Showing posts with label NUUO. Show all posts
Showing posts with label NUUO. Show all posts

Monday, August 15, 2022

Security Cameras in Medical Collage

 Security Cameras in Medical Collage

CCTV surveillance is now an integral part of the overall security apparatus across the world. The university has a significant responsibility to take appropriate steps to protect personal privacy and civil liberties when it operates security camera systems. When successfully deployed, security camera systems enhance overall campus safety and security, deter crime, and otherwise support the protection of people and property. A security camera is defined as video surveillance technology that records people’s activities in order to detect, deter, prevent, or investigate crime or other threats to public safety.

In a bid to improve the quality of medical education in the country, regulatory body NMC has issued an advisory recommending installation of cameras in the premises of all medical colleges and institutions. This is in continuation of the digital mission mode project being run by the National Medical Commission (NMC) and the erstwhile Medical Council of India to ensure and monitor availability of adequate number of patients teaching faculty and also to monitor regular teaching programs in the medical colleges. This is a step forward towards developing a robust monitoring mechanism and providing for transparency and accountability in functioning of medical colleges, official sources said.

If utilised properly, this would also be a way forward for digitisation of the assessment process for approvals being granted to medical colleges either for enhancement of under graduate courses or starting or enhancement of postgraduate courses, they said. "Use of such technology and artificial intelligence would make assessments and instructions transparent and an ongoing process instead of the current one time process," an official source said.

The most important things they can incorporate on all IP equipment are much more tangible—Trusted Platform Module (TPM) and National Defense Authorization Act (NDAA) complianceThe primary concern should be that the vendor is providing a system that is secure and in compliance with ISO 20243, particularly when it comes to assurances regarding the supply chain. Today more than ever, it is essential that video appliances are held to an IT standard, including TPM and NDAA compliance. The importance of making these properties a top priority has become a standard for end-customer expectations.
But installing a CCTV camera doesn’t mean you’re safe; here is a list of seven things you ought to consider before securing your territory with closed-circuit television cameras:

#1) Deciding how you’ll be monitoring the system

If you decide to monitor your system using the Internet, getting an IP Address for your Digital Video Recorder (DVR) or Network Video Recorder (NVR) will equip it to survey and record easily; an Ethernet cable carries all information via the Ethernet witch.

#2) Determining the number of Closed Circuit Television Cameras required

Depending upon the nature of your requirement and the expanse of the area you want to survey, decide on the number of cameras required to ensure complete security. As per the NMC guidelines, the medical colleges have been advised to install cameras at OPDs (depending upon number of OPDs in the college). The cameras should cover the medicine, surgical, gynaecological, paediatrics and orthopaedics OPDs, the highly-visited OPDs in a medical institution.

#3) Positioning the CCTV cameras

Cameras if visible could caution the trespasser. Thus most people prefer having clandestine cameras to having exposed and evident ones! Contemporary CCTV cameras can be easily hidden from view by being in the most exquisite of crevices and clefts in the wall; these places also offer the advantage of protecting the cameras from extreme weather conditions such as hailstorms, high-speed winds, and rains. One camera needs to be installed at the main entrance of the hospital and college and two cameras at the patient registration counter. All lecture theatres in the medical college should be equipped with cameras.

The pre-anaesthesia area, recovery area in the operation theatre complex, faculty lounge and attendance marking areas, anatomy dissection hall, physiology laboratory, biochemistry UG laboratories, pharmacology laboratory, patient attendant waiting area and emergency and casualty ward need to be equipped with cameras, the NMC stated.

#4) Placing the DVR/NVR

It is paramount to secure the digital video recorder (DVR) or the network video recorder (NVR). If you lose the DVR or the NVR to the trespasser, needless to say, you lose all the money you spent on your CCTV camera along with your stolen valuables! If you place your DVR or NVR centrally, you can minimize your cabling cost and reduce the complexity of your closed-circuit television system.

#5) Deciding on power backup of CCTV Camera

The constant power supply would ensure incessant surveillance. Thus make sure you have both constant power supply and a reliable power backup in case of power cuts to ensure security at all times.

#6) Deciding how you’ll be create Secure Network system

NDAA compliance assures that the video recording appliance does not include System on Chip (SoC) or other components capable of processing software from banned Chinese companies. All servers and workstations use NDAA-compliant chipsets as a standard. Having the NDAA seal of approval guarantees that the product is fully supported under those regulations as federal agencies have banned all non-compliant equipment from RFQ’s and projects. Those companies not adhering to NDAA standards are unable to work with any federal organization via a published blacklist. Business and commercial entities are also following suit, as they have privacy concerns consistent with the federal government as well.

