Closed Circuit Television (CCTV) Procedure



ProcedureClosed Circuit Television (CCTV) Procedure Contents TOC \h \z \t "Heading 1,1" Contents1-2Purpose3Scope3Roles and Responsibilities …3-6Section 1-Governance6 1.1 History…………………………………………………………………………………………………………….…….….6-7 1.2 Compliance7Section 2-Use , Access and Installation7 2.1 Use of CCTV Systems and Recordings7-8 2.2 Registers Associated with the Governance of CCTV8 2.2.1 CCTV User Register8 2.2.2 CCTV Copy Register8 2.2.3 CCTV Asset Register8-9 2.3 Reviewing and Copying CCTV Recordings 9 2.4 Releasing CCTV Recordings9-10 2.5 Retention & Disposal10-11 2.6 Selection & Installation11 2.7 Complaints Regarding CCTV11 2.8 CCTV Signage12 2.9 Training12Implementation13Evaluation13Related Policies, Procedures, Procedures, Frameworks, Standards and Legislation14Definition of Terms14-15References15Search Terms15Attachments15Approved CCTV Camera Signage……………………………………………………………………………….16CCTV User Register17Accountability & Compliance Matrix18-20CCTV Asset Register21CCTV Request Flow Chart22CCTV Footage Request Form23PurposeThese procedures are to ensure that any Closed Circuit Television (CCTV) systems installed within ACT Health facilities are managed in accordance with government expectations and in compliance with all relevant legislation and related codes, including the ACT Government Code of Practice for Closed Circuit Television (the code).These procedures provide ACT Health’s staff and contractors direction on their obligations in relation to use, managing, monitoring, recording, duplication, data storage, release and general access of CCTV systems when carrying out their official duties. Furthermore, these procedures outline where CCTV systems can be and cannot be installed to ensure compliance with government regulations and associated privacy requirements. ScopeThese procedures apply to all employees and contractors, who operate, service, repair and install CCTV systems within ACT Health facilities. These procedures relate to both digital and analogue CCTV systems installed as part of the SS-ICT/ ACT Health network or as ‘stand alone systems.Note: Third party retail/commercial tenants that operate a CCTV system within an ACT Health facility (e.g. café, kiosk etc) are not strictly bound by this procedure, however, must comply with the requirement to have adequate signage advising that their facility has CCTV surveillance installed. This requirement will be stipulated in any retail tenancy/lease agreements.Roles and Responsibilities In accordance with the Code of Practice for CCTV the ACT Health Director-General is responsible for ensuring that the use of the CCTV system complies with the Code and all relevant legislation and standards. The Director-General delegates the strategic responsibilities for the management and operation of the Health’s CCTV systems to the ACT Health Agency Security Executive and in turn, the oversight and management of these responsibilities is designated to the Agency Security Advisor responsible for managing ACT Health Security Services. The responsibilities of particular users of Health’s CCTV systems are outlined below: RoleResponsibilitiesACT Health Director-GeneralIn accordance with the Code, the Director-General is responsible for governance over use of the CCTV system and compliance with the Code and all relevant legislation and standards. The Director-General delegates responsibility for the management and operation of the Directorate’s CCTV systems to officers within the Directorate as specified below.Provide oversight to implementation of ACT Government Policy in ACT Health, including development of a security policy, standard operating procedures and guidelines.Guide the development, prioritisation, implementation and periodic review of the ACT Health Security Plan, based on reviews, audits, assessments, surveys and feedback and in alignment with the ACT Government Protective Security PolicyACT Health Agency Security Executive (ASE)The ASE has responsibility for the overarching operation of CCTV systems across ACT Health. The ASE is to ensure that guidelines and procedures related to CCTV systems are in place and those responsible are aware of their obligations. The oversight of these responsibilities is delegated to the Agency Security Advisor (ASA).Agency Security Advisor (ASA) [Senior Manager Protective Security]The ASA is the delegated position by the Director-General for the responsibility for providing advice on security risk and assisting managers, employees and others to devise and implement appropriate physical, personnel and information security measures and plans in a timely manner.Note: For the purpose of these guidelines, the term of Principal Officer as described in the ACT Government Code of Practice for Closed Circuit Television is the ASA. In relation to the management of CCTV, the ASA is responsible for:Ensuring appropriate procedures are in place and communicate to those responsible so as to effectively manage the use of the CCTV TV systems are operated in accordance with the CodeOverseeing the development of any CCTV procedures, amendments and updates are made as required.Release of CCTV recordings are scrutinised in accordance with the ACT Health CCTV Management Guidelines.An effective complaints mechanism is implemented to deal with privacy