University Policies

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Rowan, James J.

Saved on

compared with

New Version 8

changes.mady.by.user Alburger, Katherine A

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Under the direction of the President, the Chief Information Officer, Assistant Vice President of Public Safety, and the Chief Director of Information Security Officer shall implement and ensure compliance with this policy. The Deans, Vice Presidents, and other members of management will implement this policy.

...

  1. Access Control - The use of computer-controlled entry and locking devices to limit and log access to areas of a physical facility, usually by means of a digitally-enclosed identification card or biometric device.
  2. Information Technology Security Board (ITSB) - A unified effort jointly managed by the Chief Information Officer and the Chief Director of Information Security Officer, working closely with Risk Management, Network and System Service (NSS), Public Safety, Facilities Services, and other University units, as warranted. The ITSB governs technical and operational security solutions specific to the University's needs. The ITSB will recommend security measures compliant with this policy, and security best practices.
  3. Security Control Owner – The Department, Dean, or VP who is responsible for the area that is being secured by a camera and/or control access system.
  4. Video Surveillance - The use of image capture, processing, transmission and storage equipment for authorized monitoring of public areas. This includes full-motion and still images, use of network transmission capacity, and digital storage and retrieval software. Audio recording is specifically excluded from this definition.

...

  1. GENERAL
    1. This Access Control Design and Construction standard applies to all new construction and renovation projects, as well as single device installations on the Rowan University campus, and any other location or campus subject to the University.
    2. This standard applies to employees, contractors, design professionals, and tradespeople involved in the design, procurement, or installation of electronic security devices or systems.
    3. The electronic security devices/systems encompass computers, network connections (including wireless), data transmissions, communication devices, multiple points of monitoring, interfacing controls, sensors, and actuators. Some functions may be supported locally as well as University-supported.
    4. For the purposes of this standard, electronic security systems or devices include:
      1. access control (wired and wireless)
      2. networked video surveillance
    5. Security and access control systems must be integrated with the University central systems unless an exemption has been granted.
      1. For Access Control and Video Surveillance systems: the Chief Director of Information Security Officer, Director of Network and System Service (NSS), Public Safety and Facilities Services shall be consulted during the initial design or planning, during schematic and construction design reviews, during construction if a scope change occurs or clarification is needed, and prior to building occupation, a signoff is required by all groups listed above
    6. Electronic security systems/devices are not to be connected by hardware, integrated by software, or otherwise interfaced with any other control systems (ex. Building Automation Control System) or life safety systems unless specifically required by code or approved by appropriate system owner and the Chief Director of Information Security Officer, Network and System Service (NSS), Public Safety and Facilities Services.
    7. Electronic security systems/devices planning should be incorporated into the overall building design. Physical security devices and measures, as well as electronic devices and connections, are to be considered at the same time as comfort, function, energy efficiency, maintainability, life safety, accessibility, environment, inspiration and any other primary feature attributed to a facility.
  2. QUALITY ASSURANCE
    1. The design of all security and/or access system installations shall be performed by a qualified individual, either licensed as a Professional Engineer or certified as a security professional. Consultant shall provide credentials to the Rowan University project manager upon request.
    2. The integrated security and/or access system including all equipment, components, and accessories shall be Underwriters Laboratories (UL) listed for this purpose.
    3. The Contractor providing the security and/or access system must be certified and licensed to install security and access control systems.
  3. SYSTEM DESIGN 
    1. For all renovations and new-construction projects, consultants shall engage the Chief Director of Information Security Officer, Network and System Service (NSS), Public Safety and Facilities Services.
    2. The following elements should be incorporated into the basis of all designs:
      1. Type of security or access system
      2. List applicable Codes and Standards
      3. Identify Building Occupancy Type
      4. Sequence of operation (especially when fire alarm and access control systems are interconnected)
      5. Wiring type
      6. Main equipment locations
      7. Special considerations (for example, when a facility houses animals or human remains
    3. Drawings and Specifications shall include all requirements for Submittals and for As-Built information. Submittals shall contain the following information:
      1. Product information for all installed components
      2. System diagram with typical equipment and device connection and labeling (a detailed connection diagram is not required until project completion)
      3. Wire schedule
      4. Battery stand-by calculations
      5. Special system requirements (interlocks with other systems, for example)
      6. System labeling materials and methods
      7. Surveillance system storage capacity calculation 
    4. Surveillance Camera Lay-out
      1. Place cameras near entrances and exits to school buildings
      2. Install surveillance for campus parking lots
      3. Mount cameras in at-risk areas such as poorly lit walking paths and locations where students and faculty might find themselves alone and defenseless
      4. Position cameras in campus stores, cashier offices, and other areas where money is exchanged
      5. Have proper video surveillance for sports facilities
      6. Monitor common areas such as stairways, lobbies
      7. Install security cameras at all residence hall

