The European General Data Protection Regulations (GDPR) have been in effect for some time now – since May 2018 – and they have already had some significant impacts on how companies around the globe collect, store, and manage data that includes personal information. In fact, the first penalty levied against an organization for non-compliance to GDPR was for video surveillance violations. Many companies that are affected by these regulations have implemented specific compliance objectives to stay ahead of requirements, which include both organizational and technical safeguards to protect the specified data.
One capability that offers particularly powerful support for ensuring compliance is service assurance. Service assurance is a term originally coined by telecom operators to cover the tools and processes they use for day-to-day operational management of their technology. In essence, service assurance is how providers of an automated service delivered to customers can ensure that the service is being provided as promised.
By implementing service assurance, along with many improvements to their systems that were driven by operational data, telecom operators eventually achieved an impressive reliability for basic telephone service. In a similar way, implementing service assurance on IT and video surveillance systems, for example, can accurately measure and confirm uptime and operational goals while collecting valuable data to guide further improvements.
For example, service assurance solutions like those offered by Viakoo can provide (at a minimum) the following capabilities:
Inventory: detailed information about connected network devices, where they are located, and what version of software they are running
Verification: confirmation of device functioning, monitoring of system conditions, prioritization of problems to be addressed, tracking to application goals
Process: support ticket generation if problems are detected, detecting resolution of problems, provide reporting to demonstrate compliance
Based on these capabilities, it quickly becomes clear how these systems can directly support GDPR objectives. For example, the GDPR requires that the entire data storage and processing system incorporate a policy of data protection by design, meaning that key protective functions must be built into the system and not just applied as an overlay. Automated service assurance solutions help organizations create and maintain such a policy with the ability to perform continuous verification of the physical security network and generate alerts when failures, issues, or potential breaches occur.
For a second example, under GDPR, footage from video surveillance systems can be retained for 30 days, or longer if a risk assessment is performed. Viakoo’s patented technology for calculating and tracking retention periods for video evidence is directly applicable to this requirement, and is built into the service assurance functionality of the software.
Here are some additional examples of how Viakoo service assurance software provides specific capabilities that support GDPR compliance objectives:
- Tracking and updating camera device firmware
- Viakoo software automatically detects the current camera firmware version, and can use a secure chain-of-trust method to automatically update it
- Device Inventory
- Viakoo software automatically creates an inventory of physical security devices on the network, helping maintain a current authorized device list and detecting unauthorized devices
- Malicious file deletions
- Patented Viakoo technology tracks video files to ensure that they are retained as required, and can detect when malicious file deletions have taken place
- Operational logs
- Viakoo provides auditable logs of system and device level operational status to support proof of compliance
The GDPR requirements, and potential penalties for non-compliance, are no joke. Given the stakes, and the complexity of today’s physical security systems, it makes good sense to leverage an automated approach, such as service assurance, to monitor the security system and create auditable records to support compliance.
Click here to download our white paper on GDPR compliance. Or, for more information about how service assurance can help you achieve your GDPR goals, contact Viakoo – we are ready to help!