Financial Sector Safety and Security Guidelines CCTV Specifications Summary

Financial Sector Safety and Security Guidelines CCTV Specifications Summary
No: 694270000149 Date(g): 22/7/2019 | Date(h): 20/11/1440 Status: In-Force
Reference to the telegram from His Royal Highness, the Minister of Interior, No. 68733 dated 27/03/1440H, regarding the Royal Decree No. 59766 dated 20/11/1439H, which directs the Ministry of Interior to prepare a regulatory framework mandating all government, commercial, and public places, as well as any other locations deemed necessary by the Ministry, to install security surveillance cameras connected to the National Information Center. Also, in reference to the telegram from the Deputy Minister for Security Capabilities, No. 8692 dated 03/09/1440H, which includes instructions for the relevant authorities to require banks and financial institutions, to implement the agreed-upon technical specifications for security systems and to provide the agency with a timeline for implementation.
Attached herewith is the final version of the technical specifications for the security systems in the financial sector. We kindly request that you expedite their implementation from the date of this notice for all your new or under-construction locations. For existing premises, you are required to provide SAMA within two weeks of this notice with an upgrade and modification plan that includes the site name, number of cameras, and the timeline. Should you have any inquiries regarding this matter, please coordinate with the advisor to the Deputy Governor for the Development of the Financial Sector or contact via email at (BankingSafetySecurity@SAMA.GOV.SA).

Security Surveillance Systems

The Security Surveillance Systems specified in this document are based on the following standards:
	•	BS EN 62676-4 2015, Application Guidelines, including Operational Requirements.
	•	Centre for Applied Science and Technology CAST (UK Government).
	•	ANSI/ASIS PAP-1:2012 Physical Asset Protection.
Note:
	•	The minimum recording retention for all bank facilities (Head Office, Branches, Cash Centres and ATMs) security surveillance systems shall be 90 days.
	•	In the event of any claims or complaints from customers, financial organisations need to create a copy of the CCTV footage of the incident and store it for a period of 1 year from the date of receiving the complaint
	•	In the event of any rejected claims or complaints from the customer, banks need to take a copy of the CCTV footage of that incident and store for a period of 5 years from the date of the complaint.
The following specifications shall be used to define surveillance objectives for CCTV equipment at branches:
CCTV system surveillance objectives

Ser	Surveillance objective	Body representation	Appropriate linear resolution	Face width	Camera type required for coverage
1	Identification	120%	250 Pixels/m	40 Pixels	Full HD with WDR above 120db
2	Recognition	50%	100 Pixels/m	17 Pixels	Full HD camera
3	Detection	10%	20 Pixels/m	3 Pixels	Full HD Camera

The following table defines how specific areas within branches/facilities shall be considered with reference to the surveillance objectives defined above.

Surveillance objectives by branch/facility area

Branch/facility area	Surveillance objective
All entrances and exits; indoor and outdoor	Identification
Full coverage of parking areas	Detection
Full coverage of cash counters	Identification
Full coverage of perimeter area	Detection
Full coverage of reception and customer waiting area	Identification
Full coverage of service area	Recognition
Full coverage of locker/safe rooms	Identification
Emergency doors and exits	Identification
Entrances to utility/communication/HVAC/electrical rooms	Identification
Full coverage of IT rooms and data centres	Identification
Full coverage of ATMs	Identification
Cull coverage of customer face at ATM/CCDM	Identification

The following table specifies the branch surveillance objectives by functional area and the technology required to achieve these objectives.

Surveillance objectives by branch (Customer side) functional area and technological requirements

Functional area	Surveillance objective	Technology required
Main branch entrance	Identification	Wide Dynamic Range (WDR) and IR camera
Waiting area	Identification	Normal dome camera with 2.8 - 12mm VF lens
Reception	Identification	Normal dome camera with 2.8 - 12mm VF lens
Corridors	Detection	Normal dome camera with 2.8 - 12mm VF lens
Lobbies	Identification	Normal dome camera with 2.8 - 12mm VF lens
Tellers	Identification	WDR Box camera with 20mm VF lens
Operations area	Recognition	Indoor IR camera with VF lens
Elevators - outside of elevator	Recognition	Normal dome camera with 2.8 - 12mm VF lens
Customer Parking	Recognition	Outdoor IR/PTZ IR camera
Perimeter	Recognition	Outdoor IR/PTZ IR camera
ATM	Identification	Inbuilt pin-hole camera

The following table specifies the office surveillance objectives by functional area and the technology required to achieve these objectives.

Surveillance objectives by office (Staff /Employee side) functional area and technological requirements

Functional area	Surveillance objective	Technology required
Main entrance door	Identification	WDR camera
Reception	Identification	Normal dome camera with 2.8 - 12mm VF lens
Lobby	Identification	Normal dome camera with 2.8 - 12mm VF lens
Corridors	Detection	Normal dome camera with 2.8 - 12mm VF lens
Elevators	Detection	Normal dome camera with 2.8mm VF lens
Emergency exits	Identification	Normal dome camera with 2.8 - 12mm VF lens
Storage areas	Recognition	Normal dome camera with 2.8 - 12mm VF lens
IT / IDF room	Identification	Indoor IR camera with VF lens
Security Control Room / IT room	Identification	Indoor IR camera with VF lens
SWIFT/dealing/treasury room	Recognition	IR camera with VF lens
File and Passport office	Recognition	IR camera with VF lens
Data centre	Identification	Indoor IR camera with VF lens
Vault - outside	Identification	Indoor IR camera with VF lens
Vault - inside	Identification	Indoor IR camera with VF lens
Office entrance	Recognition	Normal dome camera with 2.8 - 12mm VF lens
Vehicle entry	Identification	Indoor IR camera with VF lens and number plate recognition
Access points to the building	Detection	Indoor IR camera with VF lens
Utility rooms	Recognition	Indoor IR camera with VF lens
Perimeter	Detection	PTZ camera/Outdoor IR camera
Parking - indoor	Detection	Indoor IR camera with VF lens
Parking - outdoor	Detection	PTZ camera/Outdoor IR camera

