Closed Circuit Television (CCTV) Procedure · Web viewSection 2-Use , Access and Installation 7 2.1 Use of CCTV Systems and Recordings 7-8 2.2 Registers Associated with the Governance

DGD17-011

ProcedureClosed Circuit Television (CCTV) Procedure Contents

Contents................................................................................................................................ 1-2

Purpose.....................................................................................................................................3

Scope........................................................................................................................................ 3

Roles and Responsibilities …..................................................................................................3-6

Section 1-Governance...............................................................................................................6

1.1 History…………………………………………………………………………………………………………….…….….6-7

1.2 Compliance.....................................................................................................................7

Section 2-Use , Access and Installation.....................................................................................7

2.1 Use of CCTV Systems and Recordings..........................................................................7-8

2.2 Registers Associated with the Governance of CCTV.......................................................8

2.2.1 CCTV User Register......................................................................................................8

2.2.2 CCTV Copy Register......................................................................................................8

2.2.3 CCTV Asset Register..................................................................................................8-9

2.3 Reviewing and Copying CCTV Recordings ......................................................................9

2.4 Releasing CCTV Recordings........................................................................................9-10

2.5 Retention & Disposal...............................................................................................10-11

2.6 Selection & Installation.................................................................................................11

2.7 Complaints Regarding CCTV..........................................................................................11

2.8 CCTV Signage................................................................................................................12

2.9 Training.........................................................................................................................12

Implementation...................................................................................................................... 13

Evaluation............................................................................................................................... 13

Related Policies, Procedures, Procedures, Frameworks, Standards and Legislation...............14

Definition of Terms............................................................................................................14-15

References.............................................................................................................................. 15

Search Terms.......................................................................................................................... 15

Attachments............................................................................................................................15

Doc Number Issued Review Date Area Responsible Page VersionDDG17-011 March 2017 March 2020 BSS/ CSSE 1 of 23 1.2

Do not refer to a paper based copy of this policy document. The most current version can be found on the ACT Health Policy Register

DGD17-011 A. Approved CCTV Camera Signage……………………………………………………………………………….D. CCTV Asset Register

E. CCTV Request Flow Chart

F. CCTV Footage Request Form



DGD17-011

Purpose

These procedures are to ensure that any Closed Circuit Television (CCTV) systems installed within ACT Health facilities are managed in accordance with government expectations and in compliance with all relevant legislation and related codes, including the ACT Government Code of Practice for Closed Circuit Television (the code).

These procedures provide ACT Health’s staff and contractors direction on their obligations in relation to use, managing, monitoring, recording, duplication, data storage, release and general access of CCTV systems when carrying out their official duties. Furthermore, these procedures outline where CCTV systems can be and cannot be installed to ensure compliance with government regulations and associated privacy requirements.

Scope

These procedures apply to all employees and contractors, who operate, service, repair and install CCTV systems within ACT Health facilities. These procedures relate to both digital and analogue CCTV systems installed as part of the SS-ICT/ ACT Health network or as ‘stand alone systems.

Note: Third party retail/commercial tenants that operate a CCTV system within an ACT Health facility (e.g. café, kiosk etc) are not strictly bound by this procedure, however, must comply with the requirement to have adequate signage advising that their facility has CCTV surveillance installed. This requirement will be stipulated in any retail tenancy/lease agreements.

Roles and Responsibilities

In accordance with the Code of Practice for CCTV the ACT Health Director-General is responsible for ensuring that the use of the CCTV system complies with the Code and all relevant legislation and standards. The Director-General delegates the strategic responsibilities for the management and operation of the Health’s CCTV systems to the ACT Health Agency Security Executive and in turn, the oversight and management of these responsibilities is designated to the Agency Security Advisor responsible for managing ACT Health Security Services. The responsibilities of particular users of Health’s CCTV systems are outlined below:

Role Responsibilities



http://www.justice.act.gov.au/resources/attachments/Code_of_Practice_SEMB_2009.pdf

http://www.justice.act.gov.au/resources/attachments/Code_of_Practice_SEMB_2009.pdf

DGD17-011 ACT Health Director-General In accordance with the Code, the Director-General is

responsible for governance over use of the CCTV system and compliance with the Code and all relevant legislation and standards.