Trusted Platform Module enhances computer privacy and security. Consider it a hardware-level security measurement to protect your video recording device from malicious attacks. Once the TPM module is enabledthat physical chip is now permanently tied to that specific server or workstation and cannot be moved to any other system. TPM-based microchips on system boards offer another layer of hardware and intrusion security.

This software agnostic TPM module is utilized for high-level security file encryption, network security, and password management. These modules are secured by cryptographic algorithms and ensure total system security for the most sensitive data on your video recording system. As a matter of fact, TPM modules are a standard requirement from every video management software manufacturer and independent software vendor in the security marketplace.

#7) Testing the CCTV Camera system

After you’re done with the installation process, it is very important to have a test run. Any problems that you might face with your closed-circuit television system, can be best fixed before it’s too late – a stitch in time, does save nine!

#8) Maintaining the CCTV-cameras

Best practices include cleaning the cameras on a monthly basis to rid them of any dirt, cobwebs. Timely replacement of the cables used is also advised to keep the systems from any potential failures in the most crucial of hours.

#9) "Cameras never lie". But how will one know, unless one 'sees' what the camera 'saw'?

Encourages all medical collage authority of CCTV to audit their own CCTV video footage as a standard operating procedure. Regular auditing of CCTV footage by the public means that the Police/LEA have more 'eyes' working for them through crowdsourced surveillance. This enables the Police/LEA in identifying potential threats and dangerous situations before they occur. Also, in the case of a crime, if a standardized incident report is delivered to the Police/LEA by the affected party in PowerPoint carrying the entire story (what, where, when, why, who, how, and the video clip), crime will get solved faster.

The aim is to bring the colleges under the National Medical Commission’s surveillance, protect doctors from any attack during duty hours. There are a lot of brands in the market selling closed-circuit television cameras. The best brands include Infinova, Hanwha Techwin, Avigillon, Pelco, Axis, NUUO, Milestone and GVD etc Solution for reliable CCTV cameras. To get free consultation contact us.



সুষ্ঠ প্রশাসন রোগীস্বার্থকে সামনে রেখে মেডিক্যাল কলেজগুলির দৈনন্দিন কাজে সরাসরি নজরদারি চালাতে উদ্যোগী ন্যাশনাল মেডিক্যাল কমিশন। আর এই জন্য দেশের সব মেডিক্যাল কলেজের মূল প্রবেশদ্বার-সহ ২৫টি স্থানে সিসিটিভি বসানোর ফরমান জারি করল কমিশন। কমিশনের এই সিদ্ধান্তকে বেনজির বলেই মনে করে শিক্ষক-চিকিৎসকদের বড় অংশ। দেশের সব সরকারি বেসরকারি মেডিক্যাল কলেজ হাসপাতালে সিসিটিভি (CCTV) বসানোর নির্দেশ জারি করা হল। আর এই নির্দেশকে ঘিরে চিকিৎসকদের মধ্যে শুরু হয়েছে বিতর্ক। ন্যাশনাল মেডিক্যাল কমিশনের (The National Medical Commission) তরফে একটি অ্যাডভাইজারি করে দেশের সব রাজ্য সরকারকে মেডিক্যাল কলেজ হাসপাতালের মূল প্রবেশদ্বার-সহ রোগীর নাম নথিভুক্ত করার কাউন্টার, আউটডোর এমনকী প্রতিটি ফ্যাকাল্টির শিক্ষক, চিকিৎসকগণ যে জায়গায় দৈনিক উপস্থিতি স্বাক্ষর করেন সেই জায়গাতেও সিসিটিভি বসাতে প্রস্তাব দেওয়া হয়েছে। জাতীয় মেডিক্যাল কমিশনের আদেশনামায় একটি মেডিক্যাল কলেজের অন্তত ২৫টি স্থানকে নির্ধারিত করা হয়েছে যেখানে সিসিটিভি বসাতে হবে। ক্যামেরা IP সম্বলিত ও 4K মাত্রার বিশ্লেষণ যোগ্য সংরক্ষক যন্ত্র সাথে 4K  মাত্রার বিশ্লেষণ যোগ্য প্রদর্শিত  মাধ্যম ব্যবহার করা। 

