Graded requirements under BS EN 62676 Standards for CCTV
This is a pure technical guide for installers, specifiers and manufacturers under BS EN 62676 Standards for CCTV (Form No. 218). The BS EN 62676 series of standards are the first standards for CCTV video surveillance that will be used to any significant extent in the UK and include the use of security grading. This guide is intended to assist installers of CCTV and other interested parties to understand how a choice of grade is to be made and then used to determine the design requirements of a CCTV system.
It is important to understand that the majority of requirements given by the BS EN 62676 series of standards are not grade dependent. This guide deals only with the minority of requirements that are grade dependent. Most of these are to be found in BS EN 62676-1-1 but there are a few in BS EN 62676-1-2 (the names of the standards can be found in 2.1).
The approach to grading given in the BS EN 62676 series of standards is intended to allow for flexibility to overcome problems that a system designer may face. It is not intended to be complicated but the flexibility can give the appearance of complexity. Having an understanding of the flexible possibilities will benefit system designers whether they choose to use them or not.
A summary of the key points about grading detailed in this document are:
• System designers should choose the simplest approach that will work.
• The recommended approach is to choose a grade of system and apply that single grade throughout the system.
• The grading will affect the protection level and restriction of access to the system.
• It is the functions of the CCTV system that are graded rather than each component.
• Grading of a system does not determine the quality of the images captured by the system. BS EN 62676-4 includes requirements and recommendations that will determine the quality of image recording.
• The chosen grade(s) should be recorded in the Operational Requirement or System Design Proposal.
• Where use of a single grade for all system functions is not practical the standard permits the grading to be divided up by function. 18 Functions are described in the standard.
• Additional flexibility can be obtained by documenting specific requirements in the Operational Requirements or System Design Proposal.
Note: For security practitioners with a knowledge of intruder alarms (as installed under the PD 6662 scheme) it is important to note that the way that grading is described in the CCTV standards is not the same and confusion may arise if the differences are not understood. Additionally for intruder systems the installer’s life is made easy by the existence of component standards. For example an installer seeking a Grade 3 passive infra-red detector simply looks for a device that a manufacturer states meets the requirements of the associated standard. This is not the case for CCTV. There are currently no standards for CCTV system components specifying differences between their requirements at each grade.
Scope
These guidelines are for use in conjunction with the BS EN 62676 series of standards for “Video Surveillance Systems for Use in Security Applications”. In particular they give guidance to the requirements in BS EN 62676-1-1 “System Requirements – General”.
Note: The BS EN 62676 series of standards uses the term Video Surveillance System (VSS) for systems commonly known in the UK as CCTV (Closed Circuit Television) systems. Although CCTV is no longer technically correct in all situations the terms may be used interchangeably.
It is not mandatory to use Security Grading when installing systems to meet the standard but the use of Grading can give benefit and simplify matters.
Grading of a system does not specifically determine the quality of the images captured by the system although implementation of a higher grade may coincidentally result in an improvement. The grading will affect the protection level and restriction of access to the system.
BS EN 62676-4 includes recommendations that will determine the quality of image recording.
Referenced Standards
The following referenced documents are indispensable for the application of this document.
BS EN 62676 series: Video surveillance systems for use in security applications
BS EN 62676-1-1 : Video System Requirements
BS EN 62676-1-2 : Video Transmission – General Video Transmission – Requirements
BS EN 62676-2-1 : Video Transmission Protocols – General Requirements
BS EN 62676-2-2 : Video Transmission Protocols – IP Interoperability implementation based on HTTP & REST Services.
BS EN 62676-2-3 : Video Transmission Protocols – IP Interoperability implementation based on web services
BS EN 62676-3 : Analog and Digital Video Interfaces
BS EN 62676-4 : Application guidelines
How to Use this Guide
This guide consists of three main sections.
Section 6 “Grade Selection” explains how the Security Grade can be applied to all or to parts of the installation.
Section 9 “Commentary on the Requirements” looks at each of the graded requirements in the standard in turn and gives advice and commentary.
Section 10 “Graded Requirements” summarises the requirements in a checklist style.
How does the customer benefit by the use of Grading
This guide is primarily aimed at those wishing to understand the technical issues associated with grading in terms of how the requirements differ by grade and also how to apply the graded requirements to the system. BSIA have a separate guide (Form 217) that is intended to help customers of CCTV systems understand the differences between an installation meeting the requirements of the BS EN 62676 series of standards and other systems (e.g. systems that pre-dated those standards). This includes an overview of the differences introduced by grading.
It is important that the customer realises that the choice of one grade over another will not affect the quality of images obtained by the system. The use of different grades will however affect the robustness and integrity of the system and its ability to continue to serve its purpose in the face of a criminal attack or likely fault conditions.
The factors that are affected by the grade choice are indicated by the function titles in section 6.3.1 and section 8.