The Director-General delegates responsibility for the management and operation of the Directorate’s CCTV systems to officers within the Directorate as specified below.

ACT Health Agency Security Executive (ASE)

The ASE has responsibility for the overarching operation of CCTV systems across ACT Health. The ASE is to ensure that guidelines and procedures related to CCTV systems are in place and those responsible are aware of their obligations.

The oversight of these responsibilities is delegated to the Agency Security Advisor (ASA).

Agency Security Advisor (ASA) [Senior Manager Protective Security]

The ASA is the delegated position by the Director-General for the responsibility for providing advice on security risk and assisting managers, employees and others to devise and implement appropriate physical, personnel and information security measures and plans in a timely manner.

Note: For the purpose of these guidelines, the term of Principal Officer as described in the ACT Government Code of Practice for Closed Circuit Television is the ASA. In relation to the management of CCTV, the ASA is responsible for:

Ensuring appropriate procedures are in place and communicate to those responsible so as to effectively manage the use of the CCTV system.

CCTV systems are operated in accordance with the Code

Overseeing the development of any CCTV procedures, amendments and updates are made as required.

Release of CCTV recordings are scrutinised in accordance with the ACT Health CCTV Management Guidelines.



DGD17-011 An effective complaints mechanism is implemented to deal

with privacy complaints, investigations and subsequent outcomes and any required actions.

A compliance review of CCTV systems against these guidelines and the Code is conducted once a year, with the outcomes of the review provided to the Agency Security Executive.

Agency Security Officer (ASO) [Manager Security Operations]

The ASO is responsible to the ASA for:

Coordinating an annual compliance review of CCTV systems to ensure compliance with all CCTV policies and procedures.

Developing and maintaining the CCTV Asset Register and CCTV Copy Register.

Recording personnel who are authorised to review and copy CCTV recordings in the CCTV User Register.

Acquisition of relevant CCTV system equipment through consultation with the Agency Security Advisor.

Destruction and disposal of CCTV recordings and recorded on the ‘CCTV Disposal Schedule’.

Maintenance of CCTV system equipment. Day-to-day operation of CCTV systems across the ACT Health

portfolio. Providing the ASA with information or documents about

CCTV systems across the ACT Health portfolio upon request. Day-to-day operation of CCTV systems in their areas of

responsibility. Maintaining signage of CCTV systems. In consultation with the ASA, approving the release of CCTV

recordings in compliance with this policy and supporting guidelines.

Providing the Agency Security Advisor with information or documents about CCTV systems within their business area upon request.



DGD17-011 Security Administration Officer Security Administration Officers are responsible to the ASO for:

Day-to-day operation of CCTV systems in their areas of responsibility.

Reviewing CCTV footage to identify beaches of security or to review security incidents.

Bookmarking CCTV footage to save for potential investigations both internal and external.

Download CCTV footage to a storage device (disk, USB drive, hard drive etc) when requested to do so as part of an investigation process.

Complete all required documentation associated with operating a CCTV system.

ACT Health Security Officers (internal or contractors) ACT Health Security Officers (either employees or contracted) are

responsible for:


Reviewing CCTV footage to identify beaches of security or to review security incidents.

Bookmarking CCTV footage to save for potential investigations both internal and external.

Reporting to ACT Health Security Administration officers or Health ASO issues/incidents relevant to CCTV surveillance of ACT Health facilities.

Back to Table of Contents

Section 1. Governance

1.1 Background

ACT Health is committed to minimising security risks in the public health care system, through the provision of a safe and secure environment for staff, patients, visitors, volunteers and contractors. To assist public confidence and reinforce community safety, Closed Circuit Television (CCTV) systems are used extensively across a number of ACT Health facilities including Canberra Hospital and several Community Health Centres. In 2009, the ACT Government released a Code of Practice for Closed Circuit Television Systems (Code of Practice). These guidelines build on this Code of Practice, developing a framework for the use of CCTV within the Directorate.



DGD17-011 Furthermore, CCTV systems form part of ACT Health’s Physical Security capabilities in relation to compliance with the ACT Government Protective Security Policy Framework (PSPF).

