Skip to content

CCTV (Security Cameras) and Access Control in an Office Building — The Practical Guide for the Manager

ביטחון ובקרה — What CCTV and access control cover, why proactive testing is critical, and privacy and signage obligat…
In this article
  1. Two entirely different systems — and why it's important not to confuse them
  2. The heart of the article: a camera that hasn't been tested is utterly worthless
  3. What proactive testing looks like in practice — two levels, not one
  4. The integration with entry and intercom — where the chain breaks
  5. Privacy and retention — the legal obligations you must not ignore
  6. The real value — beyond "because we have to"
  7. The bottom line for the building manager
  8. Frequently asked questions

Most building managers treat the security cameras and the access-control system as equipment that "was installed once and works." That is exactly the mindset that trips them up at the moment of truth. A camera no one has checked in months, an intercom that rings to an empty reception desk, or a card reader that stopped logging entries — they all look fine on the screen, until the day you need them. I wrote this article from the perspective of someone who actually maintains such systems, in real buildings in Israel: what they cover, what proactive testing that works looks like, what the law requires regarding privacy — and why all of this connects directly to your responsibility as a building manager.

Two entirely different systems — and why it's important not to confuse them

An office building runs two separate security systems that people tend to claim are "the same thing." They are not. The CCTV system (closed-circuit television — the security cameras) records what happens. The access-control system decides who enters and when. The first is evidence after the fact; the second is real-time prevention. A well-managed building needs both, and they work best when they talk to each other — the entrance camera identifies the face, access control opens the door, and the intercom connects the visitor to the right recipient.

The CCTV system — what each camera should cover

Cameras are not installed "just to have them." Each camera should cover a defined operational point: main entrances and exits, the reception lobby, the parking garage on all its levels, elevator lobbies, systems rooms (electrical, communications, pumps), storerooms, and blind spots not visible from reception. The value of each camera is measured by a single question: if an incident happens here, will we see it clearly enough to identify a face, understand a sequence of events, and use it as evidence? A wrong angle, a dirty lens, or too low a resolution — and the entire investment in equipment is worth nothing the moment you need it.

In the field I regularly encounter buildings where the entrance camera was aimed at the head height of an average person, but the door is 30 cm lower — and everyone who enters is photographed mainly from the shoulders down. Correct aiming is a matter of managerial judgment made with the installer during installation and rechecked when needed.

Access control — the building's active layer

Access control is the building's permissions mechanism: proximity cards, fobs, a PIN code, or biometric identification, which decide which doors open for each person and at which hours. Beyond blocking strangers, it produces an entry log — who entered where and when. This log is worth its weight in gold in investigating an incident, in clarifying unauthorized access to a systems room, and in proving presence or absence. A functioning access-control system also allows a permission to be revoked immediately when a tenant changes or an employee leaves — without changing locks throughout the building, without chasing keys, and without leaving the building vulnerable between the departure date and the replacement day.

The heart of the article: a camera that hasn't been tested is utterly worthless

This is the point for which I wrote the entire article. A security system is the only system in the building whose fault is not visible. When an elevator gets stuck — everyone knows. When an air conditioner doesn't cool — there are complaints. But when a camera isn't recording, the disk filled up and overwrote itself, or the lens got covered in dust — no one knows. Everything looks fine. Until the day someone asks for the recording of a specific incident and discovers there's nothing there.

I had a case in a building where a tenant reported a theft from the storeroom. I went to the recorder, searched for footage from that night — and found that eight hours of recording were simply missing. The recorder was in a silent "error mode," still displaying a live image but not writing to the disk. Without proactive testing, you cannot discover something like this until someone asks about a specific recording.

This is exactly why security systems require more active preventive maintenance than any other system in the building. You can't wait for them to break down loudly — they break down quietly. Here are the silent faults I look for proactively:

  • Recording that stopped: a recorder that crashed, a disk that filled up and didn't overwrite cyclically as it should, a camera channel that dropped — all invisible without testing.
  • Degraded image: a dirty lens, focus that shifted, a spider that spun a web on the dome, or a camera that moved from a knock and no longer covers what it was meant to cover.
  • Dead night vision: infrared (IR) LEDs that burned out — the camera looks perfectly fine by day and is completely blind at night, exactly when most incidents happen.
  • An unsynchronized clock: a wrong timestamp on the recording harms its evidentiary value. If there's a one-hour gap between the camera recording and the entry log — both pieces of evidence are weak.
  • Shortened retention: Added cameras to the same recorder? The retention window shrank without your noticing, and it may no longer cover the week of time you need.
  • Access control stuck in "open" mode: a door left open manually, a dead backup battery in a reader, old permissions of employees who left half a year ago and are still active in the system.