complaints, investigations and subsequent outcomes and any required actions.A compliance review of CCTV systems against these guidelines and the Code is conducted once a year, with the outcomes of the review provided to the Agency Security Executive.Agency Security Officer (ASO) [Manager Security Operations]The ASO is responsible to the ASA for:Coordinating an annual compliance review of CCTV systems to ensure compliance with all CCTV policies and procedures.Developing and maintaining the CCTV Asset Register and CCTV Copy Register.Recording personnel who are authorised to review and copy CCTV recordings in the CCTV User Register.Acquisition of relevant CCTV system equipment through consultation with the Agency Security Advisor.Destruction and disposal of CCTV recordings and recorded on the ‘CCTV Disposal Schedule’.Maintenance of CCTV system equipment.Day-to-day operation of CCTV systems across the ACT Health portfolio.Providing the ASA with information or documents about CCTV systems across the ACT Health portfolio upon request.Day-to-day operation of CCTV systems in their areas of responsibility.Maintaining signage of CCTV systems.In consultation with the ASA, approving the release of CCTV recordings in compliance with this policy and supporting guidelines. Providing the Agency Security Advisor with information or documents about CCTV systems within their business area upon request.Security Administration OfficerSecurity Administration Officers are responsible to the ASO for:Day-to-day operation of CCTV systems in their areas of responsibility.Reviewing CCTV footage to identify beaches of security or to review security incidents.Bookmarking CCTV footage to save for potential investigations both internal and external.Download CCTV footage to a storage device (disk, USB drive, hard drive etc) when requested to do so as part of an investigation process. Complete all required documentation associated with operating a CCTV system.ACT Health Security Officers (internal or contractors)ACT Health Security Officers (either employees or contracted) are responsible for:Day-to-day operation of CCTV systems in their areas of responsibility.Reviewing CCTV footage to identify beaches of security or to review security incidents.Bookmarking CCTV footage to save for potential investigations both internal and external.Reporting to ACT Health Security Administration officers or Health ASO issues/incidents relevant to CCTV surveillance of ACT Health facilities.Back to Table of Contents Section 1. GovernanceBackgroundACT Health is committed to minimising security risks in the public health care system, through the provision of a safe and secure environment for staff, patients, visitors, volunteers and contractors. To assist public confidence and reinforce community safety, Closed Circuit Television (CCTV) systems are used extensively across a number of ACT Health facilities including Canberra Hospital and several Community Health Centres. In 2009, the ACT Government released a Code of Practice for Closed Circuit Television Systems (Code of Practice). These guidelines build on this Code of Practice, developing a framework for the use of CCTV within the Directorate.Furthermore, CCTV systems form part of ACT Health’s Physical Security capabilities in relation to compliance with the ACT Government Protective Security Policy Framework (PSPF). 1.2 ComplianceAll ACT Health employees and contractors engaged to represent ACT Health are accountable to the Director-General under these guidelines. Executives, managers and supervisors are to ensure that these guidelines are implemented within their business areas and these personnel are aware of their obligations under these guidelines.Non-compliance with these guidelines is taken as a serious matter and could constitute a failure to comply with the obligations and standard of conduct expected of a public service employee, set out in the Public Sector Management Act 1994, the Public Sector Management Standards 2016 and the Enterprise Agreements.Non-compliance may result in disciplinary action for breach(s) of the ACT Governments Code of Practice for CCTV. In the event of suspected criminal action; the matter will be referred to the Australian Federal Police or other relevant authorities for action.The recording and retention of images will be undertaken in accordance with the Territory Records Act 2002 and any breaches relating to the unlawful use of images taken from the CCTV system could constitute a criminal offence under this Act. CCTV recordings will only be used in accordance with section 2.1 of these guidelines.Back to Table of Contents Section 2. Use, Access and InstallationUse of CCTV systems and recordingsACT Health uses CCTV systems to assist in the protection of its employees, the public, Directorate assets and infrastructure. CCTV systems may also be used to support investigations, both internal and external. The purpose of the ACT Health CCTV systems is to:Assist in the protection of the public.Provide a level of security for staff with direct contact with the public.Improve security for the protection of agency and community assets and infrastructureAssist in effective responses to security, safety and emergency incidents (to the public and staff).Assist in the investigation of possible offences.Monitor traffic flows and traffic operations.Assist