1.2 Compliance

All ACT Health employees and contractors engaged to represent ACT Health are accountable to the Director-General under these guidelines. Executives, managers and supervisors are to ensure that these guidelines are implemented within their business areas and these personnel are aware of their obligations under these guidelines.

Non-compliance with these guidelines is taken as a serious matter and could constitute a failure to comply with the obligations and standard of conduct expected of a public service employee, set out in the Public Sector Management Act 1994, the Public Sector Management Standards 2016 and the Enterprise Agreements.

Non-compliance may result in disciplinary action for breach(s) of the ACT Governments Code of Practice for CCTV. In the event of suspected criminal action; the matter will be referred to the Australian Federal Police or other relevant authorities for action.

The recording and retention of images will be undertaken in accordance with the Territory Records Act 2002 and any breaches relating to the unlawful use of images taken from the CCTV system could constitute a criminal offence under this Act. CCTV recordings will only be used in accordance with section 2.1 of these guidelines.

Back to Table of Contents

Section 2. Use, Access and Installation

2.1 Use of CCTV systems and recordings

ACT Health uses CCTV systems to assist in the protection of its employees, the public, Directorate assets and infrastructure. CCTV systems may also be used to support investigations, both internal and external.

The purpose of the ACT Health CCTV systems is to: Assist in the protection of the public. Provide a level of security for staff with direct contact with the public. Improve security for the protection of agency and community assets and infrastructure Assist in effective responses to security, safety and emergency incidents (to the public

and staff). Assist in the investigation of possible offences. Monitor traffic flows and traffic operations. Assist with business monitoring of high risk areas such as cashier desks etc.

CCTV recordings must not be used for commercial or entertainment purposes.

Where an employee or security contractor observes activity through monitoring of CCTV systems which may be of a criminal nature, this must be reported to the ACT Health Agency



DGD17-011 Security Officer (ASO) or Agency Security Advisor (ASA) immediately and if required, to ACT Policing.

Where an employee or security contractor observes activity through monitoring of CCTV systems which may be a breach of internal policies or procedures or another form of misconduct or anti-social behaviour, this must be reported immediately to the ACT Health ASO or ASA and a RISKMAN report completed.

2.2 Registers associated with governance of CCTV

To ensure appropriate governance of CCTV systems and operations, registers must be kept by Security Services. These can be in paper-based logs or electronic logs including audit trails maintained by Digital Video Recording systems.

2.2.1 CCTV User Register

A CCTV User Register must be kept by Security Services who have sole responsibility for operating CCTV systems. This register must contain the following information:

Authorised officers full name.

Extent of authorisation granted to the authorised officer (e.g. viewing, recording, copying and administrator).

Area or location in which the authorised officer has access to CCTV systems.

Person’s name who has granted authorisation to the authorised officer.

Date to review the authorised officer’s permissions to the CCTV systems.

In accordance with the ACT Health Protective Security Personnel Guidelines all employees and security contractors with access to CCTV are deemed to be in a Position of Trust (POT) and the appropriate security clearances will have been conducted.

2.2.2 CCTV Copy Register

A CCTV Copy Register must be kept by Security Services who manage and operate CCTV systems. This information must include:

Authorised officers’ name and date approved or reason not approved. Date and name of authorised officer when copied to disc. Disc number. Issues related to copying of recording. Details of who, where and when the disc was sent to. Reason for the duplication.



DGD17-011 2.2.3 CCTV Asset Register

A CCTV Asset Register is to be maintained for all CCTV equipment. The CCTV Asset Register must include:

Item (e.g. PTZ camera, DVR, etc). Make and model. Specifications. Serial number. Date of purchase. Location. Movement record. Decommission date. Other information such as maintenance undertaken.

Asset information may not always be retrievable from older CCTV (cameras installed in high places etc), however, every attempt will be made to obtain this information but may not always be possible. All new equipment installed after the implementation of these guidelines will be recorded in this register. As existing cameras, recorders etc are repaired or upgraded every effort should be made to ascertain the required information and update the register (such as make, model, and serial number).

2.3 Reviewing and copying CCTV recordings

This guideline outlines the process for reviewing, copying and releasing CCTV recordings. Authorised officers may review CCTV recordings in accordance with Security Services procedures and should keep manual records of any authorised officer reviewing and/or copying CCTV systems where electronic audit trails on systems are not available.