CCTV System Installation Requirements

The CCTV system design shall enable monitoring of buildings and facilities from a security control room; furthermore, the system must be able to integrate with third party systems including but not limited to the Building Management System (BMS), Access Control Systems (ACS) and the Intruder Detection System (IDS).
The system must be designed, engineered, furnished, delivered, installed and tested prior to handover, with appropriate handover documentation signed by the receiving authority and the installation engineers. The system must be supported by an Uninterruptable Power Supply (UPS) as well as being connected to a generator to ensure for long term continuity in the event of power loss.
The security surveillance system must support the following recording types:
	•	Motion Detection
	•	Continuous Recording
	•	Video Analytics
Each branch/facility shall maintain a register which records all security equipment failures, including details regarding time and date of failure; type of failure; action taken; date of rectification. All failures and intentional stoppages of the system shall be recorded in the log.
All cameras shall be installed in protective enclosures at locations and heights which are not easily accessible. These enclosures shall be rated to prevent the ingress of dust, dirt and moisture that might affect the operation of the camera. Vandal proof housings shall be used for cameras installed at a height which is accessible to people. Outdoor camera enclosures shall be rated to a minimum of IP66, with a sun-shield.
All siting of cameras should appropriately consider factors such as lighting ambient conditions.
Supporting CCTV equipment shall be installed in lockable racks or cabinets in secure rooms, in accordance with the branch security zoning policy.

General CCTV Camera Specifications

CCTV cameras shall be compliant with the following specifications:
	•	IP cameras shall be compliant with the H.264 baseline encoding profile
	•	IP cameras shall be capable of multi-stream with its native resolution and FPS
	•	Live stream of IP cameras shall be a minimum resolution of 720p at a minimum of 12 FPS
	•	Recording streams of IP cameras shall be in accordance with storage requirements in this document
	•	Each camera shall be configurable with a single IP address
	•	IP cameras shall support security features including HTTPS standards
	•	IP cameras shall be able to automatically start streaming according to the last known configuration when it is restarted/reset/rebooted
	•	Cameras must support 4CIF through full HD resolutions
	•	Full HD quality day and night cameras with wide dynamic range (WDR) above 120dbs and with backlight compensation shall be required for the main areas as per surveillance objectives
	•	The FPS software should be capable of being scalable between 12 - 30 FPS
	•	IP cameras shall be synchronised to the NTP server or similar time server
	•	All cameras shall be configured with a unique name based on the location and coverage; camera names shall not be repeated.
	•	The system must have a time and date display on the image.
	•	The system must be capable of searching by time, date and the camera for real time view.
	•	The system must be an integral part of a private network with an IP-based infrastructure.
	•	The network infrastructure should be able to afford high quality images and video during display and recording.
	•	A firewall and security system should be provided for the CCTV network in case of connecting to other networks.
	•	The system should give warnings when the communication is interrupted or lost.

Specifications for CCTV Cameras and NVR Server

The following tables define the exact specifications for each specific camera type employed at branches/facilities and the NVR server.

PTZ IP cameras

PTZ IP cameras specification table

Ser	Specification description
1.	The image sensor shall be ⅓or ½ CMOS (complementary metal-oxide semiconductor)
2.	Shall be true Day and Night and automatically switches between colour and black/white depending on the illumination
3.	Minimum of 20x optical zoom and 12x digital zoom, minimum 2 Megapixel Full HD resolution cameras. Min of 20x optical zoom in HD cameras
4.	Optical zoom control shall provide a scaling function that automatically adjusts the speed of the pan and tilt movement dependent on the field of view
5.	Shall be a true IP camera with a high-level connection to the other components in the system; camera shall communicate internal errors and support built-in functions like motion detection through a TCP/IP
6.	Auto focus and iris with manual override
7.	Shall support a minimum illumination for colour 0.2 lux 80% scene reflectance and 0.02 lux 80% scene reflectance for B/W
8.	Shall have back-light compensation; multiple users; privacy zone masking; auto and manual tour; remote set-up and automatic image flip
9.	Gain control should be automatic; manually 'on' or 'off'
10.	Shall be capable of utilising encrypted password transmission (HTTPS)
11.	Panning range shall be 360° continuous and tilting range shall be 180°. In-built geared pan/tilt is preferred
12.	Pan/tiIt speed shall be minimum of 0.5%/s to 100%/s
13.	Minimum 100 pre-sets and shall have accuracy of +/- 0.1°
14.	Operating temperature shall be -10°C to +60°C. Relative humidity shall be 0 - 95% non- condensing
15.	Shall have built-in compression algorithms such as MJPEG and H.264
16.	Vandal- and dust-proof housing construction with polycarbonate dome and cast aluminium body
17.	Shall be ONVIF (open network video interface forum) compliant
18.	Outdoor cameras shall be in an IP66 rated enclosure with sun-shroud
19.	Cameras must contain open API and support multi streaming

