# Surveillance and Analytics

Combine IP cameras with intelligent monitoring capabilities. The system uses video analytics to automatically detect security incidents, enhance surveillance coverage, and provide real-time alerts for improved site security management.

**Instructions**

* This page helps you prepare "*Solution Requirements*" section in Vendor Management Portal and you will see the exact questions and flow.
* 🔴 **Mandatory questions:** Must answer "Yes" to continue
* 🟡 **Preferred questions:** Can answer either way and continue
* Follow the question flow as indicated

### Q1 🔴 Mandatory - On-site Video Monitoring

**Main Question:** Does your solution enable on-site monitoring through IP-enabled Video Camera?

🔴 **Answer:** ○ Yes \[Next: Q2] ○ No \[⚠️ Cannot Proceed]

***

### Q2 🔴 Mandatory - Surveillance Footage Review

**Main Question:** Does your solution provide video search function to speed up surveillance footage review?

🔴 **Answer:** ○ Yes \[Next: Q3] ○ No \[⚠️ Cannot Proceed]

***

### Q3 🔴 Mandatory - Real-Time Video Functions

**Main Question:** Does your solution provide at least three of the following real-time video analytics functions on the edge? It is mandatory to include the core functions (a) and (b) indicated below:

**Core Functions (Mandatory):** a. \[CORE] Intrusion Detection Module – Define high security zones, and trigger automated alerts to the command centre operative when intruders are detected, which is useful for night guarding b. \[CORE] Camera Tampering Module – Ensure that cameras are working by alerting if views are blocked or out of focus to ensure 24/7 surveillance

**Additional Functions (Choose at least one):** c. Loitering Detection Module – Detect loitering activities by tracking the amount of time visitors spend within an area, e.g. security sensitive areas d. People Counting Module – Count the number of people that walk in and out of premises such as retail mall, office or industrial site, to ascertain the number of people in buildings for fire or crowd management e. Crowd Density Module – Measure the crowd level and track overall activity level within an area to enable the command centre operative to detect anomaly events across multiple screens f. Face Indexing Module – Analyse video for human faces captured and stored according to time and duration to enable automated data collation and help in investigative work g. Occupancy / Trip Wire Counting Module – Limit the number of visitors in an area and alert command centre operative if it has exceeded h. Human Traffic Flow Module – Track peoples' movement (activity) across different regions to gather footfall traffic patterns i. Audience Profiling Module – Identify age, gender and whether the target is smiling, to help the command centre operative understand the crowd profile j. Queue Counting Module – Analyse video to detect and count the number of people in a queue k. Licence Plate Recognition Module – Analyse video for licence plates captured and stored according to the date and time of entry l. Face Recognition Module – Identify individual human faces in digital images to enable automated data collation and help in investigative work

Please specify included functions in the comment section.

Click "Yes" to confirm you have completed the instructions.

🔴 **Answer:** ○ Yes \[Next: Q4] ○ No \[⚠️ Cannot Proceed]

**Text Elaboration Required:** \[Text Box for Description/Details]

***

### Q4 🔴 Mandatory - Real-time Alerts

**Main Question:** Does your solution send out real-time alert triggered by pre-defined video events?

🔴 **Answer:** ○ Yes \[Next: Q5] ○ No \[⚠️ Cannot Proceed]

***

### Q5 🔴 Mandatory - Encryption for Communication

**Main Question:** Does your solution support Secure Sockets Layer (SSL) or other Encrypted Communication Layers between the Video cameras and the Video camera Gateway?

🔴 **Answer:** ○ Yes \[Next: Q6] ○ No \[⚠️ Cannot Proceed]

***

### Q6 🔴 Mandatory - Cloud and Multi-Device Accessibility

**Main Question:** Does your solution allow for cloud-based, mobile-based, and/or web-based usage?

🔴 **Answer:** ○ Yes \[Next: Q7] ○ No \[⚠️ Cannot Proceed]

***

### Q7 🟡 Preferred - Automated Incident Response

**Main Question:** Does your solution automate immediate deployment of resources to manage an incident detected through the surveillance system?

🟡 **Answer:** ○ Yes \[Next: Q8] ○ No \[Next: Q8]

***

### Q8 🟡 Preferred - Multiple Video Feed Analytics

**Main Question:** Does your solution come with machine learning or analytics capability across multiple video camera feeds for risk, threat detection, or prediction?

🟡 **Answer:** ○ Yes \[Next: Q9] ○ No \[Next: Q10]

\--

### Q9 🔴 Mandatory Follow-up - Multiple Video Feed Analytics - Elaboration

*This question appears only if you answered "Yes" to Q8*

**Main Question:** Please elaborate on the threat detection / prediction feature(s) that your solution has.

Click "Yes" to confirm you have completed the instructions.

🔴 **Answer:** ○ Yes \[Next: Q10] ○ No \[⚠️ Cannot Proceed]

**Text Elaboration Required:** \[Text Box for Description/Details]

***

### Q10 🟡 Preferred - Hardware Sub-System(s) Support

**Main Question:** Does your solution provide hardware sub-system(s) deployed on-site to enable a decentralised architecture and remote surveillance?