As can be seen by the table in section 8, the majority of differences between system requirements are associated with the step from Grade 2 to Grade 3. 13 of the 18 functions have identical requirements in Grades 1 and 2 and 9 of the 18 are the same in Grades 3 and 4.
BS EN 62676-4 describes how the selection of security grades should be based on a risk assessment and the system should be designed to mitigate the assessed risks. As the graded requirements primarily affect the protection of the system itself then it is these aspects of a risk assessment that would determine the grade.
Therefore typically the grade will be the result of risks associated with threats and hazards such as:
• Vandalism or malicious attack on the CCTV system (without other criminal intent).
• Deliberate attack on the CCTV system (to assist with a crime).
• Environmental factors (e.g. flood damage to equipment, radio interference, lightning) and possible power outages.
A higher risk will be associated with increased likelihoods of events. These may be indicated by:
• How attractive the criminal target is (e.g. valuables / persons at risk of kidnap).
• Lack of other security measures.
• Location in a high crime area or close to easy escape routes.
• Lack of occupancy.
• Easy public access.
• High crime history.
A higher risk will also be associated with a high impact. Many things might cause a high impact, including:
• Potentially high losses.
• Disruption to site activities.
• Potentially high losses.
• Disruption to site activities.
Some aspects of the graded functions do not directly relate to the threat but are a consequence of the risk assessment. An example is the need to preserve evidential data of good quality images. Although this is unlikely to prevent a crime it is more likely to be important when a criminal will go to greater lengths to protect their identity. This is associated with higher risks.
To keep in shot we can summarized of Grading
1. System designers should choose the simplest approach that will work.
2. The recommended approach is to choose a grade of system and apply that single grade throughout the system.
3. The grading will affect the protection level and restriction of access to the system.
4. It is the functions of the CCTV system that are graded rather than each component.
5. Unlike the other functions, tamper protection and detection requirements may be applied with different grades in various locations because of the varying risk of tamper in those locations.
6. Grading of a system does not determine the quality of the images captured by the system. BS EN 62676-4 includes requirements and recommendations that will determine the quality of image recording.
7. CCTV security systems are installed to mitigate the risks associated with a number of threats
8. If the mitigation by CCTV for a particular threat is not the primary mitigation then grading is optional for that threat but may apply for other threats. If CCTV is not the primary mitigation for any threat then grading is optional for the whole system.
9. Grade 1 is the minimum grade that can be assigned.
10. If necessary, any of the 18 functions (listed in 6.3.1) can be graded separately but the grade for that function applies throughout the system.
11. It is recommended that if any of the 18 functions (with the exception of tamper protection and detection) are graded differently the overall system grade be that of the majority of the functional grades chosen.
If a VSS is designed and configured in a way that single or multiple operators request video images via common interconnections, the design of the system shall ensure that the available capacity is sufficient for the anticipated operation of the VSS. This may be achieved by configuring the maximum throughput of image streams on the VSS.
The following table can be used as a checklist.
Key:
Op = Optional
M = Mandatory
R = Recommended
Clause number (e.g. 6.1.2.2) means a clause in 62676-1-1, if a standard number is also given then it is the clause in that standard.
Tm.n (e.g. T1.4) means the nth row in table m (e.g. 4th row of table 1).
Table & Row or Clause
|
Subject
|
Security Grade
| |||
G1
|
G2
|
G3
|
G4
| ||
FUNCTION: Common Interconnections
| |||||
6.1.2.2
|
Common Interconnections
|
Op
|
Op
|
M
|
M
|
If a VSS is designed and configured in a way that single or multiple operators request video images via common interconnections, the design of the system shall ensure that the available capacity is sufficient for the anticipated operation of the VSS. This may be achieved by configuring the maximum throughput of image streams on the VSS.
| |||||
FUNCTION: Storage
| |||||
Table 1
|
Storage
| ||||
T1.1
|
Data backup and/or redundant recording
|
Op
|
Op
|
M
|
M
|
T1.2
|
Operating a fail-safe storage (e.g. RAID 5, continuous mirror) or switching automatically over from one storage media to another in case of storage failure
|
Op
|
Op
|
Op
|
M
|
T1.3
|
Reacting to a trigger with a maximum latency time of
|
-
|
1 s
|
500ms
|
250ms
|
T1.4
|
Replaying an image from storage with a maximum time after the incident or actual recording of after the incident or actual recording of
|
-
|
-
|
2s
|
1s
|
FUNCTION: Archiving and backup
| |||||
Table 2
|
Archiving and Backup
| ||||
T2.1
|
Authentication of every single image and image sequence
|
Op
|
Op
|
Op
|
M
|
T2.2
|
An automatically scheduled backup of alarm image data
|
Op
|
Op
|
Op
|
M
|
T2.3
|
A backup of alarm image data by manual request
|
Op
|
Op
|
M
|
M
|
T2.4
|
Verify the successful image backup
|
Op
|
Op
|
M
|
M
|
FUNCTION: Alarm Related Information
| |||||
6.2.2.3
|
The VSS system shall be able to display alarm related information. The information presented for each alarm message shall include: a) the origin or source of alarm; b) the type of alarm; c) the time and date of alarm.