External fixed IP cameras

External fixed IP cameras specification table

Ser	Specification description
1	The image sensor shall be ⅓ or ½ CMOS. CCD chips used in less than 0.5 lux illumination with 20mm vari-focal lens, minimum 2-megapixel camera. Lux should be 0.2lux colour, 0.01 lux B/W
2	Shall be D/N automatically, switching between colour and B/W mode and vice versa
3	Auto focus and iris with manual over-ride
4	Shall have upgradable internal storage minimum 32GB SD card
5	Shall be ONVIF (open network video interface forum) compliant
6	Outdoor cameras shall be in an IP66 rated enclosure with sun-shroud
7	Shall support 12VDC, 24VDC and POE (power over Ethernet)
8	Automatic tracking white balance
9	Operating temperature should be -10 to +60
10	Cameras must contain open API and support multi streaming

Dome IP cameras

Dome IP cameras specification table

Ser	Specification description
1	The image sensor shall be ⅓ or ½ CMOS. CCD chips used in less than 0.5 lux illumination with 20mm vari-focal lens, minimum 2-Megapixel camera. Lux should be 0.2lux colour, 0.01 lux B/W
2	Auto focus and iris with manual over-ride
3	Shall have tri-axis
4	Shall have upgradable internal storage minimum 32GB SD card
5	Shall be ONVIF (open network video interface forum) compliant
6	Shall support 12VDC, 24VDC and POE (power over Ethernet)
7	Automatic tracking white balance
8	Shall have built-in compression algorithms such as MJPEG and H.264
9	Cameras must contain open API and support multi streaming

Indoor IR IP cameras

Indoor IR IP cameras specification table

Ser	Specification description
1	The image sensor shall be ⅓ or ½ CMOS. CCD chips used in less than 0.5 lux illumination with 20mm vari-focal lens, minimum 2-megapixel camera. Lux should be 0.2lux colour, 0.01 lux B/W
2	High power infrared LED's
3	Auto focus and iris with manual over-ride
4	Shall support 12VDC, 24VDC and POE (power over Ethernet)
5	Shall have built-in compression algorithms such as MJPEG and H.264
6	Shall be ONVIF (open network video interface forum) compliant
7	Automatic tracking white balance
8	Cameras must contain open API and support multi streaming

Indoor IP Box cameras

Indoor IP Box cameras specification table

Ser	Specification description
1	The image sensor shall be ⅓ or ½ CMOS. CCD chips used in less than 0.5 lux illumination with 20mm vari-focal lens, minimum 2-Megapixel camera. Lux should be 0.2lux colour, 0.01 lux B/W
2	Dual encoding stream support
3	Support up to 32GB SD card capable to record in motion in case of NVR failure
4	Automatic tracking white balance
5	Shall have built-in compression algorithms such as MJPEG and H.264
6	Shall be ONVIF (open network video interface forum) compliant
7	Shall support 12VDC, 24VDC and POE (power over Ethernet)
8	Cameras must contain open API and support multi streaming

Outdoor IR IP cameras

Outdoor IR IP cameras specification table

Ser	Specification description
1	The image sensor shall be ⅓ or ½ CMOS. CCD chips used in less than 0.5 lux illumination with 20mm vari-focal lens, minimum 2-Megapixel camera. Lux should be 0.2lux colour, 0.01 lux B/W
2	Auto focus and iris with manual override
3	Shall support a minimum illumination for colour 0.2 lux 80% scene reflectance and 0.02 lux 80% scene reflectance for B/W
4	High power infrared LEDs
5	Shall have built-in compression algorithms such as MJPEG and H.264
6	Shall be ONVIF (open network video interface forum) compliant
7	Outdoor cameras shall be in an IP66 rated enclosure with sun-shroud
8	Operating temperature shall be -10°C to +60°C. Relative humidity shall be 0 - 95% non- condensing
9	Cameras must contain open API and support multi streaming

Pinhole IP cameras

Pinhole IP cameras specification table

Ser	Specification Description
1.	The image sensor shall be ⅓ or ½ CMOS. CCD chips used in less than 0.5 lux illumination with 20mm vari-focal lens, minimum 2-Megapixel camera. Lux should be 0.2lux colour, 0.01 lux B/W
2.	Super wide dynamic range
3.	Shall have built-in compression algorithms such as MJPEG and H.264
4.	Shall be ONVIF (open network video interface forum) compliant
5.	Operating temperature shall be -10°C to +60°C. Relative humidity shall be 0 - 95% non-condensing
6.	Cameras must contain open API and support multi streaming

