administered by BS 8418: 2015 Installation and remote monitoring of detector-activated CCTV systems Code of practice SB 01.2015 Version 1
IMPORTANT NOTICE This document has been developed through RISCAuthority and published by the Fire Protection Association (FPA). RISCAuthority membership comprises a group of UK insurers that actively support a number of expert working groups developing and promulgating best practice for the protection of people, property, business and the environment from loss due to fire and other risks. The technical expertise for this document has been provided by the Technical Directorate of the FPA, external consultants, and experts from the insurance industry who together form the various RISCAuthority Working Groups. Although produced with insurer input it does not (and is not intended to) represent a paninsurer perspective. Individual insurance companies will have their own requirements which may be different from or not reflected in the content of this document. FPA has made extensive efforts to check the accuracy of the information and advice contained in this document and it is believed to be accurate at the time of printing. However, FPA makes no guarantee, representation or warranty (express or implied) as to the accuracy or completeness of any information or advice contained in this document. All advice and recommendations are presented in good faith on the basis of information, knowledge and technology as at the date of publication of this document. Without prejudice to the generality of the foregoing, FPA makes no guarantee, representation or warranty (express or implied) that this document considers all systems, equipment and procedures or state-of-the-art technologies current at the date of this document. Use of, or reliance upon, this document, or any part of its content, is voluntary and is at the user s own risk. Anyone considering using or implementing any recommendation or advice within this document should rely on his or her own personal judgement or, as appropriate, seek the advice of a competent professional and rely on that professional s advice. Nothing in this document replaces or excludes (nor is intended to replace or exclude), entirely or in part, mandatory and/ or legal requirements howsoever arising (including without prejudice to the generality of the foregoing any such requirements for maintaining health and safety in the workplace). Except to the extent that it is unlawful to exclude any liability, FPA accepts no liability whatsoever for any direct, indirect or consequential loss or damage arising in any way from the publication of this document or any part of it, or any use of, or reliance placed on, the content of this document or any part of it. 2 Security Bulletin
Contents 1 Key changes........................................ 2 1.1 Introduction....................................................... 2 1.2 Data transmission/signalling........................................... 2 1.3 Tamper detection................................................... 2 1.4 Power supplies..................................................... 2 Table 1: Key changes................................................... 3 Appendix 1 Tamper detection recommendations...................... 6 Installation and remote monitoring of detector-activated CCTV systems Code of practice 1
1 Key changes 1.1 Introduction A revised version of BS 8418 Installation and remote monitoring of detector-activated CCTV systems Code of practice has been published after a full review. This bulletin draws attention to the more significant changes of interest to a specifier, such as an insurer. It also updates RISCAuthority guidance document S23: Guidance for specifiers of CCTV in security applications in which it was explained that this sector of the CCTV security industry had raised concerns that the previous version of BS 8418 contained requirements that were so excessive that very few conforming systems had been certificated. The industry s frustrations fell essentially under the following three headings: data transmission/signalling: in a nutshell, the text dealing with this in the previous version was incomprehensible ; tamper detection: the requirement for anti-masking detectors was considered excessive for the average installation; and power supplies: the requirement for an uninterruptible power supply (UPS) was considered unnecessary. The principal objectives of the revision were therefore to: reduce the high cost of a conforming BS 8418 installation; relax perceived onerous requirements; and build in a little more flexibility to reflect current industry practice. Table 1 sets out the key changes with potential implications for a stakeholder, such as an insurer, included in the comment column. Included in these changes are certain of the relaxations necessary to address the industry s concerns identified in document S23 and these have the following effects: 1.2 Data transmission/signalling The revised version of the standard describes only one transmission path (two previously required) and the document no longer discusses the technologies that might be employed (radio, landline etc). 1.3 Tamper detection Anti-masking detectors are no longer mandatory for all systems but are recommended in high security applications. 1.4 Power supplies The requirements for power supplies have been significantly relaxed, and standby power is now required to support the control equipment and data transmission devices for a minimum period of just 30m, because it is assumed that remedial action will be taken quickly on receipt of a power failure alert; resort to a UPS is recommended if suggested by the risk assessment. Detector activated (DA) CCTV is used in many challenging security situations, notably where property in the open is vulnerable without adequate physical security. However, many of the relaxations described in this bulletin challenge any assumption that DA CCTV is a high security solution without an upgrade of equipment and procedures on a case-by-case basis. Whilst this certainly can be done, it undeniably demands time, effort and attention to detail. 2 Security Bulletin
