Page | 1

CCTV & ACCESS CONTROL HAND OVER /TAKE OVER PROJECT

Prepared By: Administration Department

Date: 31.05.2024
 Page | 2

INDEX

Sl. No. Description Page No.

1 Proposal for Centralization & Shifting of CCTV Systems. 3, 4, 5,6

2 CCTV Systems Process & Security Compliance Document. 7, 8,9

3 Discrepancies in the Existing CCTV System 10

4 Proposal for Restructuring of Existing Access Control Systems. 11, 12

13, 14,
5 Access Control System Compliance Document.
15,16,17

6 Discrepancies in the Existing Access Control System. 18,19

7 Sign off Sheets 20

 Page | 3

Action Plan: - Shifting of Existing CCTV Monitoring System from Data Centre to
the dedicated room at first floor as per MOI.

As per CEO’s directive, to enhance efficiency and centralize operations of CCTV and Access
control system within the Administration department, please find the proposal encompassing an
action plan, cost estimate, scope of work, and related details for your review and approval. The
administration will assume full responsibility for managing both the CCTV system and access
control system in alignment with Ministry of Interior guidelines.

Responsible
Sl.
Description Unit/ Service
No.
Provider

Preparation Phase
Admin and
● Review existing CCTV system layout and requirements. CCTV Service
1 Provider
● Determine the new location and layout for the CCTV
(with the
equipment room.
support of IT
● Procure necessary materials and equipment for the shifting team)
process.

Electrical Cabling for Power Supply CCTV Service

Provider or
2
● Install required electrical cabling for powering the CCTV
Electrical
devices. Team

Installation of Dedicated UPS Admin

● Install UPS units for CCTV devices and network

infrastructure to provide reliable power backup.

 Page | 4

3
● Configure UPS units according to MOI requirements for

battery backup and shutdown settings.

● Test UPS units to ensure they can provide uninterrupted

power supply during outages.

Networking (Shifting of Switches & NVR)

Admin and
● Plan the network layout and configuration for the CCTV and
CCTV MOI
4 access control systems in the proposed equipment room.
approved
● Inventory all switches and Network Video Recorders Service

(NVRs) before relocation. Provider

● Install switches and NVRs in designated positions within the

equipment room.

● Test network connectivity and ensure proper functioning of (with the

all networked devices. support of IT
team)
● Connect switches and NVRs to the network infrastructure,

ensuring proper configuration and connectivity.

Data Cable Pulling CCTV MOI

approved
● Prior to pulling data cables, conduct a site survey to
Service
determine the optimal routing path and identify any potential Provider

5 obstacles.
(with the
● Use appropriate cable management techniques to organize support of IT
and secure the data cables along the route. team)

● Label each cable with its corresponding endpoint for easy

identification during installation.

 Page | 5

Shifting & Installation of CCTV Devices

● Assess the condition of each CCTV device before relocation

to ensure they are functioning properly.

● Document the location and configuration of each device for

6 reference during installation.

Admin and
● Safely dismantle and pack each CCTV device for CCTV Service
transportation to the proposed equipment room. Provider

● Upon arrival at the new location, conduct a thorough

inspection of each device to ensure no damage occurred

during transit.

● Install CCTV devices in their designated positions within the

equipment room, ensuring proper alignment and security.

Data Backup Setup

● Ensure NVR is communicating with the backup system. Admin and

7 CCTV Service
● Verify backup system functionality by running tests. Provider

● Confirm backup schedule and data retention policies.

Additional Requirements IT Team and

CCTV Service
● Provide Camera and NVR IP Details:
Provider

Ensure all IP addresses for cameras and Network Video

Recorders (NVRs) are documented and provided.

● Admin Rights and Passwords:

 Page | 6

Furnish admin rights and passwords for NVRs and cameras

to facilitate system management and configuration.

● CCTV System Bill of Quantities (BOQ):

8 Supply a comprehensive CCTV System Bill of Quantities

detailing all equipment, materials, and associated costs.

● Provide Building Layout Drawings:

Supply building layout drawings for the 1st and 10th floors,
indicating the placement of CCTV systems for reference and
planning.

● ADMCC Last Approved Report:

Provide the most recent approved report from the

(ADMCC) for compliance verification.

● Access to Server Room & 10th Floor IT room:

Grant access to the Server Room & 10th Floor IT room for
the removal of the existing CCTV System in the presence of
IT staff, ensuring a smooth transition.