যেসব স্থানকে সিসিটিভি বসানোর জন্য চিহ্নিত করা হয়েছে তার মধ্যে উল্লেখযোগ্য হল : মেডিসিন, শল্য চিকিৎসা, স্ত্রী শিশুরোগ এবং অস্থিরোগের আউটডোর। ) রোগীর অ্যানাস্থেশিয়া জ্ঞান ফিরিয়ে আনার এলাকা। ) প্রতিটি বিভাগের ফ্যাকাল্টি লাউঞ্জ এবং উপস্থিতি এলাকা। ) লেকচার থিয়েটার। ) মেডিক্যাল পড়ুয়াদের অ্যানাটমি ডিসেকশন হল। ) ফিজিওলজি, বায়োকেমিস্ট্রি ল্যাবরেটরি। ) প্যাথলজি মাইক্রোবায়োলজি ল্যাবরেটরি। ) ফার্মাকোলজি ল্যাবরেটরি। ১০) রোগীর অপেক্ষার স্থান। ১১) জরুরি ক্যাজুয়ালটি ওয়ার্ড।

ন্যাশনাল মেডিক্যাল কমিশনের চেয়ারম্যান ডা, সুরেশচন্দ্র শর্মা তাঁর প্রস্তাবে নির্দিষ্ট করে জানিয়েছেন, সিসিটিভিগুলি যেন ডিভিআর উচ্চক্ষমতার নেটওয়ার্ক যুক্ত হয়। সাংসদ তথা চিকিৎসক সংগঠন আইএমএ তরফে শান্তনু সেন বলেন, ‘‘কিছু অসাধু রয়েছেন। তাঁদের নিয়ন্ত্রণ করতে কমিশনের এই পদক্ষেপ।’’ জাতীয় মেডিক্যাল কমিশনের এই প্রস্তাবে চিকিৎসক-অধ্যাপকদের একাংশ যেমন অসন্তোষ প্রকাশ করেছে তেমনই আরেকাংশ বলছে, এই নিয়ম আগেই ছিল। কলকাতা মেডিক্যাল কলেজের অধ্যক্ষ ডা. রঘুনাথ মিশ্র বিষয়টিকে গুরুত্ব দিতে নারাজ। তাঁর কথায়, কলেজ বা হাসপাতালের কোনও জায়গা সিসিটিভিতে দেখতে না পেলে মাঝে মধ্যে ফোন করে।

মেডিক্যাল কলেজগুলির দৈনন্দিন কাজে সরাসরি নজরদারি চালাতে উদ্যোগী ন্যাশনাল মেডিক্যাল কমিশন। দেশের সব মেডিক্যাল কলেজের মূল প্রবেশদ্বার-সহ ২৫টি স্থানে সিসিটিভি বসানোর ফরমান জারি করল কমিশন যেটা খুব ভালো প্রস্তাব, কিন্তু পাশাপাশি ক্যামেরা চলছে কিনা এবং তা ঠিকমতো সংরক্ষিত হচ্ছেকিনা তা দেখার জন্য প্রতিদিন ভিডিও চিত্র নিরিক্ষণ করা উচিত। IP ক্যামেরা বর্তনীতে যেন এই ভিডিও প্রতিলিপি সুরক্ষিত থাকে সেবিষয়ে নজর রাখতে সেই ধরণের IP ক্যামেরা DVR / NVR  বসানো উচিত। আপনাকে দেখতে হবে সেই IP দ্রব্যটি যেন NDAA অনুমোদিত হয়।  


Saturday, January 16, 2021

PCI DSS in Security Surveillance

PCI DSS in Security Surveillance
Access control & Video Surveillance vendors who sell to retail merchants have undoubtedly heard about PCI compliance, but may not understand exactly what it is and how it impacts the security industry. Thus, it’s no surprise that the Payment Card Industry Data Security Standard (PCI DSS) outlines specific guidelines for securing cardholder data environments (CDE) from a physical standpoint. This means protecting devices and systems (desktops, laptops, point-of-sale terminals, servers, routers, phones and other equipment), as well as the facility itself (office buildings, retail stores, data centres, call and contact centres and other structures). PCI compliance appears to be an issue between the payment card companies such as VISA and the merchants who accept credit cards. However, as merchants are being required to comply, they are passing some of the impact down to the vendors whose systems sit on their network.

Some users, professional now start asking is OEM camera, NVR, Access Controller are Compliance by PCI-DSS, “We need your system to be PCI compliant before we can put it on the network”. Reason is that in Aug 13, 2018 US Govt Ban HikVision & Dahua (and their OEMs) product due to backdoor entry & lots of security risk. On Aug 13, 2019 US Govt signed as a Law.