with business monitoring of high risk areas such as cashier desks TV recordings must not be used for commercial or entertainment purposes. Where an employee or security contractor observes activity through monitoring of CCTV systems which may be of a criminal nature, this must be reported to the ACT Health Agency Security Officer (ASO) or Agency Security Advisor (ASA) immediately and if required, to ACT Policing.Where an employee or security contractor observes activity through monitoring of CCTV systems which may be a breach of internal policies or procedures or another form of misconduct or anti-social behaviour, this must be reported immediately to the ACT Health ASO or ASA and a RISKMAN report completed.Registers associated with governance of CCTVTo ensure appropriate governance of CCTV systems and operations, registers must be kept by Security Services. These can be in paper-based logs or electronic logs including audit trails maintained by Digital Video Recording TV User RegisterA CCTV User Register must be kept by Security Services who have sole responsibility for operating CCTV systems. This register must contain the following information:Authorised officers full name.Extent of authorisation granted to the authorised officer (e.g. viewing, recording, copying and administrator).Area or location in which the authorised officer has access to CCTV systems.Person’s name who has granted authorisation to the authorised officer.Date to review the authorised officer’s permissions to the CCTV systems.In accordance with the ACT Health Protective Security Personnel Guidelines all employees and security contractors with access to CCTV are deemed to be in a Position of Trust (POT) and the appropriate security clearances will have been TV Copy RegisterA CCTV Copy Register must be kept by Security Services who manage and operate CCTV systems. This information must include:Authorised officers’ name and date approved or reason not approved.Date and name of authorised officer when copied to disc.Disc number.Issues related to copying of recording.Details of who, where and when the disc was sent to.Reason for the TV Asset RegisterA CCTV Asset Register is to be maintained for all CCTV equipment. The CCTV Asset Register must include:Item (e.g. PTZ camera, DVR, etc).Make and model.Specifications.Serial number.Date of purchase.Location.Movement record.Decommission date.Other information such as maintenance undertaken.Asset information may not always be retrievable from older CCTV (cameras installed in high places etc), however, every attempt will be made to obtain this information but may not always be possible. All new equipment installed after the implementation of these guidelines will be recorded in this register. As existing cameras, recorders etc are repaired or upgraded every effort should be made to ascertain the required information and update the register (such as make, model, and serial number).Reviewing and copying CCTV recordingsThis guideline outlines the process for reviewing, copying and releasing CCTV recordings. Authorised officers may review CCTV recordings in accordance with Security Services procedures and should keep manual records of any authorised officer reviewing and/or copying CCTV systems where electronic audit trails on systems are not available.Authorised officers of ACT Health may review and/or copy CCTV recordings for the purposes listed in section 2.1 of this document. Examples of instances which may constitute review of CCTV recordings are to:Investigate possible breaches of Directorate policies and/or procedures.Investigate damage to public property.Accident and insurance claims.Investigate critical incidents.Investigate possible cases of employee misconduct.Investigate safety or security incidents.In accordance with the ACT Health Protective Security Policy (Information Security) all copied and downloaded CCTV footage will have a dissemination limiting marker applied categorised as ‘Official use Only’.Releasing CCTV recordingsAll requests to release Directorate CCTV recordings to a third party must be received through ACT Health Security Services. A third party includes police officers. Health will only release CCTV recordings for lawful purpose as defined below. CCTV recordings must only be released, after endorsement by the Agency Security Advisor to:PoliceStatutory authorities with powers to prosecuteSolicitors, where the recording may be relevant in civil proceedings and a court subpoena has been issued for release of specific CCTV footageOther government agencies with a legal requirement, such as Government Insurance Office Person authorised by the Director-General who has demonstrated a lawful requirement for the CCTV footage.