NVR server

NVR specification table

Ser	Specification description
1	When viewing recorded footage the server shall be capable of providing 90 to 180 days of continuous recorded footage at a minimum of 12 FPS with the resolution of 5MP with RAID 5 on hot swappable hard disk arrangement; the RAID 5 shall be hardware controlled. External NAS/SAN storage shall be considered for any branch installation with more than 32 cameras
2	Shall be capable of full operation under a Physical Security Information Management (PSIM) system with full integration capability for video analytics
3	Shall be client-server based NVR
4	Shall support simultaneous recording, playback, exporting video and searching
5	Shall support recording of a minimum of 12 FPS with 5MP resolution for each video channel individually
6	Shall have extra 25% provision in video inputs and storage capacity for future expansion
7	Shall support H.264/MPEG4/MJPEG compression
8	Shall have twin gigabit Ethernet ports
9	Shall have a USB ports and HDMI ports and VGA ports
10	Shall be based on Linux or Windows server (at least 2008) standard platform or above
11	The NVR and storage shall be equipped with dual processor, dual power supplies and a minimum of 10/1 gigabit per second dual communication uplinks to network with any single point of failure.
12	The CPU load of server and storage must not exceed 70%
13	Shall support plug and play configuration
14	Shall support individual camera schedule with different frame rates and resolution
15	Shall support continuous, motion based, alarm and events based recording
16	Shall be synchronised automatically with time server or NTP server
17	Shall support ONVIF communication protocol
18	Shall support multiple users with different privileges
19	Shall be protected with passwords
20	Shall be capable of sending an email in the event of a loss of video or NVR failure
21	Shall be in a secure location, which limits access to those with access rights and fixed in an IT rack

CCTV Operational Deployment Requirements

The following operational deployment requirements for CCTV will be maintained for all branches/facilities

Security Surveillance operational deployment requirements

Ser	Operational deployment requirement
1	Each branches/facilities entrance and exit (whether from outside or from inside a building) shall be provided with a dedicated CCTV camera, deployed to provide identification of an unknown person, e.g. 120% of screen height. Cameras looking towards the outside of the building from an internal mounting position will need a wide dynamic range in order to capture the intended target
2	All internal public circulation and assembly areas shall be provided with a camera with general views which allow the individual target to be tracked throughout the branch. This requires recognition of a known person e.g. 50% of screen height
3	Each entrance to the private (staff) domain (whether from the exterior or from the public domain) shall be provided with a dedicated CCTV camera, deployed to provide identification of an unknown person, e.g. 120% of screen height. Cameras looking towards the outside from an internal mounting position will need a wide dynamic range in order to capture the intended target
4	Provided the entrance to the private (staff) domain are sufficiently covered by CCTV there should be no need to track through the common staff areas, unless required by each individual bank policy
5	As well as a general view of the teller area, each individual teller station should have its own dedicated camera. The dedicated camera should be able to capture all transactions as well as identifying an unknown customer e.g. 120% of screen height. The dedicated camera should ideally be positioned above the teller station, looking towards the customer, but capturing the whole workstation. It is required to cover cash drawers and activity of the same area
6	Highly restricted access areas (operations room, IT servers, data centres, safety deposit rooms, tellers, operations area and any other cash dealing areas) require fixed cameras with general views which allow an individual target to be tracked throughout the area while monitoring their activities. This requires identification of a known person, e.g. 1200% of screen height. If the area is too large to be covered by an individual camera, additional cameras shall be deployed as necessary to comply with this guidance
7	The entrance to the vault/strong room/safety deposit box room shall be provided with a dedicated CCTV camera on the inside in addition to the vault entrance from the outside, deployed to provide identification of an unknown person, e.g. 120% of screen height. Additionally, the area should be provided with general views which allow an individual target to be tracked throughout the area while monitoring their activities, requiring recognition of a known person, e.g. 50% of screen height. Users of safety deposit boxes shall be provided a private area where items can be deposited and removed out of sight of the cameras
8	The entire cash and valuables in transit (CVIT) route shall be monitored by CCTV. The route should be provided with a general view which allows an individual target to be tracked along the entire path and their activities monitored, requiring recognition of a known person, e.g. 50% of screen height
9	All ATM's shall have a wide dynamic range camera within the body of the machine to identify the user, e.g. 120% of screen height. Additionally, all ATM shall have a general view camera covering the area around the machine which provides recognition of a known person, e.g. 50% of screen height
10	All branch external facades shall be monitored by CCTV. The cameras shall be able to observe the activities around the entire branch perimeter, e.g. 25% of screen height. Additionally, any external areas owned by the branch, such as customer and staff parking, should also have observation coverage.
11	It is mandatory for fixed CCTV cameras to be deployed in the following areas:
	Teller areas/teller counters focussing to teller and customer's face as well as teller counter for cash demonstration (using one camera for each teller and another camera for the drawer)
	Teller door entrance/teller counters field area
	Customer services and waiting areas
	Operations areas, back office and cash loading area
	All corridors leading to the vault, where applicable
	Branch vault room, focussing on the whole vault entrance/exit
	Branch vault room, focussing on the cash cabinet and the entrance
	Safety deposit box room entrance
	ITD server; SWIFT/dealing and security room: CPD; Cad file office; HR filing; passport office; IDF room
	On-site and off-site ATMs (a minimum of two cameras, one focussing on the customer's face and the other on the withdrawal of cash; with an additional camera used for perimeter/rear entry of the service cabinet, where applicable)
	Staff entrance door
	Bank main entrance
	Bank premises and parking area
	Lift lobbies, office entrances and emergency exit
	Customer service, counter coverage and reception area
	Any other risk area as per requirements
	To cover the security items
	Entry to high security areas, subject to prior approval from authorised staff
	Design and fixing of cameras shall be in proper sequence with the recording device
	Specification and viewing angles shall comply with SAMA policy
	Recording capacity shall be in accordance with SAMA policy
	NVR recorder must be secured in accordance with this document
	CCTV system shall be supported by a UPS in accordance with SAMA requirements
	There shall be separate power supply for all devices and cameras
	No cables shall be exposed without conduits
	CCTV room temperatures shall be maintained as per system requirements
	Spot monitor for branch manager and security officer
	Sufficient lighting shall be provided for all monitoring and recording areas
	Security system drawings must be received from the supplier prior to the installation of the systems, and once the systems have been installed
12	CCTV room shall be covered by a camera and the entrance shall be via an access control system reader. Only designated and authorised bank personnel shall handle the CCTV system and equipment
13	Deployment of CCTV cameras shall be at an appropriate angle, in which maximum areas can be viewed. In the event that a camera's location needs to be changed approval shall be sought from the respective branch manager or department head in consultation with the security department
14	Branch staff shall be assigned to ensure the correct temperature is maintained in the CCTV room
15	A CCTV system viewing monitor shall be installed in the office of the respective branch manager
16	Authorisation for access to the security system control room shall be restricted to the designated staff only. In the event of a requirement for system vendor/maintenance technician attendance, this should only be authorised by the designated responsible staff and designated security department personnel. Technician attendance should be logged alongside the purpose for the visit
17	Entry to the CCTV/IT room is restricted and all entry shall be documented in the security log-book alongside a reason and relevant justification
18	Support to law enforcement authorities will follow the bank procedures after approval by the bank's security department
19	Video data overwriting or missing recordings shall be reported immediately to the branch/facility management and the security department
20	To ensure optimum system performance the branch manager/delegated staff shall check the CCTV system on a daily basis; the Head of branch operations/delegated staff shall ensure that the security personnel are checking the system on a daily basis and that there is no interruption to the system. Checks should include whether standard time is applied to the security system. Any interruption in recording or fault in the security system shall be reported immediately to the security department who will coordinate with the vendor maintenance team
21	Security systems maintenance records shall be maintained in a separate file for future record and maintenance. All visits of contractors/system vendors shall be recorded in the log, and shall be at the prior approval of relevant branch/facility manager in consultation with the bank security department
22	The CCTV checking form used in branches and bank facilities shall be maintained daily and submitted at the end of the month by security to the security department; it shall be signed by the designated staff alongside the signature of the security guard
23	In compliance with system maintenance requirements, the CCTV system shall be regularly maintained by the vendor to ensure it is working optimally
24	Each branch/facility must ensure that the system is in operational condition at all times and recordings are stored for the duration dictated by SAMA regulations
25	All cameras on the NVR shall be coded with a unique identification number
26	All equipment requiring users to log on using a password shall be configured with user/site-specific password/passwords. No system/product default passwords shall be allowed
27	The CCTV system at all branches/facilities shall be inspected annually by the security department