None of these faults lights a red bulb. They are all discovered only in proactive testing — or in a disaster. Orderly periodic testing is not a luxury; it is what turns a supposed system into a real one.

What proactive testing looks like in practice — two levels, not one

The testing doesn't need to be complicated — it needs to be regular and documented. I divide it into two levels that complement each other.

Frequent, short check (weekly to biweekly)

  • A pass over the monitor wall — that all channels are live, no black, frozen, or "no signal" screen.
  • Verifying that recording is actually running: entering the recorder interface and checking that the time counter is moving and that the disk is writing, not just displaying.
  • Checking that the timestamp is correct and synchronized.
  • A short pass over the main access-control doors — that they open with a permission and are blocked without one.

In-depth periodic check (monthly to quarterly)

  • Physical cleaning of lenses and domes, checking the coverage angle hasn't shifted from a knock or a wind.
  • Actually testing night vision: looking at each camera's image at a real dark hour, not just "imagining" it works.
  • Pulling a random recording segment and checking that it can be exported, viewed and played — not just that it "exists" in the interface.
  • Verifying the actual retention period against what's required, and checking disk health (S.M.A.R.T. or weighing the disk settings).
  • Checking backup batteries in the card readers and the recorder, and backing up the system's configuration file.
  • Reviewing the permissions list: who is still active in the system, who should have been deleted long ago — tenants who left, cleaning staff who were replaced, service contractors who finished a job.

Each check is documented in a log with the date, the performer's name and findings — including "no fault found." This documentation is the same principle that guides the building's entire annual preventive-maintenance checklist. A security system is simply one more system that must enter this schedule — not stay outside it because "it doesn't complain."

The integration with entry and intercom — where the chain breaks

In an office building, the entrance is not a single component but a chain: a camera at the entrance, an intercom that connects to reception or to the tenant, and access control that opens the door. When one link is broken, the whole chain doesn't work. Usually you discover this when a visitor stands outside and can't be let in, or worse — when someone enters and it later turns out the door didn't close behind them.

The points I check in this integration in practice:

  • The intercom rings to the correct recipient (reception? a specific tenant?) and both directions are heard clearly.
  • Pressing the release actually releases the door within a reasonable timing, and the door closes and locks behind it rather than staying on a "held-open mode."
  • The entrance camera covers whoever stands at the door at real face height — not the crown of their head and not their shoes.
  • During an emergency-system activation: doors that need to open automatically for evacuation — open; doors that need to stay locked for security reasons — stay. This behavior in an emergency is an integral part of the office building's emergency procedures and must be drilled, not assumed to work.

Privacy and retention — the legal obligations you must not ignore

Placing cameras in a building in Israel is not just a technical matter. It is subject to the Protection of Privacy Law, 5741-1981, and the guidelines of the Privacy Protection Authority (PPA). A building owner who installs cameras enters a regulated domain, and non-compliance exposes him to liability. These are the practical principles I work by:

  • Visible, mandatory signage: a filmed area must be marked with clear, visible signage that notifies people they are entering a filmed area. Covert filming of the public is legally problematic. The signage is not a formality — it is part of the recording's legality.
  • Proportionality and placement: cameras are installed in public and operational areas — entrances, parking, lobby, corridors. They must not be aimed into a private area or into places with a reasonable expectation of privacy (restrooms, changing rooms). A camera that incidentally covers the window opening of a neighboring residential apartment is a direct legal exposure.
  • A defined, limited purpose: the footage is collected for security and safety purposes only — not for monitoring employees, not for any purpose outside this boundary.
  • Retention for a reasonable time only: recordings must not be kept forever. They are kept for a reasonable, proportionate period derived from the security purpose, after which they are cyclically deleted. Prolonged retention beyond what's needed is a privacy problem in itself.
  • Controlled, documented access: only authorized officeholders access the recordings. Access is documented. Transferring footage to a third party — including the police — is done by procedure and not at the discretion of a casual guard.
  • Securing the system itself: a recorder with a default password that wasn't changed, or connected to the internet without protection, is a back door to the entire building. Changing default passwords, restricting remote access, and periodic firmware updates are part of maintenance — not an option.