(eg: FOI request)All processes and records within the ACT Government are subject to Freedom of Information (FOI) requests, as per the Freedom of Information Act 1989. The Territory Records Act 2002 deems CCTV footage to be an official record, and therefore FOI requests apply to the CCTV System for the release of CCTV footage to third parties.Under the Freedom of Information Act 1989 (FOI Act) section 14, provisions are available for the release of documents and records. However, in accordance with section 37 of the FOI Act, there are several exemptions that apply to the release of documents and records (and therefore include CCTV footage).This includes:Prejudice the conduct of an investigation of a breach, or possible breach, of the law;Disclose, or enable a person to ascertain, the existence or identity of a confidential source of information in relation to the enforcement or administration of the law;Endanger the life or physical safety of any person.Upon endorsement of release by the Agency Security Advisor (subject to any legal advice if required) to release the CCTV recording, the Authorised Officer must complete the release section of the CCTV Request Form. Information which must be collected is the:Authorised officers full name physically releasing the CCTV recording.Date, time and location of the CCTV recording being physically released to the recipient.Recipients’ full name, rank (if a Police Officer) and signature.Retention and disposalThe Territory Records (Records Disposal Schedule – Property Management Records) stipulates that generally, CCTV recordings will be kept for a period of thirty (30) days after the date of creation. If CCTV recordings have been requested by an investigative and/or law enforcement body, the following retention and disposal timeframes apply.If a CCTV recording has been requested by investigative and law enforcement body in relation to incidents that caused significant political or public reaction or recordings relating to high profile incidents, e.g. murder, serious accidents, extremely violent assaults, these recordings must be retained indefinitely.Where a CCTV recording has been requested by a government investigative or law enforcement body in relation to incidents not investigated or caused no significant political or public reaction, these recordings must be retained for seven (7) years. A government investigative or law enforcement body includes, but is not limited to:Australian Federal Police (including ACT Policing)ACT Care and ProtectionACT Civil and Administrative Tribunal (ACAT)ACT Environmental Protection AuthorityACT Human Rights CommissionACT Insurance AuthorityACT Office of Regulatory Services (including Fair Trading and WorkSafe ACT)Office of the Information/Privacy CommissionerAny other ACT Government or Federal Government agency that can issue prohibition notices, infringement notices, improvement notices, or enforceable undertakings.Note: Private investigators and or organisations do not constitute an approved investigative body under this policy. Any requests for CCTV footage from the public sector must be processed through an FOI request or court issued subpoena.All digital CCTV recordings stored on ACT Health systems must be automatically erased after the elapsed time period. Any recordings made to disk/CD and not collected within a reasonable time frame will be physically destroyed.Selection and InstallationAny requests by ACT Health business units for CCTV coverage must be made to Security Services and must be approved by the Agency Security Advisor in consultation with the Agency Security Executive subject to any security risk assessment or review conducted and a need for CCTV TV systems will only be installed in areas of operation accessed by the public and will NOT be installed in clinical treatment areas or internal to medical wards. An operational area does not include toilet facilities, a change room, a shower or other bathing facility, a parent/carer or nursing room, a sick bay, a first-aid room or any other area in a workplace prescribed by regulation. Cameras must not be hidden and must be placed in public view.When selecting and installing cameras consideration will be given to the physical environment and the features that may be required in cameras, (e.g. fixed, tilt, zoom, to name a few) or supporting infrastructure (e.g. high quality resolution system). The use of fake or false cameras is prohibited by ACT plaints about CCTVACT Health has a formal process to register any complaints regarding its service delivery. Any complaints regarding the ACT Health CCTV system can be made using this online process. The website address for complaints regarding CCTV can be accessed via: Agency Security Advisor or delegate is responsible for investigating any complaints relating to the CCTV system and will provide any appropriate responses. CCTV SignageUnder the CCTV Code of Practice, ACT Health must notify people if they are in an area where CCTV systems are operating, through the installation of approved signage (refer to Appendix A). Signage must include the four standard components of information required under the Privacy Act 1988 (Cth):CCTV pictogramPurpose (i.e. safety camera)Ownership (i.e. ACT Government)Contact information.Approved signage (refer to Appendix A) is available by contacting Shared Services Publishing Services at publications.act@.au.TrainingAll authorised officers utilising CCTV systems within ACT Health must receive adequate training. This training is coordinated by Security Services. This training must give the authorised officer a basic understanding of:The purpose and appropriate use of CCTV systems.Copying and releasing CCTV plaints handling and processes.The period for which CCTV recordings must be retained.Privacy obligations associated with CCTV use.The application of these Guidelines associated with their role.The Directorate will ensure that CCTV is used:Only by users trained and authorised