🛡️ Security Systems

CCTV Surveillance System for Buildings — A Comprehensive Guide

From camera selection and network design to BIS/STQC compliance and CVC-compliant procurement — an authoritative guide by India's premier building infrastructure consultant, backed by 34 years of managing security across 35 RBI office buildings nationwide.

Contents

⚠️ Regulatory Alert — April 2026 Deadline: From 1st April 2026, only CCTV cameras certified under both BIS (IS 13252) and STQC Essential Requirements (ER:01) for cybersecurity will be legally permitted for sale in India. If you are planning a new CCTV installation or upgrading an existing system, ensure your vendor supplies only compliant equipment. Read more about CCTV compliance below →

1. What is a CCTV System?

Closed Circuit Television (CCTV) refers to a video surveillance system in which camera signals are transmitted to a limited set of monitors or recording devices — unlike broadcast television, which transmits signals openly. The term "closed circuit" distinguishes these systems by their restricted, point-to-point transmission, making them inherently suited to security applications where controlled access to footage is essential.

Modern CCTV has evolved far beyond the simple camera-and-monitor setups of earlier decades. Today's systems are networked, digital, and increasingly intelligent. A contemporary CCTV installation in a commercial building is a complete surveillance ecosystem comprising high-resolution IP cameras, network switches with Power over Ethernet (PoE), Network Video Recorders (NVRs) or server-based storage, Video Management Software (VMS), video analytics powered by artificial intelligence, and integration with access control, fire alarm, and Building Management Systems (BMS).

This evolution — from analog coaxial cable systems to IP-based networked infrastructure — has fundamentally changed how buildings are monitored, how incidents are detected and responded to, and how video evidence is stored, retrieved, and used. For facility managers and building owners, understanding this evolution is critical to making informed decisions about procurement, design, and long-term maintenance of their CCTV infrastructure.

2. Why Buildings Need Professional CCTV Surveillance

A well-designed CCTV system serves multiple critical functions for any building — whether it is a corporate office, a bank branch, a hospital, a government building, or a residential society:

Deterrence

Visible cameras are among the most effective deterrents against theft, vandalism, trespassing, and other criminal activities. The psychological impact of being watched — and the knowledge that evidence is being recorded — discourages potential offenders. Strategic placement of cameras at entry points, perimeter walls, parking areas, and public lobbies maximises this deterrent effect.

Evidence Collection

When incidents do occur, properly recorded CCTV footage provides crucial evidence for investigation, insurance claims, and legal proceedings. For this purpose, camera resolution, retention period, time synchronisation accuracy, and chain-of-custody procedures are all critically important. Poorly specified systems often fail precisely at this point — footage is too low in resolution to identify individuals, or recordings have been overwritten before the incident is discovered.

Real-Time Monitoring & Incident Response

With modern VMS platforms and AI-powered analytics, security personnel can monitor live feeds from dozens or hundreds of cameras simultaneously, receiving automated alerts for intrusion detection, line crossing, loitering, unattended objects, and other security events. This transforms CCTV from a passive recording tool into an active security management system.

Regulatory & Statutory Compliance

Several Indian regulations and guidelines mandate CCTV surveillance in specific building types. The Reserve Bank of India requires CCTV in bank branches, ATMs, and currency chests. Various state police regulations require CCTV in commercial establishments. The Bureau of Indian Standards, through the National Building Code, provides guidelines for security system installations. Non-compliance can result in penalties, insurance invalidation, and legal liability.

Operational Intelligence

Beyond security, modern CCTV systems deliver operational insights: people counting for occupancy management, footfall analysis for retail spaces, parking utilisation monitoring, meeting room usage tracking, and even health and safety compliance monitoring (such as PPE detection in industrial zones). When integrated with the BMS, camera-based occupancy data can optimise HVAC and lighting operations, contributing to energy conservation.

Insurance & Liability Benefits

Many insurance companies offer reduced premiums for buildings with professionally installed and maintained CCTV systems. In the event of incidents — whether fire, theft, vandalism, or personal injury claims — CCTV footage provides an objective record that can protect building owners from fraudulent claims and reduce dispute resolution timelines.

3. Key Components of a Modern CCTV System

A professional CCTV system consists of several interconnected components. Understanding each component's role helps facility managers make informed decisions during specification, procurement, and maintenance.