        Note: Typically we would recommend one interior camera per perimeter door, one interior camera per building lobby and perhaps one interior camera per elevator lobby. Special attention will be given to areas within the building that require special attention, but those could be handled on a case by case base.
        The exterior requirements will be flexible because each building is different and some may not require any coverage. However, if the building is adjacent to a student walkway, is isolated, or is used for student congregation, exterior cameras will be required to adequately monitor those areas 
  4. SUBMITTALS
    1. To ensure compliance with the intent of this standard, all system final designs and associated contract submittals shall be reviewed by the Chief Director of Information Security Officer, Network and System Service (NSS), Public Safety and Facilities Services.
    2. One (1) copy of each new project submittal shall be sent to the Chief Director of Information Security Officer, Network and System Service (NSS), Public Safety and Facilities Services for review and comment prior to releasing final approved submittals to the contractor
  5. SYSTEM DESCRIPTION
    1. Card Access Systems :Wired/Wireless: are comprised of card reader, door contacts, electric hinge or power transfer (wired systems), door strike, latch, reader interface module, interconnecting power and communication wiring, head-end intelligent system controller. All systems, unless exempted from University policy, are centrally monitored - transmitting data to and received by the Access Control System.
    2. Network Video Surveillance Systems :Wired/Wireless: are comprised of IP-enabled cameras, interconnecting power and communication wiring via POE (power over Ethernet). Cameras must be connected to a POE-enabled switch with ports enable on the appropriate security VLAN unless approved by the Chief Director of Information Security Officer and/or Network and System Service (NSS). All systems, unless exempted from University policy, are capable of being centrally monitored - transmitting data to and received by the Video Management Systems.
  6. PRODUCTS
    1. Manufacturers
      1. All equipment must be designed with open system architecture.
      2. All systems and infrastructure components that support the video surveillance and access control systems shall be equipped with battery backup in the event of a power failure and capable of operating for a minimum of 8 hours.
      3. All system components installed must be compliant with a current version of this standards document, defined as any version of this document valid within 120 days of installation of the system. Requests for the current version of the standard can be submitted to support@rowan.edu.

      4. Subject to compliance with requirements, provide products by one of the following

        Note: All non-standard existing security access control or camera systems will be required to comply with this standard at a future date.

        Description

        Manufacture

        Where deployed (if known)

        Standard or Non-Standard

        Access Control Software

        RS2
        https://rs2tech.com

        SOM deployed, applies to all future deployments of any size

        Standard

        Access Control Panel/Microprocessor Hardware

        Mercury
        http://www.mercury-security.com/

        SOM deployed, applies to all future deployments of any size.

        Standard

        Video Management System/Software (VMS)
        Enterprise Level Only

        Exacqvision
        https://exacq.com

        For all Rowan locations

        Proposed New Standard

        Video Surveillance Camera – (Indoor) Individual scenario will dictate what model camera should be used

        AXIS, Sony, and Arecont Vision
        www.axis.com
        https://pro.sony.com/bbsc/ssr/mkt-security/
        www.arecontvision.com

        For all Rowan locations

        Proposed New Standard

        Video Surveillance Camera – (Outdoor) Individual scenario will dictate what model camera should be used

        AXIS, Sony, and Arecont
        www.axis.com
        https://pro.sony.com/bbsc/ssr/mkt-security/
        www.arecontvision.com

        For all Rowan locations

        Proposed New Standard

        Video Management System/Software (VMS)

        Exacqvision
        https://exacq.com
        See section entitled "Video Management System Environment" for software licensing and configuration details.

        For all Rowan locations

        Proposed New Standard

        Management System Hardware

        See section entitled "Video Management System Environment" for software licensing and configuration details.

        For all Rowan locations

        Currently used as Standard

        Intelligent Locksets.

        Sargent (wireless and online types only)
        http://www.sargentlock.com/products/ product_landing.php?item_id=1589

        For selected Rowan Locations. (Request assistance from office of Director of

        CISO

        Information Security prior to selecting appropriate intelligent locks)

        Proposed New Standard

        Intelligent Locksets

        Allegion (Wireless and Wired types)
        www.allegion.com

        For selected Rowan Locations. (Request assistance from office of Director of

        CISO

        Information Security prior to selecting appropriate intelligent locks)

        Proposed New Standard

        Intelligent Locksets

        Salto (Sallis and CVN)
        http://www.salto.us/

        For selected Rowan Locations. (Request assistance from office of Director of

        CISO

        Information Security prior to selecting appropriate intelligent locks)

        Proposed New Standard

        Access Control Card Readers

        Allegion MT series

        For all Rowan Locations

        Standard

        Video Surveillance Manager (VMS)

        Cisco

        Camden, Glassboro residential spaces

        Non-Standard

        Video Surveillance Camera

        Cisco (Pelco)

        Camden, Glassboro residential spaces

        Non-Standard

        Access Control for entry doors, elevators, stairwells, etc.