to use CCTV systems, as defined in these guidelines.In accordance with all applicable legislation and standards, including, but not limited to all legislation and standards referred to in this document.Implementation This procedure will form part of the ACT Health Protective Security Framework. This procedure will be available on the Health Security intranet site for all staff to access.All ACT Health security staff and security contractors who operate CCTV equipment will be provided with CCTV training and compliance obligations as part of their work requirements.EvaluationOutcome MeasuresMethodACT Health CCTV security system is being operated in accordance with these guidelines.Regular monthly reviews of compliance against RISKMAN security incident reports.Maintain register of persons authorised to operate CCTV system.Annual audit of compliance by ASA and report provided to the Agency security Executive and Health Security Committee.All ACT Heath staff and security contractors accessing the CCTV system are appropriately trained to operate system.Provide appropriate CCTV operating training to all security administration and operational staff.Maintain register of all security staff who are authorised to operate CCTV system.All evidence provided to investigative bodies is in accordance with these guidelines.Monthly review of CCTV registers to identify requests for CCTV footage and supporting request documentation (police requests, subpoenas etc).All areas of are ACT Health are covered by appropriate CCTV surveillance signage.Annual audit of compliance by ASO.Ensure appropriate signage is installed with all new CCTV camera installations.Include the requirement for CCTV signage in the Health Security Designs Principles document. Related Policies, Procedures, Procedures, Frameworks, Standards and LegislationACT Health Protective Security PolicyACT Health Protective Security GuidelinesACT Government Protective Security Policy Framework (PSPF) 2013ACT Government Code of Practice for Closed Circuit Television SystemsAustralian Standard Closed Circuit Television (CCTV), AS 4806.1-2006Freedom of Information Act 1989Human Rights Act 2004Information Privacy Act 2014 and Territory Privacy RegulationsPublic Sector Management Act 1994 and Public Sector Management Standards 2016Territory Records Act 2002Workplace Privacy Act 2011Definition of Terms TermDefinitionAgency Security Advisor (Senior Manager, Protective Security)The Agency Security Advisor is responsible for providing advice on security risk and helping managers, employees and others devise and implement appropriate physical, personnel and information security measures and plans.Authorised OfficerA person with delegated authority by the Director General (via the ASA) to copy or review CCTV recordings. This person must be listed on the Health Security Services CCTV User TV Asset RegisterA register of CCTV systems utilised within each Health TV Copy RegisterA register of all CCTV requests made, including CCTV recordings copied to DVD. USB or another electronic TV recordingThe data, images and/or files recorded by the CCTV TV requestA request to review, copy, or release a recording made by Directorate CCTV systems. This process must follow the procedure outlined in this TV systemA system or network of CCTV TV User RegisterA list of authorised officers approved to use, review and copy CCTV systems outlined in this document. This list is managed by the Health ASA. Closed Circuit Television (CCTV)A television system intended for only a limited number of viewers, as opposed to broadcast television. This definition is inclusive of recording equipment (analogue or digital), display equipment, transmission systems, transmission media, and interface control.Code of PracticeACT Government Code of Practice for CCTV Systems.Agency Security Executive (ASE)An allocated senior executive will occupy the position of Agency Security Executive in accordance with the ACT GOV PSPFPrincipal Officer. Agency Security Advisor(Senior Manager, Protective Security)The person delegated by the Director-General of ACT Health to ensure that at all times the CCTV system is operated in accordance with the Code and procedures which have been adopted by the Directorate. In this case, it is the Agency Security Advisor.Agency Security OfficerSecurity Operations ManagerThe Security Operations Manager is designated as the Agency Security Officer as defined in the ACT GOV PSPF and assists the Health ASA. PSPF.Protective Security Policy Framework 2013. The over-arching protective security framework that governs protective security standards across all ACT Government Directorates.Position of TrustA position within the organisation where there is a higher onus on the position holder for assurance of honestly and confidentiality due to the sensitivity of the information that they may have access too. ReferencesACT Government CCTV Code of PracticeAustralian Standard Closed Circuit Television (CCTV), AS 4806.1-2006Search Terms CCTVClosed Circuit Television CamerasSecurity CamerasAttachmentsApproved CCTV camera SignageCCTV Authorised Officer (User) RegisterAccountability & Compliance MatrixCCTV Asset RegisterCCTV Request Flow TV Request for footage/images formCCTV Frequently asked questions (FAQS) sheet.Disclaimer: This document has been developed by ACT Health