● 10th floor new office cameras need to be configured in 1st

floor NVR.

● Submit additional camera change to ADMCC and get a

approval.

Maintenance Window Admin, CCTV

Service
● The task starts on Friday afternoon, after 12 pm.
Provider, and
 Page | 7

9
● Saturday full day from Morning 9 Am to 6 Pm (Testing &

Commissioning) IT Team

● Total required downtime (30 Hrs)

Cost Formal
proposal shall
10
● AED: 15,000.00 Approximately obtain once
the proposal
approved

CCTV System Process and Security Compliance Document

1. Introduction

This document outlines the process for managing, accessing, and ensuring the security and
compliance of the Closed-Circuit Television (CCTV) system within our organization. The
admin department is designated as the system owner, responsible for overseeing the operation
and security of the CCTV system.

2. Access Control and Security Compliance

2.1 Legal Framework

Our CCTV system operates within the legal framework established by UAE data privacy laws
and Ministry of Interior (MOI) guidelines. Restricting access protects sensitive data and ensures
compliance with these regulations.
 Page | 8

2.2 Access Control Policy

● Authorized Personnel Only: Access to the CCTV system is strictly limited to authorized
personnel within the admin department, as per UAE laws and MOI regulations.
● Third-Party Access: Third-party access is strictly prohibited except in exceptional
circumstances. This requires explicit written authorization from designated authorities
for specific purposes and under strict supervision.

2.3 Physical Security

● Dedicated Room: The CCTV system shall be housed in a dedicated, secure room with
restricted access to prevent unauthorized entry.
● Uninterruptible Power Supply (UPS): A dedicated UPS will ensure uninterrupted power
supply for the CCTV system, guaranteeing continuous surveillance operations.

3. Data Security

3.1 Data Encryption: All CCTV data will be encrypted at rest and in transit to protect against
unauthorized access or interception.

4. Maintenance and Backups

4.1 Vendor Responsibility:

The CCTV vendor will be responsible for all maintenance and backup activities as outlined in a
Service Level Agreement (SLA). The SLA will specify:

● Response Times: Defines how quickly the vendor must respond to maintenance
requests and system outages.
● Specific Services: Clearly details the specific maintenance and backup services included in
the agreement.
 Page | 9

5. Network Uptime

5.1 Collaborative Effort:

The admin department will collaborate with the IT department (or network administrators) to
ensure network stability and address any issues that may affect CCTV system performance.

5.2 Responsibilities:

● The IT department ensures network stability and connectivity.

● The CCTV vendor and Admin Team monitors the CCTV system's network integration
and operation.
5.3 Timely Resolution: Collaborative efforts facilitate timely resolution of network-related
issues to minimize downtime and ensure uninterrupted surveillance operations.

6. Data Retention

CCTV footage will be retained for a period of 30 days in accordance with UAE data privacy
laws and organizational policies.

7. Data Access Requests

Requests for authorized access to CCTV footage will be handled according to a defined
procedure, complying with UAE data privacy regulations.

8. Training

Authorized personnel using the CCTV system will receive training on proper operation
procedures and data privacy regulations. This ensures proper handling of the system and
compliance with regulations.

9. Conclusion

By implementing stringent access control measures, collaborating on network uptime, ensuring

data security through encryption, and adhering to legal requirements for data retention and
access, our organization maintains the security, reliability, and integrity of the CCTV system.
 Page | 10

This collaborative approach ensures effective surveillance operations while safeguarding

sensitive information in accordance with UAE laws and MOI regulations.

Discrepancies of the Existing CCTV Control System

1. Restricted Access to Data Center for CCTV System Daily Health Checkup:
The current setup limits access to the data center, making it challenging for the admin
team to perform daily health checks on the CCTV system.

2. Noncompliance with MOI & ADMCC Mandatory Requirements: The CCTV

cameras on the 10th floor are not in compliance with mandatory requirements set by
the Ministry of Interior (MOI) and the Abu Dhabi Monitoring and Control Centre
(ADMCC).
 Page | 11

3. Data Backup Issues: There are recurring issues with data backup, including instances
of backup corruption, which compromise the integrity and reliability of the CCTV
footage.

4. Recording Missing Issue Raised by ADMCC Officials: During a periodic

inspection, an AMCC inspector identified issues with missing recordings, indicating gaps
in the surveillance coverage.

5. Delay/Lag in Real Time Streaming: There are significant delays and lags in real time
streaming of CCTV footage, attributed to hard disk issues, which hinder effective
monitoring.