Table 1: Key changes Change An as fitted document is now required. It is accepted in the new version that a camera can serve as a detector, eg through the process of video analytics. Requirements for the integrity of channels between the control equipment and wired and semi-wired detectors have been dropped. They included the need for a communication protocol that had 10,000,000 or more variations randomly generated by the CCTV system. An incident was previously defined as requiring an emergency response and/or of actual criminal activity but now requires only unauthorised access. A threat assessment and risk analysis must be undertaken and an operational requirement generated a key document for system designers, which clearly defines the functions of the CCTV system according to the customer expectations. It had not been clear that the standard applies to all DA CCTV systems. The fact that a system might be, totally or in part, temporary and/or portable does not allow the supplier to claim BS 8418 status without conforming to all the requirements. This has been clarified. Up to this revision there has been confusion as to who exactly is referred to by the words owner, customer, user and operator. This has been clarified. The owner, who, according to context, could have been the installer, is no longer referred to. The customer is now defined and the installer has been replaced by the CCTV company. Note. The protected premises is now the supervised premises. The tamper recommendations have been relaxed. The number of events required to be retained in the on-site memory is reduced from 10,000 to 2000. Comment This was not in the previous version. Longer term this should assist the development and sophistication of systems. Weakens the value of being able to use radio across a site. Brings document into line with sector practice and does not alter the fact that police are not contacted unless there is actual criminal activity. Aligns with other state-of-the-art CCTV documents. Eliminates some corner cutting by some practitioners. The previous muddled treatment of these participants arose from the fact that earlier versions had come to the sector from the remote video response centre (RVRC) point of view and the owner could have been the CCTV company. There was also an unrealistic expectation that end customers should have responsibility for matters that they were really not qualified to deal with such as the actions required to ensure that the system was adequately maintained. See appendix 1. The previous requirement had seemed excessive. Installation and remote monitoring of detector-activated CCTV systems Code of practice 3
A minimum of one data transmission path should be provided (previously two). There are two notes reading an additional transmission path might be necessary and it is advisable to use a transmission path dedicated to the CCTV system for added security and reliability of transmission. Fault reporting remains at 3 minutes. Media for transmission systems, ie whether PSTN, network or radio, and the performance and security of the data transmission system are not dealt with. Other standards are not referenced but a note reads: standards covering data transmission include BS EN 62676-1-2, BS EN 62676-2-1, BS EN 62676-2-2 and BS EN 62676-2-3. If the CCTV system fails to establish a connection it should retry six times. Also, if the authorisation procedure (to confirm the identities at both ends) cannot be completed, it should continue to try for up to 10 minutes. If the system is unsuccessful on either count, it does appear that a fault indication should be given at the RVRC in both the set and unset condition, but the standard could be clearer. The need for an uninterruptable power supply (UPS) as the alternative power source is now determined by threat analysis and risk assessment. In addition, there is a need for the chosen alternative power source to have a capacity to support the control equipment and data transmission devices for a minimum period of 30m. The standby power capability for the detectors and semi-wired detectors remains at 4h. Unless the specifier is content to leave this important facet completely to the CCTV company, they will need to clarify and endorse, or otherwise, whatever is being proposed by the CCTV company or set their own requirements eg whether single or dual path, IP or GPRS, and so on. There is much scope for delay of signals and possible exploitation by criminals in this. It is an example of how the technology cannot really claim high security status compared with a properly designed intruder alarm system. Obviously weakens the resilience of DA CCTV and, depending on the circumstances, the specifier may find it necessary to question the CCTV company on what arrangements will be in place for systems losing power to their control and transmission equipment. 4 Security Bulletin
Detector omission (suppression of activation signals from a detector generating excessive false alerts) was previously available only to the RVRC. The standard expressly states that it is now also available to the customer. Omitted detectors are restored automatically when the system is unset but neither the RVRC nor the CCTV company will be aware of the omission if implemented by the user. Details will however be written to the system log and/or at the RVRC. The document states that detectors should only be omitted temporarily. But if omission is not in the sole control of the RVRC it cannot be known whether this advice is followed. Detector isolation (eg for periods when builders are known to be working in protected premises) was previously available only to the RVRC following written agreement between the owner and the RVRC. By implication the standard now allows isolation to be also available to the customer. Detector isolation is to be logged at the RVRC and/or in the event log at the supervised premises. Hence it is possible that neither the RVRC nor the CCTV company will be aware. Isolated detectors are not restored automatically when the system is unset