Business Support Services, Client Services, Security & Emergency- Security Services specifically for its own use. Use of this document and any reliance on the information contained therein by any third party is at his or her own risk and Health Directorate assumes no responsibility whatsoever.Attachment A – Approved CCTV Camera Signage533400720725This signage is to be used at all entry and exit points, or in the immediate vicinity where CCTV systems are used by ACT Health. Note: This is a WHoG example sign. ACT Health will have Health specific signs/stickers printed. Attachment B – CCTV User Register sampleCCTV User RegisterAuthorised Officer’s nameAuthorisation levelAuthorised Access to location/sAuthorisation granted by:Date of authorisationAnnual authorisation review date.Fred SmithAdministratorAll locationsJoe Bloggs ASA01/01/201601/01/2017John LemonSecurity OfficerTCH onlyJoe Bloggs ASA01/01/201601/01/2017Attachment C – Accountability and Compliance MatrixRoleResponsibilitiesRequirementCompliance LevelEvidence of complianceDirector-General(delegated to Agency Security Executive)Ensure release of CCTV recordings are scrutinised in accordance with these Guidelines.Section: Responsibilities (ASA), 1.2, 2.4Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Assess that CCTV systems are, on a strategic-level, operated in accordance with the Code.Section: Responsibilities (ASA), 1.2, Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Measure uptake of procedures and implementation by the Directorate in relation to CCTV.Section: Responsibilities (ASA), 1.2, 2.1Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Agency Security Advisor Oversee development of any CCTV procedures and ensure any amendments are made as required in light of operational experiences or changes to the system. Section: Responsibilities (ASA), 1.2Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]The Director CSSE is made aware of any changes to CCTV procedures within Security Services.Implement appropriate procedures to ensure the effective management and use of the CCTV system.Section: Responsibilities (ASA), 1.2Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]The Director CSSE has approved Standard Operating Procedures (SOPs) to the effective management and use of our CCTV systems.Undertake a compliance review of CCTV systems against these guidelines and the Code of Practice once a year, with the outcomes of the review provided to the Agency Security Executive. Section: Responsibilities (ASA), 1.2Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]The compliance review is listed as a standing item on the Director CSSE meeting agenda.Agency security OfficerUndertakes compliance assessment against these guidelines, the Code of Practice and relevant legislation, including maintenance of the integrity and security of the system and the protection and interests of the public. Section: Responsibilities ASO, 1.2, 2.0Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]The ASA is made aware of these compliance provisions through the six-monthly CAS statements and through this compliance review.Ensure that a fair system of staff selection, recruitment and adequate training is adopted for staff who are required to use the CCTV system.Section: Responsibilities ASO, 1.2, 2.0, 2.9Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]The ASO identifies staffs that need to utilise CCTV based on their position and provided an awareness session consistent with section 2.9 of the Guidelines.Approve the CCTV User Register.Section: Responsibilities ASO, 1.2, 2.0, 2.2.1Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]The ASA approves the CCTV User Register on an annual basis.Appoint personnel with direct control of the CCTV system for the operations and management of the CCTV system.Section: Responsibilities ASO, 1.2, 2.0, 2.2.1Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]These personnel are appointed and listed on the CCTV User Register.Refer any breaches or complaints of the CCTV system to the Agency Security Advisor .Section: Responsibilities ASO, 1.2, 2.7Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]All breaches and complaints have been referred to the ASA.Coordinate an annual compliance review of CCTV systems to ensure compliance with all CCTV policies and proceduresSection: Responsibilities ASO, 1.2, Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]An annual compliance review has been conducted in the form of this Compliance Matrix. This will be forwarded to the ASA.Develop and verify the CCTV Asset Register and CCTV Copy Register.Section: Responsibilities ASO, 1.2, Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Monthly reviews of the CCTV Asset register and Copy Register for compliance. Ensure all newly installed CCTVs are entered into the Asset Register.Ensure all authorised releases of CCTV data have the appropriate documentation approved and recorded in CCTV Copy RegisterSection: Responsibilities ASO, 1.2, 2.2.2Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Monthly reviews of the CCTV Copy register. Sign and authorise all release of copied data in compliance with these guidelines.Acquisition of relevant CCTV system equipment through consultation with the Agency Security Advisor.Section: Responsibilities ASO, 1.2, 2.0, 2.6Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]All