I'm doing some work around this with a city council whose city centre CCTV systems are all IP and digitally recorded, I know very little about the systems themselves, but am dealing with the environment and infrastructure where the images are stored back at the data centre. I know that in terms of comms, private links are used to each camera cluster as opposed to having data traversing the internet, this is where you are most likely to get "insubmissable in court".
You need to be able to demonstrate to the court that the integrity of that data could not have been compromised, through compliance with auditable procedures around security of that data
- Access control over who has electroinc access, user accounts, two factor authentication, etc
- Have the platform regularly pen tested and close any holes found that could allow unauthorised electronic access internally or externally (ie: Hackers)
- Use robust encryption whenever the data leaves the authorities control, ie: tape backup stored offsite, traversing the internet, etc
- Ensure physical security for the platform, ie: located in a caged area in a secured data centre, with controlled personnel access, cctv, etc.