📷

Cameras (Video Sources)

The image-capturing devices — available in dome, bullet, PTZ, turret, fisheye, and specialised variants. Key specifications include resolution (2MP to 12MP+), sensor type (CMOS), lens type (fixed, varifocal, motorised zoom), low-light performance (IR range, starlight sensors), and protection ratings (IP66/IP67 for weather, IK10 for vandal resistance).

🔴

Network Video Recorder (NVR)

The recording and storage device for IP camera systems. Receives video streams over the network, processes them, and writes to internal or external hard drives. Available as embedded (standalone appliance) or server-based (enterprise deployments). Key parameters: channel count, recording bandwidth, storage capacity, and RAID support.

🖥️

Video Management Software (VMS)

The software platform that ties the system together — managing cameras, recording schedules, user access, live viewing, playback, event search, and analytics. Enterprise VMS platforms like Milestone XProtect, Genetec Security Center, and others support thousands of cameras across multiple sites with redundancy and failover capabilities.

🌐

Network Infrastructure

The backbone that connects everything — PoE switches (providing both data and power to cameras over a single Ethernet cable), Layer 2 edge switches, Layer 3 core switches, structured cabling (Cat6/Cat6A), and fibre optic links for longer distances or inter-building connections. Proper network design is critical for system reliability.

💾

Storage (SAN/NAS/DAS)

For enterprise deployments, dedicated storage arrays provide the capacity and performance needed for continuous multi-camera recording. Options include Direct Attached Storage (DAS), Network Attached Storage (NAS), and Storage Area Networks (SAN — typically Fibre Channel or iSCSI). RAID configurations protect against drive failures.

📺

Monitoring Stations & Video Walls

Where operators view live feeds and respond to events. Ranges from a single monitor at a security desk to dedicated control rooms with multi-monitor video walls. Modern systems use client workstations running VMS software, with high-performance graphics cards for decoding multiple HD/4K streams simultaneously.

In addition to these primary components, a complete CCTV installation includes supporting infrastructure: an Uninterrupted Power Supply (UPS) to ensure recording continues during power outages, surge protection devices to guard against lightning and power spikes, cable management systems (conduit, cable trays, junction boxes), and environmental protection (camera housings, heaters/blowers for extreme conditions).

4. System Architecture — How It All Connects

Understanding the architecture of a modern IP-based CCTV system is essential for facility managers responsible for building security. The following describes a typical enterprise-grade architecture suitable for a large office building, bank headquarters, hospital, or PSU campus:

Enterprise CCTV System Architecture

📷

Layer 1 — Video Sources (Cameras) IP cameras (dome, bullet, PTZ) distributed across all floors, entry/exit points, perimeters, and critical zones. Each camera connects via Cat6 cable to the nearest edge switch. PoE eliminates the need for separate power cabling to each camera.

⬇

🔌

Layer 2 — Edge Switches (PoE) Layer 2 managed PoE switches installed in floor-level network cabinets. Each switch aggregates camera feeds from 16–48 cameras on that floor. Provides power (PoE/PoE+) and data connectivity. Uplinked to the core network via fibre or 10GbE.

⬇

🔀

Layer 3 — Core Switches Redundant Layer 3 core switches that interconnect all edge switches, recording servers, storage, VMS servers, and operator workstations. VLAN segmentation isolates CCTV traffic from the corporate LAN for security and performance. QoS policies prioritise video traffic.

⬇

💾

Layer 4 — Recording & Storage Recording servers process and write video streams. Live recordings go to high-speed SAS drives (RAID 10); older footage archives to high-capacity SATA/NL-SAS arrays (RAID 5/6). For large deployments, SAN (Fibre Channel or iSCSI) storage provides centralised, scalable capacity.

⬇

🖥️

Layer 5 — Management, Analytics & Viewing VMS management server (centralised configuration and licensing), VAS/analytics server (AI-based event detection), and client workstations/video wall for live monitoring and playback. Remote and mobile clients enable monitoring from anywhere.

💡 Best Practice — Network Segmentation: CCTV traffic should always be carried on a separate, dedicated VLAN (or physically separate network) from the corporate data LAN. This prevents surveillance video from consuming business network bandwidth, protects cameras from being accessed by unauthorised users on the corporate network, and ensures that CCTV system performance is not affected by other network activity. This principle applies equally to small installations with 16 cameras and enterprise deployments with hundreds.