Authorised officers of ACT Health may review and/or copy CCTV recordings for the purposes listed in section 2.1 of this document. Examples of instances which may constitute review of CCTV recordings are to:

Investigate possible breaches of Directorate policies and/or procedures. Investigate damage to public property. Accident and insurance claims. Investigate critical incidents. Investigate possible cases of employee misconduct. Investigate safety or security incidents.

In accordance with the ACT Health Protective Security Policy (Information Security) all copied and downloaded CCTV footage will have a dissemination limiting marker applied categorised as ‘Official use Only’.



DGD17-011 2.4 Releasing CCTV recordings

All requests to release Directorate CCTV recordings to a third party must be received through ACT Health Security Services. A third party includes police officers. Health will only release CCTV recordings for lawful purpose as defined below. CCTV recordings must only be released, after endorsement by the Agency Security Advisor to:

Police Statutory authorities with powers to prosecute Solicitors, where the recording may be relevant in civil proceedings and a court

subpoena has been issued for release of specific CCTV footage Other government agencies with a legal requirement, such as Government Insurance

Office Person authorised by the Director-General who has demonstrated a lawful requirement

for the CCTV footage.(eg: FOI request)

All processes and records within the ACT Government are subject to Freedom of Information (FOI) requests, as per the Freedom of Information Act 1989. The Territory Records Act 2002 deems CCTV footage to be an official record, and therefore FOI requests apply to the CCTV System for the release of CCTV footage to third parties.

Under the Freedom of Information Act 1989 (FOI Act) section 14, provisions are available for the release of documents and records. However, in accordance with section 37 of the FOI Act, there are several exemptions that apply to the release of documents and records (and therefore include CCTV footage).This includes:

Prejudice the conduct of an investigation of a breach, or possible breach, of the law; Disclose, or enable a person to ascertain, the existence or identity of a confidential

source of information in relation to the enforcement or administration of the law; Endanger the life or physical safety of any person.

Upon endorsement of release by the Agency Security Advisor (subject to any legal advice if required) to release the CCTV recording, the Authorised Officer must complete the release section of the CCTV Request Form. Information which must be collected is the:

Authorised officers full name physically releasing the CCTV recording. Date, time and location of the CCTV recording being physically released to the recipient. Recipients’ full name, rank (if a Police Officer) and signature.

2.5 Retention and disposal

The Territory Records (Records Disposal Schedule – Property Management Records) stipulates that generally, CCTV recordings will be kept for a period of thirty (30) days after the date of creation. If CCTV recordings have been requested by an investigative and/or law enforcement body, the following retention and disposal timeframes apply.



http://www.legislation.act.gov.au/a/2002-18/ni.asp

DGD17-011 If a CCTV recording has been requested by investigative and law enforcement body in relation to incidents that caused significant political or public reaction or recordings relating to high profile incidents, e.g. murder, serious accidents, extremely violent assaults, these recordings must be retained indefinitely.

Where a CCTV recording has been requested by a government investigative or law enforcement body in relation to incidents not investigated or caused no significant political or public reaction, these recordings must be retained for seven (7) years. A government investigative or law enforcement body includes, but is not limited to:

Australian Federal Police (including ACT Policing) ACT Care and Protection ACT Civil and Administrative Tribunal (ACAT) ACT Environmental Protection Authority ACT Human Rights Commission ACT Insurance Authority ACT Office of Regulatory Services (including Fair Trading and WorkSafe ACT) Office of the Information/Privacy Commissioner Any other ACT Government or Federal Government agency that can issue prohibition

notices, infringement notices, improvement notices, or enforceable undertakings.

Note: Private investigators and or organisations do not constitute an approved investigative body under this policy. Any requests for CCTV footage from the public sector must be processed through an FOI request or court issued subpoena.

All digital CCTV recordings stored on ACT Health systems must be automatically erased after the elapsed time period. Any recordings made to disk/CD and not collected within a reasonable time frame will be physically destroyed.