CCTV Surveillance Specifications

1. General

The ATM will have a pin-hole camera located above the client facing screen to record the client's face, this will be supported by an overhead camera to record the transaction and whether cash was deposited and withdrawn. Additionally, in the case of an off-site ATM and additional camera is to be located to observe and cover rear entrance to the cash service room as well as an internal camera to observe the custodians/financial organisation employees during their activities inside the service room. Supporting CCTV equipment shall be installed in lockable racks or cabinets in secure rooms, in accordance with the branch security zoning policy.

Note: This section must be read along with Security Surveillance Systems, from pages 2-16, as the primary resource and means to support and clarify the surveillance requirements.

Camera Description
1.	The specified unit shall be of manufacturer's official product line, designed for commercial and/or industrial 24/7/365 use.
2.	The specified unit shall be based upon standard components and proven technology using open and published protocols
3.	The specified unit shall be manufactured in accordance with ISO 14001.

Certifications and Standards

General abbreviations and acronyms:

	1.	AGC: Automatic gain control
	2.	AES: Advanced Encryption Standard
	3.	API: Application Programming Interface
	4.	Aspect ratio: A ratio of width to height in images
	5.	Bit Rate: The number of bits/time unit sent over a network
	6.	Bonjour: Enables automatic discovery of computers, devices, and services on IP networks.
	7.	DHCP: Dynamic Host Configuration Protocol
	8.	DNS: Domain Name System
	9.	EIS: Electronic Image Stabilization
	10.	FPS: Frames per Second
	11.	FTP: File Transfer Protocol
	12.	H.264 (Video Compression Format)
	13.	IEEE 802.1x: Authentication framework for network devices
	14.	IP: Internet Protocol
	15.	IR light: Infrared light
	16.	ISO: International Standards Organization
	17.	JPEG: Joint Photographic Experts Group (image format)
	18.	LAN: Local Area Network
	19.	LED: Light Emitting Diode
	20.	LPR: License Plate Recognition
	21.	Lux: A standard unit of illumination measurement
	22.	MBR: Maximum Bit Rate
	23.	MPEG: Moving Picture Experts Group
	24.	Multicast: Communication between a single sender and multiple receivers on a network
	25.	NTP: Network Time Protocol
	26.	NTSC: National Television System Committee - a colour encoding system based on 60Hz
	27.	ONVIF: Global standard for the interface of IP-based physical security products
	28.	PACS: Physical Access Control System
	29.	PAL: Phase Alternating Line - a colour encoding system based on 50Hz
	30.	PoE: Power over Ethernet (IEEE 802.3af/at) standard for providing power over network cable
	31.	Progressive scan: An image scanning technology which scans the entire picture
	32.	PTZ: Pan/Tilt/Zoom
	33.	QoS: Quality of Service
	34.	RAID: Redundant Array of Independent Disks
	35.	SaaS: Software as a Service
	36.	SIP: Session Initiation Protocol
	37.	SMTP: Simple Mail Transfer Protocol
	38.	SMPTE: Society of Motion Picture and Television Engineers
	39.	SNMP: Simple Network Management Protocol
	40.	SSL: Secure Sockets Layer
	41.	TCP: Transmission Control Protocol
	42.	TLS: Transport Layer Security
	43.	Unicast: Communication between a single sender and single receiver on a network
	44.	UPnP: Universal Plug and Play
	45.	UPS: Uninterruptible Power Supply
	46.	VBR: Variable Bit Rate
	47.	VMS: Video Management System
	48.	WDR: Wide dynamic range
The specified unit shall carry the following EMC approvals:
	1.	EN 55032 Class A, EN 55024, EN 61000-6-1, EN 61000-6-2
	2.	FCC Part 15 - Subpart B Class A
	3.	VCCI Class A
	4.	RCM AS/NZS CISPR 32 Class A
	5.	ICES-003 Class A
	6.	KCC KN32 Class A, KN35
The specified unit shall meet the following product safety standards:
	1.	IEC/EN/UL 60950-1
	2.	G. The specified unit shall meet relevant parts of the following video standards:
	3.	SMPTE 296M (HDTV 720p)
	4.	SMPTE 274M (HDTV 1080p)
	5.	SMPTE ST 2036-1 (UHDTV)
The specified unit shall meet the following standards
	1.	MPEG-4:
		a.	ISO/IEC 14496-10 Advanced Video Coding (H.264)
	2.	Networking:
		a.	IEEE 802.3at (Power over Ethernet Plus)
		b.	IEEE 802.1X (Authentication)
		c.	IPv4 (RFC 791)
		d.	IPv6 (RFC 2460)
		e.	QoS - DiffServ (RFC 2475)