        Blackboard

        Camden (Medical school), Glassboro (CGCE)

        Non-Standard

        Video Surveillance Camera - Advidia
        (A-44-IR)

        Advidia

        CGCE

        Non-Standard

        Video Surveillance Camera - Elevator camera (ELV-650)

        Advidia

        CGCE

        Non-Standard

        Video Surveillance Camera - ACTi (KCM-7911)

        Act-I

        CGCE

        Non-Standard

        Video Management System/Software (VMS)

        Video Insight

        CGCE

        Non-Standard

        Video Surveillance Camera – Access P3367

        Access

        Glassboro residential locations

        Non-Standard

        Video Surveillance Camera – Access 216

        Access

        Glassboro residential locations

        Non-Standard

        Video Surveillance Camera – Access PIZ

        Access

        Glassboro residential locations

        Non-Standard

    2. Video Management System Hardwar
      The security integrator shall provide all required software for at least one recording server, one Enterprise Management Server and at least one fail-over server as follows. All server hardware (excepting the EMS server) will be provided by the integrator, and will be installed in a main campus datacenter by the integrator in coordination with the Information Security Office (ISO) and Network and System Services:
      1. The VMS Recording server hardware will meet the following minimum requirements:
        1. Required Server Model: HP DL380 G9
        2. Intel Xeon 8-core x 20MB Cache (minimum)
        3. 64 GB RAM
        4. NIC: 4x1000 Mbps
        5. Redundant Power Supplies
        6. Windows Server 2012 Enterprise
        7. Four post rack mounting kit
        8. Storage:
          1. Minimum 20TB raw storage
          2. Minimum two hot spare drives
          3. Sufficient storage to meet retention requirements with all cameras recording at their highest available resolution at 10 FPS based on 50% motion for indoor cameras and 24/7 recording for outdoor cameras.
          4. Storage calculation should include 30 day retention requirement for non-clinical areas, 90 day retention requirement for clinical areas.
          5. No drive larger than 4TB. No drive smaller than 3TB.
          6. Storage calculations, including RAID and hot spare overhead as well as disk usage per day per camera based on the above specifications, must be included in all proposal submittals.
          7. Dedicated operating system partition of 60GB (minimum)
        9. If storage requirement exceeds the capacity of a DL 380 G9 multiple servers may be necessary.
        10. Enterprise Level Video Management software for serve
        11. Four year next business day warranty direct from HP
        12. Professional series camera software licenses for each connected camera/device. Provide 10% spare licenses above quantity required for project.
        13. Three year software support agreement to cover upgrades
      2. The Failover VMS Recording server hardware will meet the following minimum requirements:
        1. Required Server Model: HP DL380 G9
        2. Intel Xeon 8-core x 20MB Cache (minimum)
        3. 64 GB RAM
        4. NIC: 4x1000 Mbps
        5. Redundant Power Supplies
        6. Windows Server 2012 Enterprise
        7. Four post rack mounting kit
        8. Storage:
          1. Minimum 20TB raw storage
          2. Minimum two hot spare drives
          3. Sufficient storage to meet retention requirements with all cameras recording at their highest available resolution at 10 FPS based on 50% motion for indoor cameras and 24/7 recording for outdoor cameras.
          4. Total usable storage capacity after RAID and hot spare overhead must provide 7 (seven) days retention for all cameras the system is intended to provide failover for.
          5. No drive larger than 4TB. No drive smaller than 3TB.
          6. Storage calculations, including RAID and hot spare overhead as well as disk usage per day per camera based on the above specifications, must be included in all proposal submittals.
          7. Dedicated operating system partition of 60GB (minimum).
        9. If storage requirement exceeds the capacity of a DL 380 G9 multiple servers may be necessary.
        10. Enterprise Level Video Management software for server
        11. Four year next business day warranty direct from HP
        12. Professional series camera software failover licenses for each connected camera/device. Provide 10% spare licenses above quantity required for project.
        13. Three year software support agreement to cover upgrades
      3. Enterprise System Manage
        1. License for Enterprise System Failover (EVESM)
        2. Three year software support agreement to cover upgrades.
        3. Server environment for ESM will be provided by the University
      4. System Operation and Performance
        1. System operation and performance should include, but not be limited to, the following features
          1. Proper activation of door hardware when a valid credential is presented
          2. Appropriate shunting of the alarm upon exit from secured space
          3. Video signal being transmitted over IP
          4. Alarm initiation
          5. Trouble initiation
          6. Activation of alarm notification
          7. Activation of trouble notification
          8. Total supervision, monitoring of abnormal conditions in the system
          9. Activation of off-premise signals that are sent to the VMS via the Access Control System or Ethernet

...