they remain isolated until reconnected following agreement between the customer, the CCTV company and the RVRC. Incidents occurring during the period in which the CCTV system is set should be reported in writing to the customer s nominated address within 24h (previously 12h). The option of one of the yearly routine maintenance visits being carried out remotely by the RVRC has been dropped. The need for changes to the CCTV system and transmission equipment to be controlled through the RVRC in order to avoid a breach of security has been dropped. Stakeholders such as customer security management and insurance underwriters may be uneasy, with some justification, at the thought that detectors are so easily omitted or isolated. The alternative of a more formal arrangement involving authorisations in writing and a paper audit trail does however introduce issues of flexibility and cost. Again, calls for consideration on a case-by-case basis. This respresents another dilution of security and service. This is believed to be motivated, laudably, by the recognition that CCTV systems require engineering support in person more frequently than yearly. On the face of it, this is unfortunate as the previous wording had strengthened protection against bogus visiting engineers. Installation and remote monitoring of detector-activated CCTV systems Code of practice 5
2 Appendix 1: Tamper detection recommendations Clause 4.5.6 Tamper detection of the previous version reads as follows: Cables attached to detectors should incorporate tamper detection. The detector enclosure should also be equipped with tamper detection to detect opening through its usual method of opening, removal from mounting, orientation adjustment, and masking. To detect tamper, the following measures should be taken: a) tamper detection circuits should be continuously monitored; b) when the CCTV system is in the set condition, tamper signals should immediately be reported at the RVRC; c) when the CCTV system is in the unset condition, tamper signals should be reported at the RVRC and/or reported at the protected premises by an audible indication; d) pluggable connectors and control equipment should be contained within the secure area or within a tamper-monitored enclosure; e) housings containing power supplies to detectors should be equipped with tamper detection to detect opening through its usual method of opening; and f) tamper detection should be fitted to detect removal of cameras from their mountings and, wherever practicable, orientation adjustment. Housings containing fitted cameras should be equipped with tamper detection to detect opening through its usual method of opening. With the aim of improving clarity and structure, in the revised document the tamper recommendations are reformatted in the form of a table to improve understanding of the elements to which tamper protection applies and the way tamper conditions are to be indicated according to the set state of the system. Table 1 Tamper detection and indication is reproduced in its entirety below. The effect of the table is to generally relax the tamper requirements and make them less prescriptive. Table 2: Tamper detection and indication as per Table 1 of BS 8418: 2015 Tamper detection of interconnections, components, enclosures, equipment Indication Local RVRC (Remote) System set Interconnections to detectors M D M Op Detector enclosures - when opened by normal means, removal from mounting, orientation adjustment and where used, masking M D M Op Pluggable connectors A M D M Op Power supply housings when opened by normal means M D M Op Camera housing(s) and associated power supply B when opened by normal means, removal from mounting, orientation adjustment M D M Op CCTV control equipment when opened by normal M D M Op means A Setting device(s) when opened by normal means M C,D M Op Note: Local indication means at the protected premises and should as a minimum be indicated to the person setting the system. Key: M = mandatory, Op = Optional A) Not mandatory if located within a secure area with restricted access (see 4.6.9.1). B) It is accepted that some camera housings and associated power supplies might not include all forms of tamper detection might not be supplied. C) Not mandatory for portable set/unset devices. System unset D) Local indication is not mandatory if indication is given at the RVRC in the unset state. 6 Security Bulletin
Additional comments 1. Camera housing tamper CCTV companies had complained prior to the revision that in many cases camera housings were either supplied without a tamper facility and/or could not easily be fitted with a standard tamper detection device. However, there does appear to be an ambiguity in the way the new table deals with this (requires anti tamper yet, in the confusingly drafted note B, accepts at the same time that products may not include all forms of tamper detection ). Similarly, it was said that the need to detect CCTV camera removal from mounting was not practicable. However no relaxation has been made. 2. Video loss/masking The code of practice had previously made recommendations for video loss and video degradation as well as camera masking. The revised document now deals with these measures in a more relaxed way with these advisory clauses which infer that the measures are not required in the average installation: It is advisable to implement procedures and/or technologies to detect camera masking in high-security applications. In some applications a video content detection system is necessary to determine whether an expected level of information exists within the image. This protects against deliberate masking of the camera(s) field(s) of view, failure of the lens, or inappropriate or inadequate illumination. Installation and remote monitoring of detector-activated CCTV systems Code of practice 7
administered by Fire Protection Association London Road Moreton in Marsh Gloucestershire GL56 0RH Tel: +44 (0)1608 812500 Email: info@riscauthority.co.uk Website: www.riscauthority.co.uk 2015 The Fire Protection Association on behalf of RISCAuthority PDF version only