Quality Assurance

A.	All installation, configuration, setup, program and related work shall be performed by electronic technicians thoroughly trained by the manufacturer in the installation and service of the equipment provided.
B.	The contractor or designated sub-contractor shall submit credentials of completed manufacturer certification, verified by a third-party organization, as proof of the knowledge.
C.	The Contractor shall provide four (4) current references from clients with systems of similar scope and complexity that became operational in the past three (3) years. At least three (3) of the references shall be utilizing the same system components, in a similar configuration as the proposed system
D.	The specified unit shall be manufactured in accordance with ISO 9001.

Warranty

A.	All security system components and labour furnished by the contractor including wiring, software, hardware and custom parts shall be fully warranted for parts, materials, labour and travel expenses for a minimum of three (3) years from date of the final acceptance of the Video Surveillance System.
B.	The manufacturer shall provide warranty and optional extended warranty for the camera for a total period of maximum five years. If enacted as part of the contract, the contractor will repair or replace parts and/or labour per the warranty for the length of this warranty at no cost to the client.

2. Products

General
	A.	Cameras shall be Full HD IP-based and comply with established network and video standards.
	B.	Cameras shall be powered by the switch utilizing the network cable. Power injectors (midspans) shall be provided by the contractor when required for proper operation.
	C.	Cameras shall be fully supported by an open and published API (Application Programmers Interface), which shall provide necessary information for integration of functionality into third party applications.
	D.	Cameras shall comply with relevant ONVIF profile as defined by the ONVIF Organization.

Video Surveillance Schedule
	A.	Camera types listed below describing various resolutions, form-factor and features shall be supplied by a single camera manufacturer for the video surveillance system.