6. 10th Floor New Office 1003 Cameras Not configured: The new cameras
installed in the 10thfloor office (room 1003) have not yet been configured in the
Network Video Recorder (NVR) located on the 1st floor.

7. Need for Configuration and ADMCC Approval: The new cameras in the
10thfloor office (room 1003) need to be configured in the 1stfloor NVR and obtain
approval from the ADMCC to ensure compliance and functionality.

Action Plan: - Restructuring of Existing Access Control System.

As per CEO’s directive, to enhance efficiency and centralize operations of access control
systems within the Administration department, please find the proposal encompassing an action
plan, cost estimate, scope of work, and related details for your review and approval. The
administration will assume full responsibility for managing the Access Control System.
 Page | 12

Responsible
Sl. No. Description Unit/Service
Provider

1 Implementation Strategy Admin and ACS

Service Provider
● Develop a comprehensive device classification, mapping,
(with the support
and network architecture flowchart to serve as a
of IT team)
reference for future operations.

● Renew existing user licenses set to expire in June 2024

to ensure uninterrupted system access.

● Establish user access privileges for all staff members to

enhance control and facilitate audit trials.

● Create a department group in line with our

requirements.

● Restructure path controllers and access routes according

to our operational needs to optimize system efficiency.

● Increase the user license limit to accommodate up to

300 users, anticipating the onboarding of new employees.

● Develop and implement SOPs, to guide system usage and

maintenance.

● Implementation of dual control access for the proposed

dedicated CCTV room at first floor.

● Integrate access control systems with fire alarm systems

to comply with Civil Defense requirements for

emergency evacuation procedures.
 Page | 13

● Integrate access control systems for new branches to

ensure consistent security measures across all locations.

IT Dept Scope

● Provide remote access to the Access Control System

Server for enhanced monitoring and management

capabilities.

● Matrix Software System Admin password needs to be

2
provided by IT. IT team

● Furnish the existing device Admin rights Password for all

branches' Access Control systems to ensure seamless

system management.

● Share the IP details of existing devices in all branches'

Access Control systems by the IT team for centralized

monitoring and maintenance.
 Page | 14

Access Control System Process Document

Introduction

This document outlines the procedures and responsibilities for accessing and maintaining the
access control system in Siraj Finance.

Scope

The scope of this document encompasses the collective responsibilities of all stakeholders
involved in ensuring the smooth operation and effective management of the access control
system within the organization. The IT Department is tasked with maintaining the technical
infrastructure supporting the system, conducting regular backups, and monitoring uptime, while
also tracking administrative activities and conducting annual audits. As the system owner, the
Admin Department manages Matrix user access, documents changes, and ensures compliance
with policies, collaborating closely with the HR Department to process access requests and
adjustments. The HR Department provides employee details for access management, initiates
access requests, and ensures terminated employees lose system access during audits. Together,
these stakeholders work collaboratively to uphold security, compliance, and operational
efficiency in access control management.

The key stakeholders of the system:

1. Admin Department (system owner)

2. HR Department (Providing staff Joining information/Notification)
3. IT Department (Owns ACS physical/Virtual servers, Network, and other supporting
devices)

Responsibilities
 Page | 15

Admin Department

● Own the complete Access control system and management software.

● Manage user access requests and modifications.

● Track and document all changes made to the access control system.

● Implement & Ensure compliance with access control policies.

● Communicate with HR regarding new hires and terminations for access adjustments.

HR Department

● Provide employee details for access management purposes.

● Submit access requests for new employees or changes in employment status.

● Collaborate with the Admin Department to ensure access adjustments are made

promptly and accurately.

IT Department

● Maintain only the server and network infrastructure for the access control system.

● Ensure the access control system software is backed up regularly.

● Monitor system uptime and ensure there is minimal downtime.

 Page | 16

● Track all IT administrative activities performed on the server, including additions,

deletions, modifications of server access, server firmware updates, hardware

maintenance, system security patches, antivirus definition updates, etc.

● Provide necessary remote access to the admin team to manage the access control

system (or Matrix software)

● Conduct quarterly audits to review access to the management software and the

servers.

Access Request Process

Request Initiation: - HR Department

● Submit a formal access request to the Admin Department for new employees or

termination of access for departing employees.

● Specify the shift hours for new employees.

● Submit a request to the admin team for any changes in employee status so they can

update access as needed.

● Use the Access Request Form (Approval workflow system) to submit requests to the

Admin Department and can be implemented through in-house change management

tools.

