ISO Compliance For Large Scale CCTV Systems

Has anyone undertaken an ISO (International Standards Organization) compliance exercise for a large scale CCTV system? This includes such as CCTV data classification and the assessment of CCTV related processes for risks? What were the outcomes of the exercise?

ISO does have some specific guidelines related to CCTV (e.g. digital evidence), but I am interested to know if there have also been more general ISO compliance exercises undertaken for CCTV?

I have never heard of this being done but that may just mean it's uncommon in North America. I am curious what others have to say.

I did a few google search for ISO with some common industry keywords and did not get any good results, either.

Do you want to do this or is someone telling you to do this? I am trying to understand the broader objective or interest.

We are being asked to do this as part of a wider IT exercise to broadly classify all data (including CCTV live & recorded data) with the view to assessing risks and protecting the data in accordance with its classification.

There seems to be a myriad of best practice documentation out there in relation to CCTV, especially from the UK , which covers the protection of CCTV data.


BS 7958 gives recommendations for the operation and management of Closed circuit television (CCTV) within a controlled environment. It applies where data that might be offered as evidence is received, stored, reviewed or analyzed. It also applies to the monitoring of traffic regulations.

Yes, the UK has a lot of laws (more than any country I know) covering video surveillance. My understanding is that the UK laws go far beyond the ISO.

Have you checked your country's specific laws regarding data privacy and video surveillance?

FYI a recent (Nov 2015) update to the BSI (Business Standards) for CCTV

Revised BS 7958:2015 Closed circuit television (CCTV) – Management and operation – Code of practice