CCTV Operational Deployment Requirements
| No: 694270000149 | Date(g): 22/7/2019 | Date(h): 20/11/1440 | Status: In-Force |
The following operational deployment requirements for CCTV will be maintained for all branches/facilities
Security Surveillance operational deployment requirements
| Ser | Operational deployment requirement |
| 1 | Each branches/facilities entrance and exit (whether from outside or from inside a building) shall be provided with a dedicated CCTV camera, deployed to provide identification of an unknown person, e.g. 120% of screen height. Cameras looking towards the outside of the building from an internal mounting position will need a wide dynamic range in order to capture the intended target |
| 2 | All internal public circulation and assembly areas shall be provided with a camera with general views which allow the individual target to be tracked throughout the branch. This requires recognition of a known person e.g. 50% of screen height |
| 3 | Each entrance to the private (staff) domain (whether from the exterior or from the public domain) shall be provided with a dedicated CCTV camera, deployed to provide identification of an unknown person, e.g. 120% of screen height. Cameras looking towards the outside from an internal mounting position will need a wide dynamic range in order to capture the intended target |
| 4 | Provided the entrance to the private (staff) domain are sufficiently covered by CCTV there should be no need to track through the common staff areas, unless required by each individual bank policy |
| 5 | As well as a general view of the teller area, each individual teller station should have its own dedicated camera. The dedicated camera should be able to capture all transactions as well as identifying an unknown customer e.g. 120% of screen height. The dedicated camera should ideally be positioned above the teller station, looking towards the customer, but capturing the whole workstation. It is required to cover cash drawers and activity of the same area |
| 6 | Highly restricted access areas (operations room, IT servers, data centres, safety deposit rooms, tellers, operations area and any other cash dealing areas) require fixed cameras with general views which allow an individual target to be tracked throughout the area while monitoring their activities. This requires identification of a known person, e.g. 1200% of screen height. If the area is too large to be covered by an individual camera, additional cameras shall be deployed as necessary to comply with this guidance |
| 7 | The entrance to the vault/strong room/safety deposit box room shall be provided with a dedicated CCTV camera on the inside in addition to the vault entrance from the outside, deployed to provide identification of an unknown person, e.g. 120% of screen height. Additionally, the area should be provided with general views which allow an individual target to be tracked throughout the area while monitoring their activities, requiring recognition of a known person, e.g. 50% of screen height. Users of safety deposit boxes shall be provided a private area where items can be deposited and removed out of sight of the cameras |
| 8 | The entire cash and valuables in transit (CVIT) route shall be monitored by CCTV. The route should be provided with a general view which allows an individual target to be tracked along the entire path and their activities monitored, requiring recognition of a known person, e.g. 50% of screen height |
| 9 | All ATM's shall have a wide dynamic range camera within the body of the machine to identify the user, e.g. 120% of screen height. Additionally, all ATM shall have a general view camera covering the area around the machine which provides recognition of a known person, e.g. 50% of screen height |
| 10 | All branch external facades shall be monitored by CCTV. The cameras shall be able to observe the activities around the entire branch perimeter, e.g. 25% of screen height. Additionally, any external areas owned by the branch, such as customer and staff parking, should also have observation coverage. |
| 11 | It is mandatory for fixed CCTV cameras to be deployed in the following areas: |
| Teller areas/teller counters focussing to teller and customer's face as well as teller counter for cash demonstration (using one camera for each teller and another camera for the drawer) | |
| Teller door entrance/teller counters field area | |
| Customer services and waiting areas | |
| Operations areas, back office and cash loading area | |
| All corridors leading to the vault, where applicable | |
| Branch vault room, focussing on the whole vault entrance/exit | |
| Branch vault room, focussing on the cash cabinet and the entrance | |
| Safety deposit box room entrance | |
| ITD server; SWIFT/dealing and security room: CPD; Cad file office; HR filing; passport office; IDF room | |
| On-site and off-site ATMs (a minimum of two cameras, one focussing on the customer's face and the other on the withdrawal of cash; with an additional camera used for perimeter/rear entry of the service cabinet, where applicable) | |
| Staff entrance door | |
| Bank main entrance | |
| Bank premises and parking area | |
| Lift lobbies, office entrances and emergency exit | |
| Customer service, counter coverage and reception area | |
| Any other risk area as per requirements | |
| To cover the security items | |
| Entry to high security areas, subject to prior approval from authorised staff | |
| Design and fixing of cameras shall be in proper sequence with the recording device | |
| Specification and viewing angles shall comply with SAMA policy | |
| Recording capacity shall be in accordance with SAMA policy | |
| NVR recorder must be secured in accordance with this document | |
| CCTV system shall be supported by a UPS in accordance with SAMA requirements | |
| There shall be separate power supply for all devices and cameras | |
| No cables shall be exposed without conduits | |
| CCTV room temperatures shall be maintained as per system requirements | |
| Spot monitor for branch manager and security officer | |
| Sufficient lighting shall be provided for all monitoring and recording areas | |
| Security system drawings must be received from the supplier prior to the installation of the systems, and once the systems have been installed | |
| 12 | CCTV room shall be covered by a camera and the entrance shall be via an access control system reader. Only designated and authorised bank personnel shall handle the CCTV system and equipment |
| 13 | Deployment of CCTV cameras shall be at an appropriate angle, in which maximum areas can be viewed. In the event that a camera's location needs to be changed approval shall be sought from the respective branch manager or department head in consultation with the security department |
| 14 | Branch staff shall be assigned to ensure the correct temperature is maintained in the CCTV room |
| 15 | A CCTV system viewing monitor shall be installed in the office of the respective branch manager |
| 16 | Authorisation for access to the security system control room shall be restricted to the designated staff only. In the event of a requirement for system vendor/maintenance technician attendance, this should only be authorised by the designated responsible staff and designated security department personnel. Technician attendance should be logged alongside the purpose for the visit |
| 17 | Entry to the CCTV/IT room is restricted and all entry shall be documented in the security log-book alongside a reason and relevant justification |
| 18 | Support to law enforcement authorities will follow the bank procedures after approval by the bank's security department |
| 19 | Video data overwriting or missing recordings shall be reported immediately to the branch/facility management and the security department |
| 20 | To ensure optimum system performance the branch manager/delegated staff shall check the CCTV system on a daily basis; the Head of branch operations/delegated staff shall ensure that the security personnel are checking the system on a daily basis and that there is no interruption to the system. Checks should include whether standard time is applied to the security system. Any interruption in recording or fault in the security system shall be reported immediately to the security department who will coordinate with the vendor maintenance team |
| 21 | Security systems maintenance records shall be maintained in a separate file for future record and maintenance. All visits of contractors/system vendors shall be recorded in the log, and shall be at the prior approval of relevant branch/facility manager in consultation with the bank security department |
| 22 | The CCTV checking form used in branches and bank facilities shall be maintained daily and submitted at the end of the month by security to the security department; it shall be signed by the designated staff alongside the signature of the security guard |
| 23 | In compliance with system maintenance requirements, the CCTV system shall be regularly maintained by the vendor to ensure it is working optimally |
| 24 | Each branch/facility must ensure that the system is in operational condition at all times and recordings are stored for the duration dictated by SAMA regulations |
| 25 | All cameras on the NVR shall be coded with a unique identification number |
| 26 | All equipment requiring users to log on using a password shall be configured with user/site-specific password/passwords. No system/product default passwords shall be allowed |
| 27 | The CCTV system at all branches/facilities shall be inspected annually by the security department |