Enhancing Visibility, Security, and Decision-Making Across Nationwide Branches

Executive Summary

In 2020, Bank Bukopin established a Centralized Command Center to monitor operations and security across its branches throughout Indonesia. The initiative addressed the challenges of fragmented CCTV systems, manual monitoring limitations, and the need for faster coordination—especially during the pandemic. The result: incident response time reduced by >40%, system availability above 99%, and operational efficiency gains through consolidated monitoring, video analytics, and automated incident management.

Background & Objectives

Challenges before 2020

CCTV and NVR systems across branches used varied brands and firmware, making centralized access difficult.
Incident escalation relied on phone/chat, with poor documentation and slow decision-making.
Limited onsite visits during the pandemic reduced control effectiveness.

Project Objectives

Provide centralized 24/7 monitoring of all branches (real-time & recorded).
Standardize security architecture and maintenance SLAs.
Deliver executive dashboards for operational and risk management.
Deploy video analytics (people counting, loitering, tamper detection) for proactive prevention.
Ensure compliance with banking regulations and information security standards.

Scope

Enterprise VMS Integration: Consolidation of CCTV streams across branches.
Video Wall & KVM over IP for operators, supervisors, and war room.
Secure Network: MPLS/VPN IPsec/SD-WAN with QoS for video traffic.
Identity & Access Management with SSO/AD and RBAC.
SIEM/Log Management for auditing and forensics.
ITSM Integration for ticketing, SLAs, and escalation.
Incident SOPs linking security, IT, and operations teams.

High-Level Technical Design

1) Branch Sites

IP cameras (1080p/4MP) + local NVR with edge recording (30–60 days retention).
PoE switches, CCTV VLAN separated from banking transaction network.
Health monitoring: ping, NVR CPU, storage capacity, camera status.

2) Network

Primary transport: MPLS/VPN.
Secondary transport: Internet broadband/4G/5G via IPsec tunnels (SD-WAN failover).
QoS: Sub-streams for live monitoring, main streams for playback/forensics.

3) Data Center (DC) & DRC

Clustered VMS (active/active) with automatic failover.
Tiered SAN/NAS storage (SSD + NL-SAS HDD) with WORM/immutability for evidence.
AD/LDAP + MFA for operator & auditor access.
SIEM integration for syslogs from VMS, firewalls, and endpoints.

4) Command Center Room

Video wall (3×4 panels, 55” each) with controller for multi-view.
Operator consoles: dual/triple monitors, KVM over IP for secure workstation access.
War room with tactical dashboard for executive decisions.

5) Application Integration

ITSM: automatic ticketing for offline cameras, storage alerts, or analytic triggers.
Notifications via email/SMS/WhatsApp for tiered escalation.
Executive dashboards: branch status, incidents, MTTR, retention compliance.

Security & Compliance

Network segmentation (VLAN/VRF), Zero Trust inter-zone access.
Encryption: TLS, SRTP/HTTPS for cameras, IPsec for inter-site.
RBAC: Operator, Supervisor, Auditor, Management.
Audit trail: login, view, export, delete; dual-approval for evidence export.
Immutable storage for legal evidence.
Backup & DR: DC→DRC replication; RPO ≤ 15 min, RTO ≤ 2 hrs.
Standards referenced: ISO/IEC 27001, device hardening, patch schedules.

Implementation Timeline (2020)

Phase 1 – Assessment & Standardization (4–6 weeks)

Inventory of cameras/NVRs, firmware, and network topology.
Define baselines: resolution, FPS, bitrate, retention, naming convention.
Produce High-Level and Low-Level Design.

Phase 2 – DC/DRC & Command Center Build (6–8 weeks)

Deploy VMS cluster, storage, video wall, operator consoles.
Integrate AD/MFA, SIEM, ITSM, notification systems.
Conduct failover and load tests.

Phase 3 – Branch Onboarding (8–12 weeks)

Pilot 5–10 diverse branches, then nationwide rollout.
QoS/bitrate tuning, firmware updates.
Operator training and SOP rollout.

Phase 4 – Go-Live & Optimization (Ongoing)

24/7 operations, weekly KPI reviews, continuous improvements.
Expansion of video analytics for business intelligence.

Key SOPs

Daily Monitoring: device health, storage capacity, retention compliance.
Incident Handling: alerts → auto-ticket → triage (P1–P3). P1 response: MTTA ≤ 10 min, MTTR ≤ 2 hrs.
Evidence Requests: case ID + supervisor approval → encrypted export + checksum.
Periodic Maintenance: firmware updates, semi-annual restore/DR drills.

Results & KPIs (2020–2021)

System uptime >99.5%.
MTTA reduced from ~45 min to <10 min; MTTR to <2 hrs.
False alarms reduced by ~30% via analytics.
OPEX savings from license consolidation and centralized operations.

Best Practice Recommendations

Use sub-streams (720p, 5–10 fps) for live monitoring; main stream only for investigations.
Apply standardized camera naming: BRANCH-ZONE-FLOOR-LOCATION-CAMERA.
Enforce role-based access (operators see public zones, sensitive zones restricted).
Implement immutable storage for legal evidence.
Deploy SD-WAN for bandwidth resiliency.
Maintain comprehensive as-built documentation.

Sample Bill of Materials (BoM) – Simplified

VMS servers (2–4 nodes) + enterprise VMS licenses.
Storage 300–800 TB effective.
Video wall controller, 12 × 55” panels.
KVM over IP (Tx/Rx) for 10–20 endpoints.
PoE switches (1G) at branch, 10G switches at DC, firewalls, SD-WAN routers.
IP cameras (domes/bullets/PTZ) + edge NVRs.
UPS/Racks for Command Center.

Conclusion

The 2020 Command Center deployment empowered Bank Bukopin with centralized control, faster incident response, and stronger compliance posture. A resilient, secure, and scalable architecture ensures long-term ROI and readiness for advanced analytics and business integration.

Banking Command Center CCTV Monitoring