|
Op
|
Op
|
M
|
M
|
FUNCTION: System Logs
| |||||
Table 3
|
System Logs
| ||||
T3.1
|
Alarms
|
Op
|
M
|
M
|
M
|
T3.2
|
Tampers
|
Op
|
Op
|
M
|
M
|
T3.3
|
Video loss and recovery from video loss
|
Op
|
Op
|
M
|
M
|
T3.4
|
Power loss
|
Op
|
M
|
M
|
M
|
T3.5
|
Essential function failure and recovery from failure
|
Op
|
Op
|
M
|
M
|
T3.6
|
Fault messages displayed to the user
|
Op
|
Op
|
Op
|
M
|
T3.7
|
System reset, start, stop
|
Op
|
M
|
M
|
M
|
T3.8
|
Diagnostic actions (health check)
|
Op
|
Op
|
Op
|
M
|
T3.9
|
Export, print/ hardcopy incl. the image source identifier, time range
|
Op
|
M
|
M
|
M
|
T3.10
|
User log in and log out at workstation with time stamp, successful and denied logins (local/remote) including reason of denial (wrong password, unknown user, exceeded account
|
Op
|
M
|
M
|
M
|
T3.11
|
Changes in authorisation codes
|
Op
|
Op
|
M
|
M
|
T3.12
|
Control of functional cameras
|
Op
|
Op
|
Op
|
M
|
T3.13
|
Search for images and replay of images
|
Op
|
Op
|
M
|
M
|
T3.14
|
Manual changes of recording parameters
|
Op
|
Op
|
M
|
M
|
T3.15
|
Alarm acknowledge / restore
|
Op
|
Op
|
M
|
M
|
T3.16
|
System configuration change
|
Op
|
Op
|
M
|
M
|
T3.17
|
Date and time set and change with current time and new time
|
Op
|
Op
|
M
|
M
|
FUNCTION: Backup and Restore of System
| |||||
6.3.2.1
|
Capable of backup and restore of all system data.
|
Op
|
M
|
M
|
M
|
FUNCTION: Repetitive Failure Notification
| |||||
6.3.2.2.1
|
The system shall be able to detect repetitive failures from a component and shall be configurable to generate a single message which shall only be repeated each time a new user logs in or the system restarts.
|
Op
|
Op
|
M
|
M
|
FUNCTION: Image Handling Device PSU Monitoring
| |||||
6.3.2.2.2
|
Failure of the primary and, if available alternative, power supplies to the system shall be monitored, with notification according to clause 6.3.2.2.1.
|
Op
|
Op
|
Op
|
M
|
6.3.2.2.2
|
In any case power supply failure shall always be indicated locally.
|
Op
|
Op
|
Op
|
M
|
6.3.2.2.2
|
The VSS shall attempt to resume normal operation after recovering from power loss. If the system is unable to resume after power has been restored, with the settings which existed before the power failure, this shall be logged and also indicated to an operator
|
Op
|
Op
|
Op
|
M
|
FUNCTION: Image Buffer Holding Time
| |||||
6.3.2.2.2
|
Images shall not be held in a buffer for longer than 5 seconds without being written into the storage medium
|
Op
|
Op
|
M
|
M
|
FUNCTION: Essential Function Device Failure Notification Time
| |||||
6.3.2.2.3
|
The VSS shall manage device failure by indicating any failure of the essential functions within 100 s of the failure.