Video Surveillance Cameras
	A.	Fixed 2 MP camera for IP
1.	The fixed network camera shall meet or exceed the following design specifications:
	a)	The camera shall operate on an open source; Linux-based platform and including a built-in web server.
	b)	The camera shall be equipped with an IR-sensitive progressive scan megapixel sensor.
	c)	The camera shall provide a removable IR-cut filter, providing day/night functionality.
	d)	The camera shall provide remote focus functionality.
	e)	The camera shall provide local video storage utilizing a microSD/microSDHC/microSDXC memory card expansion.
	f)	The camera shall be manufactured with an aluminium casing.
	g)	The camera shall be equipped with a SFP slot for fibre network connectivity.
	h)	The camera shall incorporate network redundancy functionality.
	i)	The camera shall be designed to be compatible with different lenses from the manufacturer, including:
		1.	24 mm fixed lens, f/2.8
		2.	35 mm fixed lens, f/2
		3.	50 mm fixed lens, f/1.4
		4.	85 mm fixed lens, f/1.2
		5.	100 mm fixed lens, f/2.8
		6.	10-22 mm varifocal lens, f/3.5-4.5
		7.	55-250 mm varifocal lens, f4-5.6
		8.	70-200 mm varifocal lens, f/2.8
2.	The fixed camera shall meet or exceed the following performance specifications:
	a)	Illumination. The camera shall meet or exceed the following illumination specifications:
		•	Colour: 0.2 lux F1.2
		•	B/W: 0.001 lux F1.2
	b)	Resolution
		•	The camera shall be designed to provide video streams in resolutions up to 1280x720 (HD 720p) at a minimum of 12 frames per second using H.264 or Motion JPEG.
		•	The camera shall be designed to provide up to 4 individually cropped out view areas
		•	The camera shall support video resolutions including:
			i.	1280x720 (HDTV 720p) or better
	c)	Encoding
		•	The camera shall support the following video encoding algorithms:
			i.	Support H.264 with automatic scene adaptive bitrate control
			ii.	MPEG 4
		•	The camera shall provide independently configured simultaneous H.264 and Motion JPEG streams.
		•	The camera shall in H.264 support Variable Bit Rate (VBR) for video quality adapted to scene content. To protect the network from unexpected bit rate spikes the camera shall support Constant Bit Rate (CBR) or Maximum Bit Rate (MBR).
		•	The camera shall provide configurable compression levels.
		•	Support standard baseline profile H.264 with motion estimation.
		•	Support motion estimation in H.264/MPEG-4 Part 10/AVC.
		•	The camera shall for its H.264 implementation support scene adaptive bitrate control with automatic dynamic Region of Interest (ROI) to reduce bitrate in unprioritized regions in order to lowering bandwidth and storage requirements.
	d)	Transmission
		•	The camera shall allow for video to be transported over:
			i.	HTTP (Unicast)
			ii.	HTTPS (Unicast)
			iii.	RTP (Unicast & Multicast)
			iv.	RTP over RTSP (Unicast)
			v.	RTP over RTSP over HTTP (Unicast)
		•	The camera shall support Quality of Service (QoS) to be able to prioritize traffic
		•	Cameras must contain open API and support multi streaming
	e)	Image
		•	The camera shall incorporate Automatic and Manual White Balance.
		•	The camera shall incorporate an electronic shutter operating in the range of 1/8000 to 1 s.
		•	The camera shall support manually defined values for:
			o	Colour level
			o	Brightness
			o	Sharpness
			o	Contrast
		•	The camera shall incorporate a function for optimization of low light behaviour.
		•	The camera shall allow for rotation of the image.
	f)	User Interface
		•	Web server
			i.	The camera shall contain a built-in web server making video and configuration available to multiple clients in a standard operating system and browser environment using HTTP, without the need for additional software.
			ii.	Optional components downloaded from the camera for specific tasks, e.g. Active X, shall be signed by an organization providing digital trust services, such as Verisign, Inc.
		•	Language Specification
			i.	The camera shall provide a function for altering the language of the user interface and shall include support for at least 10 different languages.
		•	IP addresses
			i.	The camera shall support both fixed IP addresses and dynamically assigned IP addresses provided by a Dynamic Host Control Protocol (DHCP) server.
			ii.	The camera shall allow for automatic detection of the camera based on UPnP and Bonjour when using a PC with an operating system supporting this feature.
			iii.	The camera shall provide support for both IPv4 and IPv6.
	g)	Event functionality
		•	The camera shall be equipped with an integrated event functionality, which can be trigged by:
			i.	Video Motion Detection
			ii.	Audio Detection
			iii.	Live Stream Accessed
			iv.	Camera tampering
			v.	Manual Trigger/Virtual Inputs
			vi.	PTZ functionality
			vii.	External input
			viii.	Embedded third party applications
			ix.	Edge storage disruption detection
		•	Response to triggers shall include:
			i.	Send notification, using HTTP, HTTPS, TCP, SNMP trap or email
			ii.	Send images, using FTP, HTTP, HTTPS, network share or email
			iii.	Send video clip, using FTP, HTTP, HTTPS, network share or email
			iv.	iv. Send SNMP trap message
			v.	Recording to local storage and/or network attached storage
			vi.	Activating external output
			vii.	Play audio clip
			viii.	PTZ control functionality
			ix.	Day/Night vision mode
			x.	Text Overlay
		•	The camera shall provide memory for pre-& post alarm recordings.
	h)	Edge storage
		•	The camera shall support continuous and event-controlled recording to:
			i.	Local memory added to the cameras microSD-card slot
			ii.	Network attached storage, located on the local network
		•	The camera shall be able to detect and notify Edge storage disruptions.
	i)	Protocol
		•	The camera shall incorporate support for at least the following: IPv4/v6, HTTP, HTTPS, SSL/TLS, QoS Layer 3 DiffServ, TCP, ICMP, SNMPv1/v2c/v3 (MIB-II), RTSP, RTP, UDP, IGMP, RTCP, SMTP, FTP, DHCP, UPnP, ARP, DNS, DynDNS, SOCKS, SSH, NTP, CIFS/SMB, Bonjour.
		•	The Simple Mail Transport Protocol (SMTP) implementation shall include support for SMTP authentication.
	j)	Text overlay
		•	The camera shall:
			i.	Provide embedded on-screen text with support for date & time, and a customer-specific text, camera name, of at least 45 ASCII characters.
			ii.	Provide the ability to apply privacy masks to the image.
			iii.	Allow for the overlay of a graphical image, such as a logotype, into the image.
	k)	Security
		•	The camera shall support the use of HTTPS and SSL/TLS, providing the ability to upload signed certificates to encrypt and secure authentication and communication of both administration data and video streams.
		•	The camera shall provide centralized certificate management, with both pre-installed CA certificates and the ability to upload additional CA certificates. The certificates shall be signed by an organization providing digital trust services.
		•	The camera shall support IEEE 802.1X authentication.
		•	The camera shall provide support for restricting access to pre-defined IP addresses only, so-called IP address filtering.
		•	The camera shall restrict access to the built-in web server by usernames and passwords at three different levels.
	l)	API support
		•	The camera shall be fully supported by an open and published Application Programmers Interface (APi), which shall provide necessary information for integration of functionality into third party applications.
		•	The camera shall conform to ONVIF profile G as defined by the ONVIF Organization.
		•	The camera shall conform to ONVIF profile S as defined by the ONVIF Organization.
	m)	Embedded applications
		•	The camera shall provide a platform allowing the upload of third party applications into the camera.
	n)	Installation and maintenance
		•	The camera shall be supported with Windows-based management software which allows the assignment of IP addresses, upgrade of firmware and backup of the cameras' configuration.
		•	The camera shall support the use of Simple Network Management Protocol (SNMP)-based management tools according to SNMP v1, 2c & 3 / MIB-II.
		•	The camera shall allow updates of the software (firmware) over the network, using FTP or HTTP.
		•	The camera shall provide the ability to perform remote focus adjustment.
		•	The camera shall provide the ability to apply a rectangle of customer-defined number of pixels to the image, which can be used as a pixel counter identifying the size of objects in number of pixels.
		•	The camera shall accept external time synchronization from an NTP (Network Time Protocol) server.
		•	The camera shall store all customer-specific settings in a non-volatile memory that shall not be lost during power cuts or soft reset.
		•	The camera shall incorporate a software-controlled functionality for network redundancy.
	o)	Access log
		•	The camera shall provide a log file, containing information about the 250 most recent connections and access attempts since the unit's latest restart. The file shall include information about the connecting IP addresses and the time of connecting.
		•	Provide a connection list of all currently connected viewers. The file shall include information about connecting IP address, time of connecting and the type of stream accessed.
	p)	Camera diagnostics
		•	The camera shall be equipped with LEDs, capable of providing visible status information. LEDs shall indicate the camera's operational status and provide information about power, communication with receiver, the network status and the camera status.
		•	The camera shall be monitored by an overwatch functionality, which shall automatically re-initiate processes or ultimately attempt to restart the unit if a malfunction is detected.
		•	The camera shall send a notification when the unit has been re-booted, and all services are initialized.
	q)	Hardware interfaces
		•	Network interface
			i.	The camera shall be equipped with one 100BASE-TX/1000BASE-T PoE Fast Ethernet-port, using a standard RJ45 connector and shall support auto negotiation of network speed and transfer mode (full and half duplex).
			ii.	b. The camera shall be equipped with one SFP connector for SFP fibre module (100/1000 Mbps).
		•	Serial interface
			i.	The camera shall be equipped with one RS-485/422 serial port.
		•	Inputs/Outputs
			i.	The camera shall be equipped with two configurable I/O ports, accessible via a removable terminal block. These inputs/outputs shall be configurable to respond to normally open (NO) or normally closed (NC) dry contacts. The output shall be able to provide 12 V DC, 50 mA.
		•	Power
			i.	The camera shall be equipped with a removable terminal block providing connectivity for external power.
	r)	Enclosure
		•	The camera shall be manufactured with an aluminium casing.
	s)	Power
		•	Power over Ethernet Plus IEEE 802.3at Type 2 Class 4
			i.	Max: 25.5 W
			ii.	Typical: 13.1 W
		•	20- 28 V DC
			i.	Max: 18.6 W
	t)	Environmental
		•	The camera shall operate in a temperature range of -10 °C to +60°C & in a humidity range of 10-95% RH (non-condensing).