2.6 Selection and Installation

Any requests by ACT Health business units for CCTV coverage must be made to Security Services and must be approved by the Agency Security Advisor in consultation with the Agency Security Executive subject to any security risk assessment or review conducted and a need for CCTV identified.

CCTV systems will only be installed in areas of operation accessed by the public and will NOT be installed in clinical treatment areas or internal to medical wards. An operational area does not include toilet facilities, a change room, a shower or other bathing facility, a parent/carer or nursing room, a sick bay, a first-aid room or any other area in a workplace prescribed by regulation.

Cameras must not be hidden and must be placed in public view.



DGD17-011 When selecting and installing cameras consideration will be given to the physical environment and the features that may be required in cameras, (e.g. fixed, tilt, zoom, to name a few) or supporting infrastructure (e.g. high quality resolution system). The use of fake or false cameras is prohibited by ACT Health.

2.7 Complaints about CCTV

ACT Health has a formal process to register any complaints regarding its service delivery. Any complaints regarding the ACT Health CCTV system can be made using this online process. The website address for complaints regarding CCTV can be accessed via: h ttp://www.health.act.gov.au/about-us/feedback

The Agency Security Advisor or delegate is responsible for investigating any complaints relating to the CCTV system and will provide any appropriate responses.

2.8 CCTV Signage

Under the CCTV Code of Practice, ACT Health must notify people if they are in an area where CCTV systems are operating, through the installation of approved signage (refer to Appendix A). Signage must include the four standard components of information required under the Privacy Act 1988 (Cth):

CCTV pictogram Purpose (i.e. safety camera) Ownership (i.e. ACT Government) Contact information.

Approved signage (refer to Appendix A) is available by contacting Shared Services Publishing Services at [email protected].

2.9 Training

All authorised officers utilising CCTV systems within ACT Health must receive adequate training. This training is coordinated by Security Services. This training must give the authorised officer a basic understanding of:

The purpose and appropriate use of CCTV systems. Copying and releasing CCTV recordings. Complaints handling and processes. The period for which CCTV recordings must be retained. Privacy obligations associated with CCTV use. The application of these Guidelines associated with their role.

The Directorate will ensure that CCTV is used: Only by users trained and authorised to use CCTV systems, as defined in these

guidelines. In accordance with all applicable legislation and standards, including, but not limited to

all legislation and standards referred to in this document.



mailto:[email protected]

http://www.health.act.gov.au/about-us/feedback

DGD17-011

Implementation

This procedure will form part of the ACT Health Protective Security Framework. This procedure will be available on the Health Security intranet site for all staff to access.

All ACT Health security staff and security contractors who operate CCTV equipment will be provided with CCTV training and compliance obligations as part of their work requirements.

Evaluation

Outcome Measures Method ACT Health CCTV security system is

being operated in accordance with these guidelines.

Regular monthly reviews of compliance against RISKMAN security incident reports.

Maintain register of persons authorised to operate CCTV system.

Annual audit of compliance by ASA and report provided to the Agency security Executive and Health Security Committee.

All ACT Heath staff and security contractors accessing the CCTV system are appropriately trained to operate system.

Provide appropriate CCTV operating training to all security administration and operational staff.

Maintain register of all security staff who are authorised to operate CCTV system.

All evidence provided to investigative bodies is in accordance with these guidelines.

Monthly review of CCTV registers to identify requests for CCTV footage and supporting request documentation (police requests, subpoenas etc).

All areas of are ACT Health are covered by appropriate CCTV surveillance signage.

Annual audit of compliance by ASO. Ensure appropriate signage is installed with

all new CCTV camera installations. Include the requirement for CCTV signage

in the Health Security Designs Principles document.

Related Policies, Procedures, Procedures, Frameworks, Standards and Legislation



DGD17-011 ACT Health Protective Security Policy

ACT Health Protective Security Guidelines

ACT Government Protective Security Policy Framework (PSPF) 2013

ACT Government Code of Practice for Closed Circuit Television Systems

Australian Standard Closed Circuit Television (CCTV), AS 4806.1-2006

Freedom of Information Act 1989

Human Rights Act 2004

Information Privacy Act 2014 and Territory Privacy Regulations

Public Sector Management Act 1994 and Public Sector Management Standards 2016

Territory Records Act 2002

Workplace Privacy Act 2011

Definition of Terms

Term DefinitionAgency Security Advisor(Senior Manager, Protective Security)

The Agency Security Advisor is responsible for providing advice on security risk and helping managers, employees and others devise and implement appropriate physical, personnel and information security measures and plans.