Redundancy & Failover

For mission-critical applications — banks, data centres, government buildings — the architecture should include failover recording servers that automatically take over when a primary recording server fails. The failover server provides hot-standby capability with automatic synchronisation: when the original server is restored, recordings are automatically merged. In virtualised environments (VMware, Hyper-V), features like VMotion or Live Migration allow maintenance without any recording downtime.

Multi-Streaming

Modern IP cameras can deliver multiple simultaneous video streams at different resolutions and frame rates. A typical configuration uses a high-resolution stream (e.g., 4MP at 15 fps) for recording, a lower-resolution stream (e.g., CIF at 8 fps) for live viewing on multi-camera layouts, and a third stream for analytics processing. This approach optimises both storage consumption and network bandwidth.

5. Types of CCTV Cameras

Selecting the right camera for each location is one of the most important decisions in CCTV system design. Each camera type is optimised for specific deployment scenarios:

Camera Type	Best Used For	Key Characteristics
Dome Camera	Indoor areas — lobbies, corridors, offices, retail floors	Discreet, vandal-resistant (IK10), wide-angle, ceiling-mounted. Difficult for observers to determine viewing direction.
Bullet Camera	Outdoor perimeters, building exteriors, car parks	Long-range IR illumination, weatherproof (IP67), highly visible as a deterrent. Easy to aim at specific areas.
PTZ Camera	Large open areas, campus perimeters, VIP entrances	Pan-Tilt-Zoom capability with 20x–40x optical zoom. Operator-controlled or preset patrol positions. Can track moving subjects across large areas.
Turret / Eyeball	Indoor/outdoor general purpose — corridors, stairwells	Flexible angle adjustment without loosening mounts. No IR reflection on dome cover (common issue with dome cameras). Compact form factor.
Fisheye / Panoramic	Open halls, atriums, reception areas, meeting rooms	180° or 360° field of view from a single camera. Dewarping software corrects the distorted image. Reduces total camera count for wide areas.
Thermal Camera	Perimeter security, fire detection, industrial zones	Detects heat signatures regardless of lighting conditions. Effective in complete darkness, fog, and smoke. Used for perimeter intrusion detection and early fire warning.
ANPR / LPR Camera	Vehicle entry gates, parking areas, toll points	Automatic Number Plate Recognition. Specialised lens, IR illumination, and software for capturing and reading vehicle registration plates at speed.

Critical Camera Specifications for Facility Managers

When reviewing camera specifications for tender documents or procurement, focus on these parameters:

Resolution: Measured in megapixels (MP). 2MP (1080p) is the practical minimum for new installations. 4MP offers a good balance of detail and storage efficiency. 4K (8MP) is used where identification-level detail is required (cash counters, entrance face capture).
Sensor Size & Low-Light Performance: Larger sensors (1/1.8" or 1/2.8") deliver better performance in low-light conditions. Look for "starlight" or "DarkFighter" rated cameras for areas with minimal lighting.
Compression: H.265 (also called HEVC) reduces storage requirements by 30–50% compared to H.264 at equivalent quality. H.265+ or Smart Codec variants offer additional savings through intelligent encoding that reduces bitrate for static scenes.
IR Range: The effective distance of the camera's built-in infrared illumination for night vision. Typical ranges: 30m for dome cameras, 50–80m for bullet cameras, 100m+ for specialised long-range models.
WDR (Wide Dynamic Range): Essential for locations with mixed lighting — building entrances where sunlight creates strong backlight, corridors with windows, ATM lobbies. True WDR (120dB+) uses multiple exposures; digital WDR is a software approximation and less effective.
Protection Ratings: IP66/IP67 for outdoor weather resistance. IK10 for vandal resistance (important in public areas and correctional facilities).
ONVIF Compliance: The Open Network Video Interface Forum standard ensures interoperability between cameras and VMS from different manufacturers. Always specify ONVIF Profile S (streaming) and Profile G (recording) compliance.
BIS Certification: As of April 2026, mandatory for all CCTV cameras sold in India. Verify the BIS R-number and STQC ER:01 compliance certificate.

6. IP vs Analog CCTV — Choosing the Right Technology

This is one of the most consequential decisions in any CCTV project. The industry has decisively moved toward IP-based systems, but understanding both technologies is important — particularly for organisations upgrading legacy installations.

