Day: May 27, 2025

Aditya Khemkha In a defining move that signals the rise of a more secure, self-reliant, and quality-assured surveillance ecosystem, the Ministry of Electronics and Information Technology (MeitY) has introduced a new compliance requirement for the CCTV industry in India. As per the official gazette notification dated April 9, 2024, MeitY has made STQC certification mandatory for all CCTV cameras – whether manufactured, imported, or sold across the country. This change falls under the updated Electronics and Information Technology Goods (Compulsory Registration) Order, 2021, and mandates compliance with Essential Requirements (ERs) and BIS certification (IS 13252 Part 1). All non-compliant models will be barred from sale or distribution post April 9, 2025. The decision marks a pivotal shift in India’s approach toward surveillance technology, one that reinforces national security, data privacy, cybersecurity resilience, and consumer trust. Understanding STQC: The new quality gatekeeper for CCTV Standardisation Testing and Quality Certification (STQC) is a set of quality assurance frameworks developed by MeitY. STQC focuses on rigorous technical validation to ensure electronics, especially security and surveillance equipment, meet defined standards of safety, reliability, and performance. It goes beyond functional efficiency and delves deep into the core of cybersecurity, hardware resilience, and data protection protocols. STQC certification for CCTV cameras demands comprehensive testing of encryption mechanisms, firmware integrity, secure communication protocols, and physical robustness, setting a new benchmark for surveillance products in India. Key provisions of the mandate ● Universal Applicability: All analog, IP, and speed dome cameras must obtain STQC certification under IS 13252-1 (IEC 60950-1) standard. ● Cybersecurity by Design: Every certified product must comply with stringent ERs, including:• Secure communication via TLS/ HTTPS. • Enforcement of strong, unique passwords. • Disabling of debugging/ test ports in shipped devices. • Uniformity in firmware versioning and patch management ● Tamper-Resistance & Physical Security: • Devices must feature secure enclosures • Physical ports must be access-controlled or locked • External interfaces must be designed to deter unauthorized access ● Certification Deadline: Effective from April 9, 2025, all non-certified models will: • Be removed from the BIS license databases • Be ineligible for new model approvals • Face prohibition from manufacturing, sales, or imports within India A boost for Atmanirbhar Bharat & indigenous innovation The STQC mandate is not just a regulatory milestone; it is a strategic enabler of India’s ‘Atmanirbhar Bharat’ vision. By enforcing stringent quality and cybersecurity parameters within the national ecosystem, the regulation actively discourages substandard, foreign-dumped products and opens new doors for domestic manufacturers and indigenous innovations. For Indian brands, the path forward is not just about compliance, but about leading with conviction, capability, and country-first commitment. CP PLUS: At the forefront of India’s secure surveillance revolution India’s leading surveillance brand, CP PLUS, has long believed that surveillance is not just about watching –it’s about protecting, preventing, and preserving. With a well-established ecosystem of design, development, and manufacturing facilities in India, CP PLUS is uniquely positioned to meet and exceed STQC standards. Having already invested significantly in R&D, firmware security frameworks, and hardware hardening protocols, CP PLUS is fully equipped to align its product portfolio, including IP cameras, analog cameras, PTZ solutions, and smart edge devices, with the new STQC requirements. From encryption standards embedded into every transmission to physical designs engineered for tamper resistance, CP PLUS products are built with a vision to offer trustworthy, high-integrity surveillance for every Indian household, institution, enterprise, and government body. This proactive compliance readiness, backed by decades of market leadership, positions CP PLUS not just as a manufacturer but as a national partner in security sovereignty. Impact on the surveillance ecosystem The introduction of STQC compliance brings with it significant ramifications, some challenging, but many promising, for the surveillance industry at large: Enhanced Security and Trust: With encrypted data transfers, consistent firmware, and tamper-proof designs becoming mandatory, consumers and institutions can trust their surveillance systems like never before. Operational Challenges for Some Manufacturers: The path to compliance is not without its hurdles. From obtaining testing approvals to updating legacy firmware, and from redesigning physical components to aligning supply chains, the industry must prepare for transformation at all levels. Supply Chain Realignment: Manufacturers relying on imported, non-compliant components may face disruptions. India-based supply chains, however, will benefit from renewed focus and investments. A Rise in Standardization and Benchmarking: The move encourages surveillance systems to be assessed on standardized parameters – enabling fair comparison, consistent performance expectations, and better buyer awareness. The way forward: Standardised, secure & sovereign India’s move to mandate STQC certification for CCTV cameras is more than regulatory enforcement, it is a declaration of security independence and consumer dignity. In an age where surveillance systems can be the first line of defense against everything from local crime to cyber intrusion, ensuring that every device is secure by design is not just prudent, it is essential. By championing this regulation, MeitY has created a model for proactive, pre-emptive cybersecurity governance, one that puts India in the global spotlight as a nation where digital trust is engineered into every device. And with brands like CP PLUS leading the way, the future of surveillance in India looks indigenized, intelligent, and impregnable. Read More

