘General’ of the 2009 edition has been changed to a time standard using an atomic clock in D.3.1 ‘General’ of the 2015 edition. Figure D.1 There are no changes compared to Figure B.1 of the 2009 edition. Figure D.2 There are no significant changes compared to Figure B.2 of the 2009 edition. D.4 Management of evidence There are no changes compared to B.5 of the 2009 edition. D.5 Working copy There are no significant changes compared to B.6 of the 2009 edition. D.6 Operating personnel selection and training There are no changes compared to B.7 of the 2009 edition. D.7 Documentation There are no changes compared to B.8 of the 2009 edition.