Parameter	Analog (HD-TVI/HD-CVI/AHD)	IP / Network
Maximum Resolution	Up to 8MP (limited by coax)	Up to 12MP and beyond
Cabling	Coaxial (RG59/RG6)	Cat6/Cat6A (also carries power via PoE)
Power Delivery	Separate power cable or power-over-coax	PoE — single cable for data + power
Scalability	Limited by DVR channel count	Highly scalable — add cameras and switches
Video Analytics	Basic (DVR-side only)	Advanced — edge analytics on camera + server-based AI
Cybersecurity	Not network-connected (inherently isolated)	Requires VLAN segmentation, firmware management, strong passwords
Remote Access	Limited (through DVR)	Full — browser, desktop client, mobile apps
Integration	Standalone system	Integrates with access control, BMS, fire systems, analytics platforms
Total Cost (Large System)	Lower upfront, higher long-term	Higher upfront, lower long-term (single cable, PoE, scalability)
BIS/STQC Compliance	Applicable	Applicable — cybersecurity ER:01 testing more relevant

💡 BuildingInfra Recommendation: For new installations in commercial buildings, PSU offices, banks, and hospitals, IP-based CCTV is the clear choice. It offers superior resolution, built-in analytics, single-cable installation (PoE), seamless integration with other building systems, and compliance with modern cybersecurity requirements. Analog HD may still be appropriate for very small installations (under 16 cameras) with limited budget and no requirement for analytics or integration. For organisations with existing analog infrastructure, a phased migration using encoders (analog-to-IP converters) offers a practical transition path.

7. Recording & Storage — NVR, DVR & Cloud

Storage is often the most underestimated aspect of CCTV system design. Getting it wrong means either running out of capacity (and losing critical footage) or massively overspending on unnecessary storage. A rigorous, calculation-based approach is essential.

Storage Calculation Factors

The storage required for a CCTV system depends on five key variables:

Number of cameras
Resolution and frame rate — A 4MP camera at 15 fps generates far more data than a 2MP camera at 10 fps
Video compression codec — H.265 typically requires 30–50% less storage than H.264 at comparable quality
Recording mode — Continuous recording consumes far more storage than motion-triggered or scheduled recording
Retention period — The number of days footage must be kept (typically 30 days for commercial buildings, 60–90 days for banks and government buildings)

Worked Example

For a 64-camera system using 4MP cameras at 15 fps with H.265 compression, continuous recording, and 60-day retention:

Average bitrate per camera (4MP, H.265, 15fps): approximately 4 Mbps
Daily storage per camera: 4 Mbps × 86,400 seconds ÷ 8 = approximately 43.2 GB/day
Total daily storage: 43.2 GB × 64 cameras = approximately 2,765 GB/day (~2.7 TB/day)
60-day retention: 2.7 TB × 60 = approximately 162 TB raw storage
Add 15–20% overhead for RAID, file system, and indexing: ~190 TB usable storage required

Storage Best Practice — Two-Tier Architecture

Enterprise deployments benefit from a two-tier storage approach:

Live Database (Tier 1): High-speed SAS drives in RAID 10 configuration. Stores the most recent recordings (typically 6–24 hours). The fast write speed and RAID 10 redundancy ensure reliable recording even under heavy multi-camera write loads. Because only recent footage is stored here, disk utilisation remains low, which reduces heat generation and extends drive life.
Archive Database (Tier 2): High-capacity SATA or NL-SAS drives in RAID 5 or RAID 6 configuration. Recordings are periodically archived from Tier 1 to Tier 2 on a scheduled basis. The archive storage handles playback and retrieval requests, freeing the live storage to focus on continuous recording.

This approach — fast disks for writing, large disks for archiving — significantly improves system reliability and playback performance.

Cloud & Hybrid Storage

Cloud storage for CCTV is gaining traction, particularly for multi-site organisations that want centralised access to footage without maintaining on-premises infrastructure at every location. However, for Indian PSUs and banks, data sovereignty, bandwidth costs, and regulatory requirements often favour local storage with cloud-based management and remote access. A hybrid model — local recording with cloud backup of critical clips and alerts — offers a practical middle ground.

8. Network Infrastructure for CCTV

The network is the backbone of any IP-based CCTV system. A poorly designed network will undermine even the most expensive cameras and recorders. The fundamental principles of CCTV networking differ from general IT networking in that video traffic is continuous, bandwidth-intensive, and latency-sensitive.