|
Op
|
Op
|
M
|
M
|
FUNCTION: Monitoring of Interconnections
| |||||
Table 4
|
Monitoring of interconnections
| ||||
T4.1
|
Repeatedly verify the interconnection at regular intervals with a maximum of
|
-
|
-
|
30s
|
10s
|
T4.2
|
Try to re-establish a interconnection with following number of retries before notification
|
-
|
-
|
5
|
2
|
T4.3
|
Maximum time permitted before notification to an operator of an interconnection failure
|
-
|
-
|
180s
|
30s
|
62676-1-2 T7.1
|
Maximum permitted duration of device unavailability
|
-
|
-
|
180s
|
30s
|
FUNCTION: Tamper Detection
| |||||
Table 5
|
Tamper Detection
| ||||
T5.1
|
Video loss
|
Op
|
M
|
M
|
M
|
62676-1-2 T7.2
|
Maximum detection time for live signal loss
|
-
|
8s
|
4s
|
2s
|
T5.2
|
If an image capturing device with a fixed field of view no longer includes the entire specified field of view
|
Op
|
Op
|
M
|
M
|
T5.3
|
Deliberately obscuring or blinding of the imaging device range
|
Op
|
Op
|
M
|
M
|
T5.4
|
The substitution of any video data at image source, interconnection or handling
|
Op
|
Op
|
Op
|
M
|
T5.5
|
Significant reduction of the contrast of the image
|
Op
|
Op
|
Op
|
M
|
6.3.2.3.2
|
Image capturing devices shall be protected against tamper
|
Op
|
Op
|
M
|
M
|
FUNCTION: Authorisation Code Requirements
| |||||
Table 7
|
Authorisation Code Requirements
| ||||
T7.1
|
Minimum number of possible logical authorisation keys
|
-
|
10,000
|
100,000
|
1,000,000
|
T7.2
|
Minimum number of possible physical authorisation keys
|
-
|
3,000
|
15,000
|
50,000
|
FUNCTION: Time Synchronisation
| |||||
6.3.2.5
|
Time settings of various components of a VSS system shall always be within +/- 10 seconds of UTC.
|
Op
|
Op
|
M
|
M
|
FUNCTION: Data Labelling
| |||||
Table 11
|
Data Labelling
| ||||
T11.1
|
Location (e.g. name of site)
|
Op
|
M
|
M
|
M
|
T11.2
|
Source (e.g. capturing device labelled by camera number)
|
Op
|
M
|
M
|
M
|
T11.3
|
Date and time
|
Op
|
M
|
M
|
M
|
T11.4
|
Date and time in UTC including offset for local time
|
Op
|
Op
|
Op
|
M
|
FUNCTION: Data Authentication
| |||||
6.3.3.2
|
Provide a method (e.g. watermarking, checksums, fingerprinting) to authenticate image and meta data and their identity.
|
Op
|
Op
| ||
The authentication method shall be applied at the time the data is recorded and shall notify the user if any of the following has occurred:
| |||||
• Any of the images has been changed or altered;
| |||||
• One or more images have been removed from a sequence;
| |||||
• One or more images have been added to a sequence;
| |||||
• The data label has been changed or altered.
| |||||
FUNCTION: Export / Copy Authentication
| |||||
6.3.3.2
|
Provide a method by which the authenticity of copied and exported data is verified
|
Op
|
Op
|
M
|
M
|
FUNCTION: Data (manipulation) Protection
| |||||
6.3.3.3
|
Provide a method (e.g. encryption) to prevent unauthorized persons viewing the images and other data without permission
|
Op
|
Op
|
Op
|
M
|
6.3.3.3
|
Provide a method to protect the confidentiality of copied and exported data
|
Op
|
Op
|
Op
|
M
|
62676-1-2 Clause 12.1
|
All data communication outside secured technical room areas shall be encrypted in the security grade 4. AES with 128 bit key for symmetric and RSA with 1024 bit key shall be provided. Native encryption shall not be accepted. The VTDs shall not store any form of passwords in clear text. All such passwords either in configuration files or a database shall be encrypted.
|
Op
|
Op
|
Op
|
M
|
A VTD according to this standard shall support transport level security for the security grade 4.
| |||||
62676-1-2 Clause 12.2
|
A VTD compliant to this standard shall support in security grade 4 TLS 1.0 according to the IETF standard RFC 2246 and TLS 1.1 according to RFC 4346. Optionally the VTD may support TLS 1.2 according to RFC 5246.
|
Op
|
Op
|
Op
|
M
|
62676-1-2 Clause 8.3.4
|
Digest Access Authentication is recommended in security grade 3 and 4 systems, because of the higher security provided.
|
Op
|
Op
|
R
|
R
|
Note: VTD is an abbreviation for Video Transmission Device
Ref: BS EN 62676 series books.
Summary
Expecting an installer or integrator to analyse the specification of every product used to form a system is somewhat impractical but it is also difficult for a manufacturer to guarantee the suitability of a product with regard to graded requirements given the diverse possibilities for an installation.
Assessment by the manufacturer of the potential grading of their products (or at a minimum a statement about the best possible grade that could be achieved) and the presentation of this in a standard format, such as that shown above, will assist all parties in meeting the operational requirements of the CCTV system.
Thanks for sharing mobile nvr solutions dubai
ReplyDeleteThanks for the information CCTV security systems
ReplyDeleteHey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads along with DL Number, AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information.
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Lock Systems Replacement Parts allow residents to see exactly who is at the gate and verify identity before letting anyone in. Cameras can be either integrated directly into the intercom access panel or placed nearby, depending on the system and are an easy way to add an extra layer of visibility and security to your apartment building.
ReplyDeleteThank you for sharing this great blog on employee Monitoring Software. It is really important for companies these days whether it is big or small.
ReplyDeleteVisit: Employee Monitoring Software