Speech to the Global MSC Security conference 2015
The commissioner's speech on raising standards, one year on from the launch of the self assessment tool.
Good morning and thank you to Global MSC Security for inviting me to come and speak to you today.
You’re probably aware that I’m the Surveillance Camera Commissioner for England and Wales and it’s my role to ensure that surveillance cameras used in public spaces protect and support communities rather than spy on them. My goal is to encourage transparency and make sure that the public are confident that the cameras protecting them comply with relevant regulation and particularly the code of practice.
And maintaining public confidence in the people your cameras are protecting is an incentive for complying with the code.
Equally I’m committed to raising standards across the industry. One way to ensure that the public can be confident in the systems that watch over them is for the operators of those systems, and the systems themselves, to meet minimum standards.
More about my role
I’m sure you know about my role and why it was created so I won’t bore you with the minute detail on that. But one point I think is worth reminding you of here is that at the moment only relevant authorities – as set out under the Protection of Freedoms Act – must show due regard to the code. By and large relevant authorities are Police Forces and Local Authorities – according to the BSIA that accounts for about 5% of CCTV of the 6 million cameras in the UK
Tools to help organisations achieve compliance
So, surveillance cameras in the UK are everywhere and increasing if you consider the emergence of drones and body worn video. Principle 8 of my code refers to standards and states that surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards. As I’ve just mentioned it sets out my responsibilities around raising standards across the surveillance camera industry
I have a standards group who are looking at how we can simplify the standards framework and help organisations meet minimum standards.
There is a list of relevant standards on my website and I will continue to review this in line with developing technology.
BS7958
Hands up – who’s heard of BS7958? It’s the British Standard for the operation and management of CCTV control rooms
My team has been involved in the review of this standard which has resulted in the inclusion of the principles of my code into the standard. This is to help the industry understand how the principles of the code are embedded in some of the work that is already being done.
The revised standard was published in August this year and I will encourage as many of you that run CCTV control rooms to consider using this standard as your benchmark. This is another way that the sector can evidence their compliance to relevant regulations.
However, as I understand it only 2% of Local Authorities currently comply with BS7958 which I’m sure you’ll agree is a minuscule amount. And there may be many reasons why this is – cost for example. We all know that austerity measures that the public sector is facing.
Self assessment tool
It was a year ago today, in this same venue, at this same conference that I launched my self assessment tool. A tool which allows organisations to assess how close they are to complying with the code. Where they are falling short it helps them to put actions in place to help them comply.
I have written to all the chief executives of local authorities asking them to complete the self assessment tool, but so far I am only aware of a small percentage that have done so. I will be writing to them again.
I have received lots of helpful feedback from those that have completed the self-assessment tool which has proven useful in enabling organisations to put action plans in place to help improve compliance in certain areas. It’s also meant that we can refine the document to make sure the process continues to be an easy one.
Third party certification
For those of you that were here last year you may recall that I talked about developing a third party certification process.
I am delighted to inform you that today, a year on from the launch of the self assessment tool, I am launching the Surveillance Camera Code (SCC) third party certification scheme.
It’s a scheme that will enable organisations to achieve a certification against the code and use my certification mark. This mark will enable organisations to clearly show the communities they are monitoring that they comply with the relevant regulations and get their data securely. It’s a badge of honour that should be displayed proudly.
Why now?
You may be thinking – why now? Well, I’ve spoken to and listened to a large range of the industry particularly, but not exclusively, the local authorities and police who are relevant as stated in the code and they have always asked the question – how can I show compliance with the code?
My new third party certification scheme provides the answer as it enables them and indeed any one that operates public space surveillance to show they comply.
This scheme supports my vision to uplift standards in the industry and improve public support for surveillance. It supports surveillance by consent – yes, people are monitored but it’s done transparently, effectively and proportionately. My certification mark demonstrates this.
In line with my vision I have worked with two certification bodies to develop a certification process that is simple, affordable and accessible to all organisations that want to evidence compliance to the code. More on this in a moment.
Pilots
You may be thinking – why has it taken a year to launch this scheme? Well, it’s not something that I wanted to do lightly - or to rush. Over the last year the certification bodies have conducted a number of pilots to make sure that we get the balance right, the scheme works and it’s something that organisations want to aspire to. A number of local authorities together with 2 other organisations have successfully gone through the certification pilots. I want to use this opportunity to thank all those that volunteered to take part in the pilot as without them, it would not be possible to develop the scheme and I would not be here speaking to you about it today.
Who can offer certification?
I am using 2 UKAS accredited certification bodies to carry out the process. This is to ensure that process is consistent and is completed to a high standard. Currently, the 2 bodies are the National Security Institute (NSI) and the Security Systems Alarms and Inspection Boards (SSAIB). I want to thank both NSI and SSAIB for their relentless efforts in working with me and my team to develop a robust certification process.
How does it work?
The certification process will allow organisations to be audited against the code.
Certification is scheme specific and a successful audit on one scheme will not guarantee a successful audit on another scheme run by the same organisation. Organisations will need to specify what scheme they are seeking to be certified against. For example it could be the town centre CCTV scheme, the traffic enforcement body worn video scheme, housing scheme run by a third party etc.
Types of Certification
There are 2 steps to achieving certification. The first is a desktop approach which is aimed at those organisations that are working hard to comply with the code but are not quite there yet. The second step is for those that are close to or are fully complying with the 12 guiding principles of the code.
Process
The first thing to do will be to decide what type of certification you want to apply for. Whichever type you choose you must complete the self assessment tool which will enable you to understand how close you are to complying with the 12 guiding principles of the code.
Once you have completed the self assessment tool and you consider that you are ready for certification, you should submit your completed self assessment tool to one of the certification bodies as part of your application for certification. You will be able to find the contact details of both bodies on my website.
What does this mean for the industry?
Organisations will be able to evidence their compliance to the code by displaying their certificate of compliance and using the certification mark on their website and other publicity material.
The desk top certification will be a document audit of your self assessment form as well as other related documents such as your code of practice, information sharing agreements, privacy impact assessment and procedures manuals etc depending on what the auditing body requests. If you are successful you will be awarded a certificate which will be valid for one year. At the end of the year you will be expected to apply for full certification – if you don’t you are no longer certified against the code.
Full certification means that a physical audit will be conducted on your premises and if you are found to be compliant with the 12 guiding principles of the code you will be awarded a certificate that will be valid for 5 years subject to your own internal annual review.
More information on the certification process can be found on my website. If you have any questions regarding the certification process please get in touch.
Conclusion
I’ve already said time and again I’m determined to raise standards in the industry, to increase public confidence in surveillance and ensure surveillance cameras are being used in line with the regulation framework.
I am not expecting a change overnight, but in my experience I can say that most organisations want to be compliant, but are confused with the large range of standards, 2 different codes and in some cases hit by cuts.
I understand that and am working with my standards board to demystify the landscape. So far I have populated my website with a list of relevant standards which will help you to understand what you need to comply with.
I have developed the simple and easy to use self assessment tool which allows organisations to assess how compliant they are with the code as well as develop action plans to improved compliance.
I have worked with BSI to review the BS7958 incorporating my code. This means that if you are accredited to the new standard you are likely to be close to full compliance with my code.
But most of all today I have launched my certification scheme which will enable organisations to clearly demonstrate they comply with the code, that they meet a certain standard, that they take surveillance seriously.
Please consider certification seriously.
I will continue to work with the industry and review the landscape to ensure that standards are raised – not just by the large organisations but across board.
Thank you.