Authorised Officer A person with delegated authority by the Director General (via the ASA) to copy or review CCTV recordings. This person must be listed on the Health Security Services CCTV User Register.

CCTV Asset Register A register of CCTV systems utilised within each Health facility.CCTV Copy Register A register of all CCTV requests made, including CCTV recordings

copied to DVD. USB or another electronic device.CCTV recording The data, images and/or files recorded by the CCTV system.CCTV request A request to review, copy, or release a recording made by

Directorate CCTV systems. This process must follow the procedure outlined in this document.

CCTV system A system or network of CCTV equipment.CCTV User Register A list of authorised officers approved to use, review and copy

CCTV systems outlined in this document. This list is managed by the Health ASA.

Closed Circuit Television (CCTV)

A television system intended for only a limited number of viewers, as opposed to broadcast television. This definition is inclusive of recording equipment (analogue or digital), display equipment, transmission systems, transmission media, and interface control.

Code of Practice ACT Government Code of Practice for CCTV Systems.

Agency Security An allocated senior executive will occupy the position of Agency



DGD17-011

Executive (ASE) Security Executive in accordance with the ACT GOV PSPF

Principal Officer. Agency Security Advisor

(Senior Manager, Protective Security)

The person delegated by the Director-General of ACT Health to ensure that at all times the CCTV system is operated in accordance with the Code and procedures which have been adopted by the Directorate. In this case, it is the Agency Security Advisor.

Agency Security OfficerSecurity Operations Manager

The Security Operations Manager is designated as the Agency Security Officer as defined in the ACT GOV PSPF and assists the Health ASA.

PSPF. Protective Security Policy Framework 2013. The over-arching protective security framework that governs protective security standards across all ACT Government Directorates.

Position of Trust A position within the organisation where there is a higher onus on the position holder for assurance of honestly and confidentiality due to the sensitivity of the information that they may have access too.

References

ACT Government CCTV Code of Practice

Australian Standard Closed Circuit Television (CCTV), AS 4806.1-2006

Search Terms

CCTVClosed Circuit Television CamerasSecurity Cameras

Attachments

A. Approved CCTV camera SignageB. CCTV Authorised Officer (User) RegisterC. Accountability & Compliance MatrixD. CCTV Asset RegisterE. CCTV Request Flow chart.F. CCTV Request for footage/images formG. CCTV Frequently asked questions (FAQS) sheet.

Disclaimer: This document has been developed by ACT Health Business Support Services, Client Services, Security & Emergency- Security Services specifically for its own use. Use of this document and any reliance on the information contained therein by any third party is at his or her own risk and Health Directorate assumes no responsibility whatsoever.



DGD17-011

Attachment A – Approved CCTV Camera Signage

This signage is to be used at all entry and exit points, or in the immediate vicinity where CCTV systems are used by ACT Health.

Note: This is a WHoG example sign. ACT Health will have Health specific signs/stickers printed.



DGD17-011

Attachment B – CCTV User Register sample

CCTV User Register

Authorised Officer’s name

Authorisation level

Authorised Access to location/s

Authorisation granted by:

Date of authorisation

Annual authorisation review date.

Fred Smith Administrator All locations Joe Bloggs ASA 01/01/2016 01/01/2017John Lemon Security Officer TCH only Joe Bloggs ASA 01/01/2016 01/01/2017



ACT Health Closed Circuit Television (CCTV) Procedures

Attachment C – Accountability and Compliance MatrixRole Responsibilities Requirement Compliance Level Evidence of compliance

Director-General(delegated to Agency Security Executive)

Ensure release of CCTV recordings are scrutinised in accordance with these Guidelines.

Section: Responsibilities (ASA), 1.2, 2.4

Fully Compliant / Partially Compliant /Not Compliant

[Enter comments on compliance level here]

Assess that CCTV systems are, on a strategic-level, operated in accordance with the Code.