🟡 **Answer:** ○ Yes \[Next: Q11] ○ No \[Next: Q11]

***

### Q11 🔴 Mandatory - Dashboards and Reports

**Main Question:** Can your solution provide dashboards and reporting capabilities to track key metrics, user interactions, operational performance, or other relevant data insights across your digital solution?

**Dashboard Requirements:** Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users analyse data through data visualisation.

**Interactive Features:** The dashboard must include at least one of the following interactive features:

* Option 1: Interactive charts/graphs that allow users to interact with one chart and apply that interaction as a filter to other charts on the dashboard, and vice versa
* Option 2: At least three common filters/slicers applicable to ALL charts/graphs on the same dashboard

🔴 **Answer:** ○ Yes \[Next: Q12] ○ No \[⚠️ Cannot Proceed]

***

### Q12 🟡 Preferred - AI Features

**Main Question:** Does your solution incorporate AI in your core features and functions?

🟡 **Answer:** ○ Yes \[Next: Q13] ○ No \[Next: Q14]

\--

### Q13 🔴 Mandatory Follow-up - AI Features - Elaboration

*This question appears only if you answered "Yes" to Q12*

**Main Question:** Describe your AI feature and its benefits. Examples are:

**AI Feature Examples:** a. Generate output, identify items, or provide recommendations based on training models to improve decision-making b. Recognise text, images to shorten time taken for manual inputs of forms c. Others, please specify

Click "Yes" to confirm you have completed the instructions.

🔴 **Answer:** ○ Yes \[Next: Q14] ○ No \[⚠️ Cannot Proceed]

**Text Elaboration Required:** \[Text Box for Description/Details]

***

### Q14 🔴 Mandatory - Business Data Extraction

**Main Question:** Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?

🔴 **Answer:** ○ Yes \[Next: Q15] ○ No \[⚠️ Cannot Proceed]

***

### Q15 🔴 Mandatory - Personal Data Protection

**Main Question:** Can your solution demonstrate compliance with the following Personal Data Protection requirements?

**Compliance Requirements:** Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020).

To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at <https://go.gov.sg/pdp>.

🔴 **Answer:** ○ Yes \[Next: Q16] ○ No \[⚠️ Cannot Proceed]

***

### Q16 🔴 Mandatory - Vulnerability Assessment/Penetration Testing (VA/PT)

**Main Question:** Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months?

**Scope Requirements:** The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities.

**Submission Requirements:** Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications.

If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope.

**Note:** \[1] Qualified third-party refers to: CREST-certified companies \[ <https://www.crest-approved.org/members/>] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.

Click "Yes" to confirm you have completed the instructions.

🔴 **Answer:** ○ Yes \[Next: Q17] ○ No \[⚠️ Cannot Proceed]

**Date of Issue Required:** \[Date Field] **Upload Supporting Document Required:** \[File Upload]

***

### Q17 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)

**Main Question:** Are you the Product Principal of the solution that you are submitting for pre-approval?

🟡 **Answer:** ○ Yes \[Next: Q18] ○ No \[Next: Q20]

***

### Q18 🟡 Preferred - CEM for Product Principal

**Main Question:** Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

**Additional Information:** Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to <https://www.csa.gov.sg/cyber-essentials/>

🟡 **Answer:** ○ Yes \[Next: Q19] ○ No \[Assessment Finished]

\--

### Q19 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration

*This question appears only if you answered "Yes" to Q18*

**Main Question:** Please specify the following information: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors ii. The cybersecurity certification the organisation has met iii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 **Answer:** ○ Yes \[Assessment Finished] ○ No \[⚠️ Cannot Proceed]

**Text Elaboration Required:** \[Text Box for Description/Details] **Date of Issue Required:** \[Date Field] **Upload Supporting Document Required:** \[File Upload]

***

### Q20 🟡 Preferred - CEM for Resellers

**Main Question:** Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

**Additional Information:** Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to <https://www.csa.gov.sg/cyber-essentials/>

🟡 **Answer:** ○ Yes \[Next: Q21] ○ No \[Assessment Finished]

\--

### Q21 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration

*This question appears only if you answered "Yes" to Q20*

**Main Question:** Please specify the following information: i. The cybersecurity certification the organisation has met ii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 **Answer:** ○ Yes \[Assessment Finished] ○ No \[⚠️ Cannot Proceed]

**Text Elaboration Required:** \[Text Box for Description/Details] **Date of Issue Required:** \[Date Field] **Upload Supporting Document Required:** \[File Upload]

{% hint style="info" %}
**Preparing for submission?**

Your submission should contain screenshots and write-ups that clearly demonstrate compliance with each mandatory requirement sub-point. [Contact us](https://form.gov.sg/68117f6fa667a54847523fd2) if you need help.&#x20;
{% endhint %}