According to the latest standards, PCI DSS applies to all entities involved in payment card industry—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). To safeguard credit card data from being stolen through network breaches and ineffective IT security practices. Originally most card providers such as Visa and MasterCard had established their own proprietary rules regarding the handling of credit card data by merchants. Concern and confusion by the merchants over varying and overlapping requirements by the rival card companies prompted the card issuers to create an independent organization and standard for protecting credit card data. This entity is known as the PCI Security Council and while there are actually several standards, the most applicable to our industry is the PCI-DSS. To comply with the standard, you must use security cameras AND/OR access control in any sensitive areas. Sensitive areas are defined as below:

‘Sensitive areas’ refers to any data center, server room or any area that houses systems that store, process, or transmit cardholder data. This excludes public-facing areas where only point-of-sale terminals are present, such as the cashier areas in a retail store.
It is this need to secure the merchants entire network as well as the devices and software attached to the network that creates the demand for video surveillance vendors to meet PCI requirements, or more specifically, to provide solutions which are secure enough that they do not compromise the merchants network security plan. For a large retail store, this might be your server room, data closet, or anywhere else you have machines or servers that process cardholder data. The cameras must be at every entrance and exit so you can document who has entered and left this sensitive area.

This first is the inherent or built-in security that the solution has as it leaves the manufacturers back door. Many solutions being shipped today utilize highly vulnerable technologies such as web applications, non-secured operating systems and may even have a wide variety of exploitable technologies built into the product.

Manufacturers first need to understand the most current threats and then need to evaluate and adapt their architectural design to provide maximum inherent security.

One method to accomplish this is by having a valid and effective Software Development Lifecycle (SDLC) program in place which adheres to industry best practices, meets secure software development standards and has security activities and awareness built-in throughout the process.

The second way that network insecurity can be introduced into the merchants’ network is in how the product is deployed, configured and maintained. Many vendors feel that at this point it is out of their hands, but new pressures on the merchant from the PCI requirements are causing them to push back at the manufacturer.

Updated as part of PCI DSS version 3.0, Requirement 9 outlines steps that organizations should take to restrict physical access to cardholder data. Included under this requirement are guidelines that organizations must take to limit and monitor physical access to systems in the cardholder
data environment, such as points of sale (POS) systems. PCI DSS recommends deploying entry access control mechanisms or video security cameras to meet this requirement (or both). Additionally, they require companies to:
  • ü  Verify that either video cameras or access control mechanisms (or both) are in place to monitor the entry/exit points to sensitive areas
  • ü  Verify that video cameras (or access controls) are protected from tampering or disabling
  • ü  Review collected data and correlate with other entries
  • ü  Store video data (or access logs data) for at least three months

Beyond the requirements specific to physical security, PCI DSS outlines a range of measures that organizations must

The PCI Data Security Standard (DSS) specifically excludes the need to provide cameras over cash registers:

DSS 9.1.1: "Use video cameras and/or access control mechanisms to monitor individual access to sensitive areas. Review collected data and correlate with other entries. Store for at least three months, unless otherwise restricted by law. Note: - Sensitive areas refers to any data center, server room, or any area that houses systems that store, process, or transmit cardholder data. This excludes the areas where only point-of-sale terminals are present, such as the cashier areas in a retail store."

PCI DSS Compliance levels

PCI compliance is divided into four levels, based on the annual number of credit or debit card transactions a business process. The classification level determines what an enterprise needs to do to remain compliant.
·        Level 1: Applies to merchants processing more than six million real-world credit or debit card transactions annually. Conducted by an authorized PCI auditor, they must undergo an internal audit once a year. In addition, once a quarter they must submit to a PCI scan by an Approved Scanning Vendor (ASV).
·        Level 2: Applies to merchants processing between one and six million real-world credit or debit card transactions annually. They’re required to complete an assessment once a year using a Self-Assessment Questionnaire (SAQ). Additionally, a quarterly PCI scan may be required.
·        Level 3: Applies to merchants processing between 20,000 and one million e-commerce transactions annually. They must complete a yearly assessment using the relevant SAQ. A quarterly PCI scan may also be required.
·        Level 4: Applies to merchants processing fewer than 20,000 e-commerce transactions annually, or those that process up to one million real-world transactions. A yearly assessment using the relevant SAQ must be completed and a quarterly PCI scan may be required.


PCI DSS Compliance
Requirement 9: Restrict physical access to cardholder data
Any physical access to data or systems that house cardholder data provides the opportunity for persons to access and/or remove devices, data, systems or hardcopies, and should be appropriately restricted. “Onsite personnel” are full- and part-time employees, temporary employees, contractors, and consultants who are physically present on the entity’s premises. “Visitors” are vendors and guests that enter the facility for a short duration - usually up to one day. “Media” is all paper and electronic media containing cardholder data.
9.1 Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment.
9.2 Develop procedures to easily distinguish between onsite personnel and visitors, such as assigning ID badges.
9.3 Control physical access for onsite personnel to the sensitive areas. Access must be authorized and based on individual job function; access must be revoked immediately upon termination, and all physical access mechanisms, such as keys, access cards, etc. returned or disabled.