Section: Responsibilities (ASA), 1.2,



Measure uptake of procedures and implementation by the Directorate in relation to CCTV.

Section: Responsibilities (ASA), 1.2, 2.1



Agency Security Advisor Oversee development of any CCTV procedures and ensure any

amendments are made as required in light of operational experiences or changes to the system.

Section: Responsibilities (ASA), 1.2



The Director CSSE is made aware of any changes to CCTV procedures within Security Services.

Implement appropriate procedures to ensure the effective management and use of the CCTV system.




The Director CSSE has approved Standard Operating Procedures (SOPs) to the effective management and use of our CCTV systems.

Undertake a compliance review of CCTV systems against these guidelines and the Code of Practice once a year, with the outcomes of the review provided to the Agency Security Executive.




The compliance review is listed as a standing item on the Director CSSE meeting agenda.

Agency security Officer Undertakes compliance assessment against these guidelines,

the Code of Practice and relevant legislation, including maintenance of the integrity and security of the system and the protection and interests of the public.

Section: Responsibilities ASO, 1.2, 2.0



The ASA is made aware of these compliance provisions through the six-monthly CAS statements and through this compliance review.

Ensure that a fair system of staff selection, recruitment and adequate training is adopted for staff who are required to use the CCTV system.

Section: Responsibilities ASO, 1.2, 2.0, 2.9



The ASO identifies staffs that need to utilise CCTV based on their position and provided an awareness session consistent with section 2.9 of the Guidelines.

Approve the CCTV User Register. Section: Responsibilities ASO, 1.2, 2.0, 2.2.1



The ASA approves the CCTV User Register on an annual basis.

Appoint personnel with direct control of the CCTV system for the operations and management of the CCTV system.

Section: Responsibilities ASO, 1.2, 2.0, 2.2.1



These personnel are appointed and listed on the CCTV User Register.

Doc Number Issued Review Date Area Responsible Page VersionMarch 2017 Feb 2020 BSS- CSSE 18 of 23 1.1


Role Responsibilities Requirement Compliance Level Evidence of compliance

Refer any breaches or complaints of the CCTV system to the Agency Security Advisor .

Section: Responsibilities ASO, 1.2, 2.7



All breaches and complaints have been referred to the ASA.

Coordinate an annual compliance review of CCTV systems to ensure compliance with all CCTV policies and procedures

Section: Responsibilities ASO, 1.2,



An annual compliance review has been conducted in the form of this Compliance Matrix. This will be forwarded to the ASA.

Develop and verify the CCTV Asset Register and CCTV Copy Register.

Section: Responsibilities ASO, 1.2,



Monthly reviews of the CCTV Asset register and Copy Register for compliance. Ensure all newly installed CCTVs are entered into the Asset Register.

Ensure all authorised releases of CCTV data have the appropriate documentation approved and recorded in CCTV Copy Register

Section: Responsibilities ASO, 1.2, 2.2.2



Monthly reviews of the CCTV Copy register. Sign and authorise all release of copied data in compliance with these guidelines.

Acquisition of relevant CCTV system equipment through consultation with the Agency Security Advisor.

Section: Responsibilities ASO, 1.2, 2.0, 2.6



All new cameras are installed in consultation with the ASA, and SS-ICT and documented if any relevant risk assessments have been completed.

In consultation with the ASA approve the release of CCTV recordings upon endorsement of release by the Agency Security Advisor, in accordance with these Guidelines.

Section: Responsibilities ASO, 1.2, 2.0, 2.3, 2.4


Enter comments on compliance level here]

All requests for CCTV by third parties or Police are first endorsed by the ASA prior to releasing them and all associated documentation is completed.

Record personnel who are authorised to view and copy CCTV recordings in the CCTV User Register

Section: Responsibilities ASO, 1.2, 2.0, 2.3, 2.4



Health has a policy outlining which positions or personnel are able to view and copy CCTV.

Maintaining signage of CCTV systems. Section 1.2, 2.8 Fully Compliant / Partially Compliant /Not Compliant


Health displays the approved CCTV signs in accordance with Appendix A of the Guidelines. These are displayed in the immediate vicinity or at ingress/egress points where CCTV is used.