Bandwidth Planning

Every camera continuously consumes network bandwidth. The total bandwidth required depends on camera resolution, frame rate, compression, and scene complexity. A conservative planning approach:

2MP camera (H.265, 15 fps): ~2–3 Mbps
4MP camera (H.265, 15 fps): ~4–6 Mbps
4K/8MP camera (H.265, 15 fps): ~8–12 Mbps

For a 48-port PoE switch serving 48 cameras at 4MP, the aggregate upstream bandwidth requirement is approximately 240 Mbps — well within 1GbE uplink capacity but requiring careful design if multiple such switches share a common uplink.

Cabling Standards

For new CCTV installations, Cat6 cable is the recommended minimum. Cat6A is preferred for future-proofing (supports 10GbE and offers better shielding against interference). Maximum cable run length for Ethernet is 100 metres (including patch cables). For distances beyond 100m, options include fibre optic links, PoE extenders, or intermediate switches.

PoE (Power over Ethernet)

PoE is one of the greatest advantages of IP CCTV — a single Ethernet cable delivers both data and power to the camera, eliminating the need for separate power cabling and local power supplies at each camera location. Key PoE standards:

IEEE 802.3af (PoE): Up to 15.4W per port — sufficient for most fixed cameras
IEEE 802.3at (PoE+): Up to 30W per port — required for PTZ cameras, heater-equipped housings, and cameras with IR LEDs
IEEE 802.3bt (PoE++): Up to 60W or 90W per port — for high-power PTZ cameras and devices requiring additional power

When selecting PoE switches, calculate the total PoE budget: the sum of power requirements of all connected cameras must not exceed the switch's total PoE power budget. Always include a 20% safety margin.

Network Security for CCTV

This is increasingly critical — and now a regulatory requirement under the STQC ER:01 framework. Essential practices include:

Dedicated VLAN for CCTV — isolated from the corporate network
Changing all default passwords on cameras, NVRs, and switches immediately upon installation
Disabling unused network protocols and ports on cameras (Telnet, SNMP v1/v2, UPnP)
Regular firmware updates to patch known vulnerabilities
HTTPS encryption for all web-based access to cameras and VMS
802.1X port-based authentication to prevent rogue devices from connecting to the CCTV network
Physical security of network switches and server rooms

9. AI & Video Analytics

Artificial intelligence has transformed CCTV from a passive recording system into an active threat detection and business intelligence platform. Video analytics can be processed at the edge (on the camera itself) or on dedicated analytics servers.

Security Analytics

Intrusion Detection: Triggers an alert when a person or vehicle enters a defined zone during specified hours
Line Crossing: Detects when someone crosses a virtual boundary — useful for restricted areas, perimeter fences, and one-way passages
Loitering Detection: Alerts when a person remains in a specified area beyond a configured time threshold
Object Left/Removed: Detects abandoned bags (security threat) or removed equipment (theft)
Tailgating Detection: Identifies when an unauthorised person follows an authorised person through an access-controlled door
Human/Vehicle Classification: Modern AI distinguishes between humans, vehicles, animals, and environmental movement (trees, shadows, rain) — dramatically reducing false alerts compared to basic pixel-based motion detection

Operational Analytics

People Counting: Accurate occupancy data for building management, emergency evacuation planning, and compliance with occupancy limits
Queue Management: Detects queue length at counters and triggers alerts when wait times exceed thresholds
Heat Mapping: Visualises traffic patterns and high-activity zones over time
PPE Detection: Verifies that workers in industrial or construction zones are wearing required safety gear

💡 Caution on Analytics: Many vendors make impressive claims about their analytics capabilities. Before procurement, always insist on a Proof-of-Concept (PoC) test under actual site conditions — real lighting, real camera angles, real traffic patterns. Analytics that work perfectly in a vendor's demo room may perform poorly in the mixed lighting, crowded conditions, and variable weather of your actual building. BuildingInfra's vendor-neutral advisory helps organisations conduct rigorous PoC evaluations before committing to procurement.

10. CCTV System Design — From Site Survey to Commissioning

Designing a CCTV system is as much an art as it is a science. A well-designed system precisely meets the building's security objectives without over-engineering or under-specifying. The professional design process follows these stages:

Stage 1 — Understanding Requirements

Before any equipment is selected, the designer must thoroughly understand: What is the primary purpose of the CCTV system — deterrence, evidence collection, real-time monitoring, or all three? Who will operate the system — dedicated 24-hour security personnel, part-time guards, or remote monitoring? What are the regulatory requirements specific to this building type? What is the expected retention period? Is integration with other systems (access control, fire alarm, BMS) required? What is the realistic budget?