Admin Department Responsibilities:

 Page | 17

Review Requests:

● Verify the details of the access request form.

● Ensure the request is authorized by the HR Department or the concerned authority.

Grant Access:

● Add new employees to the access control system based on their shift hours.

● Update the access control system to reflect any changes in employee status (e.g.,

promotions, department changes). As requested by the HR team.

● Remove access for employees who have resigned or been terminated.

System Maintenance Process (IT Department Responsibilities):

● Regularly backup the access control system software and data.

● Monitor the server and network to ensure they are functioning correctly.

● Document all maintenance activities and any incidents of downtime. (Forms to be

developed. RCA to be done)

● Send email notifications to the Admin Manager/All stakeholders for any critical updates

or issues.

● All maintenance should be based on prior approval from the system owners (ADMIN

TEAM) (inside change management tools)

● Implement and execute security audits on servers and matrix software. Server event

audits should be implemented at the domain level, and a password policy should be in
 Page | 18

place to ensure enhanced security for the system (For example. Strong Passwords,
Password Expiry every 180 days etc.)

● All the above needs to be implemented as a separate Security Audit & Change

Management Process following industry standards. (Ex. ITSM)

Document Actions: (IT Department)

● Log all changes made to the access control system. (Servers, Network and data

backups)

● Send email notifications to the Admin Manager detailing the changes.

● All maintenance activities or planned downtimes related to servers and Matrix software

must be conducted with prior approval from the respective system owners.

Quarterly/Annual Audit: (Collaborative activity by all stakeholders)

● Conduct a thorough review of individuals with access to the access control

management software and server resources.

● Document the audit findings and submit them to the system owner (Admin Manager)

for review.

● The IT manager is responsible for submitting system-level audit reports to the Admin

Manager for evaluation.

● The HR team must ensure that any terminated or resigned employees do not retain

access permissions to the access control system during the audit.

 Page | 19

Compliance
All stakeholders must adhere to the procedures outlined in this document to ensure the
security and integrity of the access control system. Noncompliance will be addressed according
to the company’s IT security policy.

Discrepancies of the Existing Access Control System
Access Control System issues
Technical challenges with existing
devices during new employee
enrolment
Certain staff members have access
to restricted areas
Employee data entered incorrectly,
resulting in mismatches
Staff ID and Matrix ID conflict
during data transmission to HR
Software system
Page | 20
Challenges Possible Solutions
Enrolment Conduct thorough
difficulties troubleshooting of devices;
impacting consider upgrading firmware or
efficiency hardware if necessary
Unauthorized Review access control settings:
access poses revoke unauthorized access and
security risk reassign permissions
Work with the Cipher Bizz team
to have a UI to show the
Data inaccuracies
mismatched entries between the
leading to
Cipher Bizz data and Matrix data
operational
and correct it manually in the
inefficiencies
Matrix database. This is the cost-
effective way to solve it
Work with the Cipher Bizz team
to have a UI to show the
ID conflicts causing
mismatched entries between the
data
Cipher Bizz data and Matrix data
synchronization
and correct it manually in the
issues
Matrix database. This is the cost-
effective way to solve it.
 Page | 21

Inadequate access
Lack of door access privileges for controls Assign access privileges based on
entry and exit compromising roles and responsibilities
security

Inconsistent access Adjust access schedules to align

Employees accessing premises on policies leading to with operational requirements;
the 10th floor on Sundays security enforce access restrictions based
vulnerabilities on time and day

Unmanaged Implement centralized update

Lack of control over device updates leading to management system; establish
software/firmware updates system regular update schedules and
vulnerabilities protocols

Unauthorized Enforce strict access controls and

IT professionals modifying control modifications permissions; implement approval
systems without clearance posing security workflows for system
risks modifications

Incomplete device
Certain devices not appearing in the
visibility impacting Needs be to be added in
software device list i.e. Data center
monitoring and Matrix Software
IT Room and IT staff (10th Floor)
management
 Page | 22

Sign Off – Sheets

Recommendati
Name Position Date Signature
ons & Approvals

Initiated / Senior Manager

Shiyas Abubekar 30.05.2024
Recommended by Administration

Chief Operating
Amjad Hijazi 30.05.2024
Officer
Reviewed By Chief
Fazal Mohamed Governance
30.05.2024
Nassim and Compliance
Officer

Mohamed Rusan Chief Executive

Approved by 30.05.2024
Fyroze Officer