Security Administration Officer


Section: Responsibilities Security Admin. 1.2



Overview and managed by ASO on a daily basis in accordance with section 2 of these guidelines.

Review CCTV footage to detect breaches or offences in relation Section: Responsibilities Security Admin. 1.2, 2.2,

Fully Compliant / Partially Compliant /Not




Role Responsibilities Requirement Compliance Level Evidence of compliance

to investigations both internally and externally. 2.3 Compliant All requests to review CCTV are approved by the ASO or ASA prior to the review. If a third party wishes a live review (Police) the ASO or ASA are first advised and present prior to review.

Maintenance of CCTV system equipment Section: Responsibilities Security Admin. 1.2



Serviceability checks of CCTV cameras and systems are conducted fortnightly.

Destruction and disposal of CCTV recordings. Section: Responsibilities Security Admin. 1.2, 2.5



Health holds CCTV recordings for the time periods specified in these guidelines. These recordings are automatically overwritten after the lapse of the specified time frames.

Download CCTV footage to a storage device (disk, USB drive, hard drive etc) when requested to do so as part of an investigation process.

Section: Responsibilities Security Admin. 1.2, 2.3, 2.4



All requests for CCTV by third parties or Police are first endorsed by the ASA prior to releasing them and all associated documentation is completed.

Security Officer (internal or external)


Section: Responsibilities Security Officer 1.2



Overview and managed by ASO on a daily basis in accordance with section 2 of these guidelines.

Review CCTV footage to detect breaches or offences in relation to investigations both internally and externally.

Section: Responsibilities Security Officer. 1.2, 2.2, 2.3



All requests to review CCTV are approved by the ASO or ASA prior to the review. If a third party wishes a live review (Police) the ASO or ASA are first advised and present prior to review.

Any after-hours incidents involving CCTV are logged and reported to the ASO or ASA on next business day.

Section: Responsibilities Security Officer. 1.2, 2.2, 2.3



All incidents involving CCTV are advised to ASO or ASA and logged into CCTV register. Any after-hours requests from Police are referred to ASO or ASA on next business day.



Attachment D – Example of ACT Health CCTV Asset Register

Division Business Unit

Item Make and Model

Specifications Serial Number

Date of Purchase

Location Movement Record

Decommission Date

Medicine Emergency Department

PTZ camera

420TVL Outdoor IR Night Vision Camera

20m distance, 3.6mm lens, DC12V 300mA.

SN349121 01 Nov 2009

Office Roof – observing car park exit

Installed – 05 Nov 2009

Not applicable

Mental Health

Adult Mental Health Unit

Fixed camera with zoom capability

600TVL WDR Day Night Camera

Day/Night, 12Vdc/24Vac, 10x Digital zoom, 600TVL resolution

SN082783 10 Dec 2010

Front entrance

Installed - 20 Jan 2011

Not applicable


Document Number Allocated after endorsement

Attachment E – CCTV Request Process Flowchart.

Doc Number Version Issued Review Date Area Responsible Page1.3 March 2017 March 2017 BSS-CSSE 22 of 23

Document Number Allocated after endorsement

Security & ID Administration Canberra Hospital Building 2 Level 2

Phone: (02) 6244 2141 OR 6244 2143 Fax: (02) 6244 2686

[email protected]

REQUEST FOR CCTV FOOTAGE AND IMAGESName (block letters only),

From (Police Station/LAC)

Job Number

Formally request the following Video Footage and or images from ACT Health / Canberra Hospital CCTV

System for the purpose of evidence in an official Police Investigation:

Camera/s location:

Date/Times of footage

CCTV footage reviewed by:

CCTV footage copied to disk on:

Number of evidence DVD’s copies provided –

Signature and Badge Number. (Receiving Officer) Date

/ /201Signature

The Security Operations Manager (or on behalf of)

Date

/ /201Signature

Doc Number Version Issued Review Date Area Responsible Page1.3 March 2017 March 2017 BSS-CSSE 23 of 23

mailto:[email protected]

Documents

Closed Circuit Television (CCTV) Procedure · Web viewSection 2-Use , Access and Installation 7 2.1 Use of CCTV Systems and Recordings 7-8 2.2 Registers Associated with the Governance