By Milind BorkarMD, Systematica Suyog Security Consultants(Sr. Consultant & Security Expert) As technology evolves very fast from year to year, it becomes a challenging task to determine the requirements to build a secure, robust and almost fool proof system that will fulfill all basic security parameters. These parameters will vary for each new system as the same parameters cannot be applied across the board for all systems. A robust system that meets the security requirements for any new and or green field project, the following points will drive the decision-making process. We will use a CCTV system as an example As one can see there are several factors that influence the decision-making process in building a security system. We will briefly go over each one of them in the following sections Budget and time available As in any and every sphere of life the available budget is the key factor. Based on the available budget and time available, a determined effort needs to be put in place to first build a project specific requirements document. Several trade-offs will need to be considered if the project requirements cost exceeds the available budget. This could be an iterative process that will consume time and money in the planning phase. Each new or green field project or an update/ refresh cycle of an existing deployment must go through this elaboration process to avoid nasty surprises in the implementation/ build phase. Site survey Conducting a site survey is the basis of building a security system. This phase is the most critical where a thorough site survey is conducted to determine security vulnerabilities. Along with this a determination needs to be made as to what other systems are required to complement the main CCTV system. The illustrative airport diagram should give a very good idea of the other security components that need to be explored. Once this information is gathered and documented, then this information becomes the driving force for subsequent phases of the project. We will use the following diagram to highlight all the components that constitute a surveillance/ security system. We have used an airport as a used case. A typical airport is a super-set of any security deployment The best way to illustrate the process of building a security system is through an example. We are using an airport as an example as it has a super-set of inputs that can be applied to any security system design. The following color-coded table is used to distinguish the various inputs/ requirements received from the customer. The following table is a standard template that can be used to capture security requirements. These inputs are used to design the entire security system which can then be used to calculate the cost of the implementation. Using the above inputs from the customer and the respective BOQs for each airport, a complete design can be derived. The following table shows the output of the design process for 24 airports. Each airport has the same security requirements but BOQs are different Once the design is completed to a 90% level of the target specification, the budgetary process can be started. Several vendors, RFQs etc. will be involved to go through an iterative process. This process will vary for each geographical region and must be considered. Without going into the details that vary for different geographical regions the important point to consider is the vendor selection process as it has a significant impact on the quality, robustness and overall cost of the system. Customers desirous of building a security system can engage subject matter experienced consultants who can guide and evaluate all the variables/ entities in the decision-making process. Cost optimization through simulation A security system design, implementation and build out are a complex system with many sub-systems that need to work with each other flawlessly. Every care must be taken in the early phases of the project as many variables are involved which can have a significant impact on the overall cost. One of the ways to help this process is to run a simulation based on the customer inputs. Through experience the ‘SYSTEMATICA SUYOG SECURITY CONSULTANTS’ has determined the following: ● The customer knows what he wants but does not know how to get there. ● Almost all vendors over sell their products and services which do not benefit the customer in any way. ● A consultant is required in all cases to systematically guide and evaluate all the options available to provide the highest performance at the lowest cost to the customer. The SYSTEMATICA SUYOG SECURITY CONSULTANTS provides consulting services through all phases of the project. They have built a proprietary ‘Design Engine’ as well as a proprietary ‘Simulation Engine’ through years of experience dealing with customers and their security requirements. We at SYSTEMATICA SUYOG SECURITY CONSULTANTS always put the customer FIRST and provide professional consultancy services. We will now go through a simulation for one of 24 airports. We will show how our simulator determines the highest performance at the lowest cost. The following graph illustrates this. The X-Axis shows the percentage of cameras running video analytics (VA). The Y-AXIS shows the cost in a standardized format. The DELTA between the lowest cost and the highest cost is 3X. VA stands for Video Analytics; VMS stands for Video Management Software. The GREEN line is the overall COST with the other colored lines that sum up to the overall GREEN line cost. Impact of Cost of Running Video Analytics for 24 airports ● Percentage of cameras running Video Analytics is the only single tactor that influences overall CCTV system design and hence overall Cost. ● Can Apply same Design Template across all airports as far as Video Analytics is concerned. ● Each Airport has unique characteristics because of different BOQ camera quantities and functionality grouping of cameras. ● If one uses a Single Design Template per airport then we run the risk of under served or over served airports unless a thorugh analysis is done….