Stage 2 — Site Survey

A thorough physical inspection of the building is non-negotiable. The site survey should document:

All entry and exit points (main entrances, fire exits, loading docks, basement access)
Perimeter coverage requirements (compound walls, fences, gates)
Critical interior zones (cash counters, server rooms, vaults, reception areas, corridors)
Lighting conditions at different times of day — east-west orientation, backlighting from windows and glass facades, areas with mixed or very low light
Existing infrastructure that can be leveraged (cable trays, conduit runs, network rooms, power points)
Cable route feasibility and maximum distances from cameras to the nearest network cabinet
Environmental factors — dust, humidity, coastal salt air, extreme temperatures, vibration from machinery
Aesthetic considerations — discreet installation in heritage buildings, hotels, and premium office spaces

Stage 3 — System Design & Equipment Specification

With requirements understood and the site surveyed, the designer creates:

Camera schedule: A tabulated list of every camera position, specifying camera type, model, lens, resolution, mounting method, and the area it covers
Floor plans/layout drawings: Showing camera positions, cable routes, switch/NVR locations, and control room layout
Network design: Switch topology, VLAN configuration, PoE budget, bandwidth calculations, and IP address allocation
Storage calculations: Based on camera count, resolution, frame rate, compression, and retention period
Single-line diagram: The complete system architecture showing how all components interconnect
Bill of Quantities (BOQ): Detailed listing of all equipment, cabling, accessories, and installation materials

Stage 4 — Installation & Commissioning

Professional installation follows the approved design drawings. Key installation practices include proper cable management (no cables hanging loose, all runs in conduit or cable tray), correct termination and testing of every cable, secure camera mounting at specified heights and angles, and proper labelling of all cables, ports, and equipment. Commissioning involves verifying every camera's image quality, coverage, and night-vision performance, confirming recording and playback for every channel, testing analytics configurations, validating network performance, and documenting the as-built system.

Stage 5 — Training & Handover

The system is only as effective as the people operating it. Training should cover daily operation (live viewing, playback, export), alert response procedures, basic troubleshooting, and reporting. Complete documentation — including as-built drawings, equipment manuals, network configuration details, passwords, and warranty information — must be handed over to the building's facility management team.

11. Indian Regulatory Framework — BIS, STQC & Compliance

India's CCTV regulatory landscape has undergone a fundamental transformation. Understanding and complying with these regulations is now essential for any organisation procuring CCTV equipment.

BIS Compulsory Registration Scheme (CRS)

The Bureau of Indian Standards requires all CCTV cameras sold in India to be registered under the Compulsory Registration Scheme (CRS) as per IS 13252 (Part 1):2010 / IEC 60950-1. This safety certification has been mandatory since 2018. Every compliant camera carries a BIS R-number (e.g., R-61000123) on the product and packaging. Cameras without valid BIS registration cannot be legally sold in India, and violations carry penalties of up to ₹2 lakh under the BIS Act, 2016.

Essential Requirements for Security (ER:01)

In April 2024, the Ministry of Electronics and Information Technology (MeitY) introduced the Essential Requirements (ER:01) for Security of CCTV — a cybersecurity-focused certification regime that goes beyond the earlier safety-only BIS certification. ER:01 requires CCTV cameras to demonstrate:

Secure firmware architecture with integrity verification
Encrypted communication protocols (HTTPS, TLS)
Strong authentication mechanisms — no hardcoded or default passwords
Protection against unauthorised access and tampering
Secure boot and firmware update processes
Compliance with OWASP 4.0 Level 2 security testing
Trusted Supply Chain framework adherence

Testing and certification is conducted exclusively by STQC (Standardisation Testing and Quality Certification) laboratories authorised by MeitY.

The April 2026 Deadline

From 1st April 2026, only CCTV cameras that hold both the BIS safety certification and STQC ER:01 cybersecurity certification will be permitted for sale in India. Non-compliant camera models will be removed from the BIS license scope and prohibited from sale. This is one of the most significant regulatory shifts the Indian surveillance industry has seen.