Execution

Installation
A.	Outdoor cameras shall be in an IP66 rated enclosure with sun-shroud.
B.	The Contractors or subcontractor's main resources within the project shall carry proper professional certification issued by the manufacturer and verified by a third-party organization to confirm sufficient product and technology knowledge.
C.	The Contractor shall carefully follow instructions in documentation provided by the manufacturer to ensure all steps have been taken to provide a reliable, easy-to-operate system.
D.	All equipment shall be tested and configured in accordance with instructions provided by the manufacturer prior to installation.
E.	All firmware found in products shall be the latest and most up-to-date provided by the manufacturer, or of a version as specified by the provider of the Video Management System (VMS) or the Network Video Recorder (NVR) alternatively the DVR manufacturer.
F.	All equipment requiring users to log on using a password shall be configured with user/site-specific password/passwords. No system/product default passwords shall be allowed.

NVR server

The NVR must, in the event of any alert/alarm, automatically stream the CCTV footage to the SCR for storage. This will allow and support any follow up actions by the SCR operators or MOI investigations. This is especially important in the event that the ATM unit is intentionally damaged or rammed with the aim of toppling or removing it from site. As such a final snapshot of the illegal activity will be available and safely stored.

Maintenance
A programme of preventative maintenance must be undertaken in line with the manufactures' guidelines; periods between maintenance checks must not exceed six months (except where contractually agreed). Additionally, regular testing of the system must be undertaken to ensure key components are functioning to full specification. Details of the tests should be recorded in the site record for the IDS and retained as well as updates/copies forwarded to the security department.

Bandwidth Requirements for Security Systems
This guideline is applicable for all existing and future deployment and installation of security systems. This encompasses all systems inclusive of the Surveillance System, Access Control System and Intrusion Detection Systems.
The hard-wired direct network interface bandwidth for all security devices shall be sized to cater for the local bandwidth of the accumulated video and alarm feeds as a minimum capacity. All switches and routers used on the security network shall be rated for gigabit speeds (minimum 1 GB) throughout the supporting infrastructure.
When hard wired direct network connectivity is not available directly to the command centre (indirect via telco or wireless / G3 /G4 / G5 networks), connectivity bandwidth shall be sized in the same way as the hard-wired network.
In all cases, the bandwidth for the WAN connectivity between all bank facilities must allow for on the spot streaming and retrieving of the CCTV footage, with a minimum of 15 FPS and 2MP resolution.

Soft Launch