Combining an effective system with compliance with privacy obligations is exactly the kind of consideration that should arise already in the building's security risk survey — not something you're dragged into after a formal complaint is filed.

The real value — beyond "because we have to"

It's easy to see cameras and access control as an imposed expense. In practice they return real value on several levels:

  • Deterrence: a visible presence of cameras and access control reduces incidents in the first place — keeping out impostors, reducing vandalism, and protecting cleaning and security staff from false accusations.
  • Evidence that settles arguments: when an incident happens — theft, damage, an accident, a dispute between tenants — a clear recording and an entry log turn an argument into a fact. I saw a dispute between two tenants over damage to a vehicle in the parking garage settled within ten minutes because there was a clear recording — no lawyers, no unnecessary insurance premiums.
  • Reducing legal exposure: a building that documents what happens in it and controls who enters reduces its exposure to lawsuits. Proof that you took reasonable security measures is a substantial defense.
  • Cleaner day-to-day operations: access control eliminates the headache of changing locks at every tenant turnover, and allows permissions to be managed from a single screen — including immediate revocation on the day the tenant leaves.

But all this value is conditioned on one thing: that the system actually works at the moment of truth. And that comes back to the same point — a security system is worth exactly as much as its last check proved. Without proactive maintenance, you're paying for a feeling of security, not for security.

The bottom line for the building manager

Security cameras and access control are not "install and forget" equipment. They are the only system in the building whose fault is silent and invisible — and so they demand the highest discipline of documented periodic testing.

Three things every building manager must do:

  1. Bring the security systems into the preventive-maintenance schedule — with dates, performer names and documented findings, exactly like every other system in the building.
  2. Make sure the intercom, access control and CCTV work as one chain — not as components checked separately.
  3. Close the privacy corner — visible signage, proportionate placement, controlled access, and retention for a reasonable time under the Protection of Privacy Law.

Frequently asked questions

How often should the security cameras in an office building be checked?

It's recommended to perform a frequent, short check (weekly to biweekly) that includes a pass over the monitor wall and verifying that recording is actually running — not just displaying a live image. In addition, an in-depth periodic check (monthly to quarterly) that includes cleaning lenses, testing night vision, pulling a sample recording segment to actually view, and verifying the retention period. A security system breaks down quietly — you don't wait for a complaint, you check proactively.

What is the difference between security cameras (CCTV) and access control?

The CCTV system (closed-circuit television) records what happens and serves as evidence after the fact. Access control decides who enters and when, blocks strangers in real time and produces an entry log that lets you know who was where. The first is documentation, the second is prevention and control. A well-managed building uses both as one chain together with the intercom.

Is signage for security cameras mandatory in a building in Israel?

Yes. Placing cameras in Israel is subject to the Protection of Privacy Law, 5741-1981, and the guidelines of the Privacy Protection Authority. One of the central requirements is visible, clear signage that informs people they are entering a filmed area. Covert filming of the public is legally problematic. The signage is not merely a formality — it is part of the recording's legality.

How long may security-camera recordings be kept under the law?

Under the Protection of Privacy Law and the principles of the Privacy Protection Authority, recordings must not be kept indefinitely. They are kept for a reasonable, proportionate period derived from the security purpose, after which they are cyclically deleted. Prolonged retention beyond what's needed is a privacy problem in itself. It's also important to ensure that adding cameras to the same recorder hasn't shortened the actual retention window without your noticing.

What is the risk if a security camera wasn't checked and it turns out it didn't record?

A camera that wasn't checked is worthless precisely when you need it. If an incident occurred — theft, damage, an accident or a dispute between tenants — and it turns out the disk filled up, the channel dropped, or the recorder was in a silent error — there's no evidence. Without evidence, you can't identify who's responsible, prove presence or absence, or defend the building against a lawsuit. This is why proactive, documented testing is an integral part of responsible asset management.

What should you check in the integration between security cameras, the intercom and access control?

You must ensure the intercom rings to the correct recipient and there is clear hearing in both directions; that pressing the release opens the door within a reasonable timing and that the door closes and locks behind it; that the entrance camera covers the face at real head height and not from a wrong angle; and that in an emergency the doors behave as required — some open for evacuation, others stay locked for security. Emergency behavior must undergo periodic drilling and not rely on assumptions.

A question about the platform?

Reach out directly to Andrey Kozakov, founder of Domera and a building manager.

Contact