Clearly, there's no explicit camera requirement here, but cameras are a good way to remaining in compliance with requirement 9.2. It's hard to know if you had a physical security breach if you don't have any video evidence.

PCI PED Compliance
3.4.5.2 Monitor, Camera, and Digital Recorder Requirements
a) Each monitor, camera, and digital recorder must function properly and produce clear images on the monitors without being out-of-focus, blurred, washed out, or excessively darkened. The equipment must record at a minimum of four frames per second.
b) CCTV cameras must record all activity, including recording events during dark periods through the use of infrared CCTV cameras or automatic activation of floodlights in case of any detected activity. This recording may be via motion activated. The recording must continue for at least a minute after the last pixel of activity subsides.
c) CCTV monitors and recorders must be located in an area that is restricted from unauthorized personnel.
d) CCTV cameras must be connected at all times to:
·        Monitors located in the control room
·        An alarm system that will generate an alarm if the CCTV is disrupted
·        An active image-recording device

Q30 March (update) 2015
Q. For purposes of this requirement, can motion activation recording be used, such that if there is not any activity and associated motion, there is not any need to record? If motion activation is allowed, how long past cessation of motion must be recorded?
A. This requirement is under revision. The new text will state: CCTV cameras must record all activity, including recording events during dark periods through the use of infrared CCTV cameras or automatic activation of floodlights in case of any detected activity. This recording may be motion activated. The recording must continue for at least ten seconds after the last motion has been detected. The recording must capture any motion at least 10 seconds before and after the detected motion.

Some of OEM done PCI DSS Compliance
For example: On March 19, 2015 - NUUO, a leading provider of surveillance video management solutions, today announced that its NUUO Crystal family (NUUO CrystalTM), as well as Mainconsole Family (NUUO Mainconsole Tri-Brid) solutions have received the Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 certification.

Verkada (Cloud Camera Works) offers a technology solution that simplifies the process of meeting PCI physical security requirements. Unlike traditional CCTV systems, Verkada eliminates outdated equipment such as NVRs, DVRs and on-premise servers. The result: a system design that enables modern data security standards and innovative software capabilities by default.

3xLOGIC video surveillance vendor selected by our IS/IT department, also meet PSI DSS regulation.

Georgia CCTV understands that PCI-DSS compliance has become a requisite for restaurant operators. Safe guarding cardholder information and ensuring that PCI-DSS compliance standards are maintained is a material investment for companies in both time and resources. Georgia CCTV understands that for a retailer to achieve and maintain full PCI compliance, it is imperative that any services and devices that are part of or will become part of a merchant’s infrastructure also be PCI-DSS compliant.

ATLANTA, July 30, 2019 – Honeywell [NYSE: HON] announced the release of 30 Series IP Cameras, a new suite of video cameras that strengthens building safety and security through advanced analytics and secure channel encryption. They also adhere to the Payment Card Industry Data Security Standard (PCI-DSS) Together, these elements help meet the increasingly stringent requirements being set by IT Departments to shield businesses against unauthorized access and unsanctioned distribution.

Morpho is now IDEMIA, the global leader in Augmented Identity for an increasingly digital world, with the ambition to empower citizens and consumers alike to interact, pay, connect, travel and vote in ways that are now possible in a connected environment. IDEMIA – MORPHO is Payment Card Industry Data Security Standard (PCI DSS) certified company.

HID Global’s ActivID Authentication Appliance is used by enterprises and banks worldwide to secure access to networks, cloud applications and online services to prevent breaches and achieve compliance with the updated FFIEC guidance, PCI DSS and equivalent mandates, policies and guidelines.

Integrated Access Security is a commercial security systems company serving Redwood City. There Access control meet PCI regulation.

QNAP storage system have the following security certifications:
HIPAA Compliance
SSAE 18 Type II Certification
PCI-DSS Compliant

FIPS 140-2 Level 3 Validated Data Handling Practices

Ref:
https://www.rhombussystems.com/blog/security/what-type-of-video-security-system-do-you-need-to-be-pci-compliant/
https://www.pcisecuritystandards.org/document_library?category=educational_resources&subcategory=educational_resources_general
https://www.securitymetrics.com/blog/what-are-12-requirements-pci-dss-compliance
https://www.pcisecuritystandards.org/get_involved/participating_organizations