What This Means for Buyers

If you are procuring CCTV equipment for your building, you must:

Verify that every camera model in the tender has a valid BIS R-number
Demand the STQC ER:01 compliance certificate from the vendor
Include BIS + STQC ER:01 compliance as a mandatory eligibility criterion in tender specifications
Be aware that existing BIS certificates issued before the ER:01 regime may have been invalidated — verify current status

Public Procurement Order (PPO) & Make in India

For PSU and government procurement, the Public Procurement (Preference to Make in India) Order adds another compliance layer. CCTV equipment classified as "Class I" or "Class II" local suppliers receives preference in government tenders. Procurement officers must verify the domestic value addition claims of vendors and ensure compliance with the PPO framework alongside BIS/STQC requirements.

Data Privacy Considerations

The Digital Personal Data Protection Act, 2023 (DPDPA) has implications for CCTV operations. Organisations operating CCTV systems should display clear signage informing people that surveillance is in operation, establish and document data retention policies (how long footage is kept), implement access controls (who can view or export footage), and maintain records of any footage shared with third parties. While detailed CCTV-specific rules under the DPDPA are still evolving, proactive compliance positions organisations well for any future regulatory requirements.

12. CCTV Procurement for PSUs & Government Buildings

Procurement is where many CCTV projects go wrong — not because of technology failures, but because of poorly drafted specifications, L1-driven lowest-cost awards, and inadequate contract terms. Drawing on 34 years of procurement management at the Reserve Bank of India, BuildingInfra offers unique expertise in this critical area.

Common Procurement Pitfalls

Vague specifications that allow vendors to supply the cheapest possible equipment while technically meeting the tender terms
Lowest-cost (L1) awards without quality safeguards — specifying performance parameters (minimum resolution, IR range, storage calculations, WDR requirement) prevents this
Vendor lock-in through proprietary systems that cannot be serviced by alternative vendors — always specify ONVIF compliance
Ignoring Total Cost of Ownership (TCO) — initial purchase price is misleading; AMC costs over 5–7 years, storage expansion, technology refresh, and software licensing often exceed the initial capital expenditure
Inadequate AMC terms that leave the organisation without effective post-warranty support
Missing BIS/STQC compliance verification — non-compliant equipment may need to be replaced entirely

Best Practices for CCTV Tender Specification

Specify performance parameters (resolution, frame rate, compression, IR range, storage days) rather than brand names
Mandate BIS + STQC ER:01 certification as a minimum eligibility criterion
Require ONVIF Profile S and Profile G compliance for interoperability
Include Proof-of-Concept (PoC) testing as a mandatory evaluation stage for projects above a defined value threshold
Evaluate on Total Cost of Ownership — include 5-year AMC costs, storage expansion costs, and software licensing in the financial evaluation
Require escrow of VMS license keys and system configuration documentation to prevent vendor lock-in
Define clear SLAs for AMC: response time, resolution time, uptime guarantee, penalty clauses, spare parts inventory

💡 CVC Compliance: For PSU and government procurement, all CCTV tenders must comply with the Central Vigilance Commission (CVC) guidelines on procurement integrity. This includes transparent evaluation criteria, separation of technical and financial bids, documented pre-bid conference proceedings, and clear disqualification criteria. BuildingInfra's Public Procurement Advisory service ensures your CCTV procurement process is CVC-compliant from tender drafting through contract award.

13. Maintenance & Annual Maintenance Contract (AMC)

A CCTV system that is installed and forgotten will inevitably degrade. Cameras get dirty, IR LEDs weaken over time, hard drives fail, firmware vulnerabilities are discovered, and network configurations drift. A structured maintenance programme is essential to protect your investment.

Preventive Maintenance Schedule

Frequency	Tasks
Monthly	Verify all cameras are recording. Check image quality on every channel. Clean accessible camera lenses and housings. Verify UPS battery health and backup duration. Review storage utilisation and confirm retention targets are being met.
Quarterly	Check camera alignment (weather and vibration can shift mounting over time). Test playback and footage export for a sample of cameras. Verify IR illumination performance (night-time). Review and apply firmware updates. Test network switch health and PoE delivery. Inspect cable terminations and connections.
Annually	Comprehensive system audit: every camera, every recording channel, every switch port. Hard drive health check (SMART data analysis) — proactively replace drives showing early signs of failure. Review analytics accuracy and recalibrate if needed. Update password and access credentials. Test failover systems. Update system documentation and as-built drawings.