new cameras are installed in consultation with the ASA, and SS-ICT and documented if any relevant risk assessments have been completed.In consultation with the ASA approve the release of CCTV recordings upon endorsement of release by the Agency Security Advisor, in accordance with these Guidelines.Section: Responsibilities ASO, 1.2, 2.0, 2.3, 2.4Fully Compliant / Partially Compliant /Not CompliantEnter comments on compliance level here]All requests for CCTV by third parties or Police are first endorsed by the ASA prior to releasing them and all associated documentation is completed.Record personnel who are authorised to view and copy CCTV recordings in the CCTV User RegisterSection: Responsibilities ASO, 1.2, 2.0, 2.3, 2.4Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Health has a policy outlining which positions or personnel are able to view and copy CCTV.Maintaining signage of CCTV systems.Section 1.2, 2.8Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Health displays the approved CCTV signs in accordance with Appendix A of the Guidelines. These are displayed in the immediate vicinity or at ingress/egress points where CCTV is used.Security Administration OfficerDay-to-day operation of CCTV systems in their areas of responsibility.Section: Responsibilities Security Admin. 1.2Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Overview and managed by ASO on a daily basis in accordance with section 2 of these guidelines.Review CCTV footage to detect breaches or offences in relation to investigations both internally and externally.Section: Responsibilities Security Admin. 1.2, 2.2, 2.3Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]All requests to review CCTV are approved by the ASO or ASA prior to the review. If a third party wishes a live review (Police) the ASO or ASA are first advised and present prior to review. Maintenance of CCTV system equipmentSection: Responsibilities Security Admin. 1.2Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Serviceability checks of CCTV cameras and systems are conducted fortnightly.Destruction and disposal of CCTV recordings.Section: Responsibilities Security Admin. 1.2, 2.5Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Health holds CCTV recordings for the time periods specified in these guidelines. These recordings are automatically overwritten after the lapse of the specified time frames.Download CCTV footage to a storage device (disk, USB drive, hard drive etc) when requested to do so as part of an investigation process. Section: Responsibilities Security Admin. 1.2, 2.3, 2.4Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]All requests for CCTV by third parties or Police are first endorsed by the ASA prior to releasing them and all associated documentation is completed.Security Officer (internal or external)Day-to-day operation of CCTV systems in their areas of responsibility.Section: Responsibilities Security Officer 1.2Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]Overview and managed by ASO on a daily basis in accordance with section 2 of these guidelines.Review CCTV footage to detect breaches or offences in relation to investigations both internally and externally.Section: Responsibilities Security Officer. 1.2, 2.2, 2.3Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]All requests to review CCTV are approved by the ASO or ASA prior to the review. If a third party wishes a live review (Police) the ASO or ASA are first advised and present prior to review. Any after-hours incidents involving CCTV are logged and reported to the ASO or ASA on next business day.Section: Responsibilities Security Officer. 1.2, 2.2, 2.3Fully Compliant / Partially Compliant /Not Compliant[Enter comments on compliance level here]All incidents involving CCTV are advised to ASO or ASA and logged into CCTV register. Any after-hours requests from Police are referred to ASO or ASA on next business day. lefttopAttachment D – Example of ACT Health CCTV Asset RegisterDivisionBusiness UnitItemMake and ModelSpecificationsSerial NumberDate of PurchaseLocationMovement RecordDecommission DateMedicineEmergency DepartmentPTZ camera420TVL Outdoor IR Night Vision Camera20m distance, 3.6mm lens, DC12V 300mA.SN34912101 Nov 2009Office Roof – observing car park exitInstalled – 05 Nov 2009Not applicableMental HealthAdult Mental Health UnitFixed camera with zoom capability600TVL WDR Day Night CameraDay/Night, 12Vdc/24Vac, 10x Digital zoom, 600TVL resolutionSN08278310 Dec 2010Front entranceInstalled - 20 Jan 2011Not applicableAttachment E – CCTV Request Process Flowchart. Security & ID Administration Canberra Hospital Building 2 Level 2 Phone: (02) 6244 2141 OR 6244 2143 Fax: (02) 6244 2686 TCHSecurity.Office@.auREQUEST FOR CCTV FOOTAGE AND IMAGESName (block letters only),From (Police Station/LAC)Job Number Formally request the following Video Footage and or images from ACT Health / Canberra Hospital CCTV System for the purpose of evidence in an official Police Investigation:Camera/s location:Date/Times of footageCCTV footage reviewed by:CCTV footage copied to disk on:Number of evidence DVD’s copies provided – Signature and Badge Number. (Receiving Officer)Date / /201SignatureThe Security Operations Manager (or on behalf of)Date / /201Signature ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download