AMC Structure

A well-structured AMC should be comprehensive — covering labour, all spare parts (cameras, hard drives, switches, cables, connectors), firmware updates, emergency response, and preventive maintenance visits. The AMC cost for a professionally maintained system typically ranges from 8–12% of the system's capital value per year. Key SLA parameters to define: maximum response time (4 hours for critical failures in metro cities), maximum resolution time (24–48 hours), minimum system uptime guarantee (99% annually), and penalty provisions for SLA breaches.

14. CCTV Requirements by Building Type

Different building types have distinct surveillance requirements. A one-size-fits-all approach invariably results in either inadequate coverage or unnecessary expenditure.

🏦

Banks & Financial Institutions

RBI mandates CCTV in branches, ATMs, currency chests, and data centres. Requirements include high-resolution face capture at entrances, cash counter monitoring, vault surveillance with tamper detection, ATM transaction-linked recording, and minimum 90-day retention. Multi-branch centralised monitoring through VMS with remote access.

🏢

Corporate Offices

Focus on access control integration, lobby and reception monitoring, server room surveillance, parking management, and meeting room occupancy analytics. Discreet dome cameras for aesthetics. People counting for post-COVID occupancy management. Typical retention: 30–60 days.

🏥

Hospitals & Healthcare

ICU and ward monitoring (with privacy considerations), pharmacy and drug storage surveillance, emergency department coverage, perimeter security, and parking. Special requirements: low-light cameras for patient areas, integration with nurse call systems, and compliance with patient privacy regulations.

🏛️

PSU & Government Buildings

Stringent security requirements covering all entry/exit points, perimeter, VIP areas, server rooms, and document storage. CVC-compliant procurement mandatory. BIS/STQC certification non-negotiable. PPO compliance for Make in India preference. Integration with DFMD, X-ray baggage scanners, and access control. Typical retention: 60–90 days.

🏘️

Housing Societies & RWAs

Entry/exit gate monitoring with ANPR, lobby and lift area cameras, perimeter coverage, parking surveillance. Cost-effective solutions using embedded NVRs. Important: common area coverage only — private areas must not be surveilled. Clear signage mandatory. Typical retention: 15–30 days.

🏨

Hotels & Hospitality

Discreet, aesthetically appropriate cameras in lobbies, corridors, restaurants, parking, and service areas. No cameras in guest rooms or washrooms. PTZ cameras for banquet halls and event spaces. Integration with property management systems for guest safety. Thermal cameras for kitchen fire detection.

15. The BuildingInfra Advantage

BuildingInfra brings a level of CCTV consultancy expertise that is unmatched in the Indian building infrastructure space:

34 Years at RBI

35 Office Buildings Managed

217+ Engineers & Architects Led

25 Cities Across India

Ashok Kumar, Former Chief General Manager (Technical) of the Reserve Bank of India, managed security infrastructure — including CCTV systems — across RBI's nationwide portfolio of 35 office buildings and 14,000 residential quarters in 25 cities. This institutional experience translates directly into the advisory BuildingInfra provides:

Vendor-Neutral Advice: As an independent consultant with no vendor affiliations, our recommendations are based purely on your building's technical and financial best interests — not on manufacturer margins or dealer incentives.
Procurement Governance: Deep expertise in CVC-compliant procurement processes — from tender specification drafting to technical evaluation to contract management. We help you avoid the procurement pitfalls that plague CCTV projects.
Regulatory Compliance: Expert knowledge of BIS, STQC ER:01, PPO, CVC guidelines, and RBI security directives — ensuring your CCTV system is compliant from day one.
Total Cost of Ownership Approach: We evaluate CCTV investments over their entire lifecycle — not just the initial purchase price — including AMC, storage expansion, software licensing, and technology refresh.
Proof-of-Concept Rigour: We design and oversee PoC testing that validates vendor claims under your actual site conditions before procurement commitments are made.
Post-Installation Support: From AMC structuring to periodic system audits and health checks, we ensure your CCTV system performs at its best throughout its operational life.

Get Expert CCTV Consultancy

Whether you're planning a new CCTV installation, upgrading an existing system, or need help with tender specification and procurement governance — speak directly with Ashok Kumar for independent, expert guidance.

Request a Free Consultation

📞 +91-9619111731 | ✉️ ashok8076@gmail.com | 💬 WhatsApp