University Policies

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Unknown User (kanchia1)

Saved on

compared with

New Version 5

changes.mady.by.user Unknown User (kanchia1)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Access Control - The use of computer-controlled entry and locking devices to limit and log access to areas of a physical facility, usually by means of a digitally-enclosed identification card or biometric device.
  2. Information Technology Security Board (ITSB) - A unified effort jointly managed by the Chief Information Officer and the Chief Information Security Officer, working closely with Risk Management, Network and System Service (NSS), Public Safety, Facilities Services, and other University units, as warranted. The ITSB governs technical and operational security solutions specific to the University's needs. The ITSB will recommend security measures compliant with this policy, and security best practices.
  3. Security Control Owner – The Department, Dean, or VP who is responsible for the area that is being secured by a camera and/or control access system.
  4. Video Surveillance - The use of image capture, processing, transmission and storage equipment for authorized monitoring of public areas. This includes full-motion and still images, use of network transmission capacity, and digital storage and retrieval software. Audio recording is specifically excluded from this definition.

V. REFERENCES 

  1. Rowan University Information Security Policy(Need Hyperlink) 

POLICY

  1. Rowan University is committed to enhancing the quality of life of the campus community by integrating the best practices of safety and security with technology. A critical component of a comprehensive security plan is the utilization of physical security (including access control and camera systems) and information security. The access control and surveillance of public areas is intended to deter crime and assist in protecting the safety and property of the Rowan University communities. This policy addresses the university's safety and security needs while respecting and preserving individual privacy. 
  2. To ensure the protection of individual privacy rights in accordance with the university's core values and state and federal laws, this policy is adopted to formalize procedures for the installation of access control systems and surveillance equipment and the handling, viewing, retention, dissemination, and destruction of surveillance records.
  3. The University has the authority to select, coordinate, operate, manage, and monitor all campus access controls and security surveillance systems pursuant to this policy. All departments using access control or camera surveillance are responsible for implementing and complying with this policy in their respective operations. All existing uses of security access control or camera systems will be required to comply with the policy at a future date. A notification of the compliance date will be made 12 months in advance. Unapproved or nonconforming systems may need to be removed prior to the compliance date.
  4. Responsibilities
    1. Public Safety and the Information Security Office must review and approve any proposed or existing installation of video or access control security systems on properties owned, leased, or controlled by the University. All video and access control security systems must conform to federal and state law in addition to University policy. Video and access control security systems must conform to standards established by the ITSB so recorded data and log records are easily retrievable
    2. Except for the work counter where cashiering services are performed or money is exchanged during the regular course of business, video monitoring will not be used to view or record workstations, including private offices; desks or cubicles; classrooms or rooms where students and/or faculty commonly work, study or hold discussions; living areas; or other common-use areas where a reasonable expectation of privacy exists.
    3. Video and access control security records will not be used for purposes related to the routine evaluation of employee job performance, nor will they be used as a means to track employee attendance and/or as a timekeeping record. However, the University may use such records in support of disciplinary proceedings against faculty, staff, or student(s), or in a civil suit against person(s) whose activities are shown on the recording and are relevant to the suit.
    4. Nothing in this policy shall be interpreted to prevent the use of video monitoring or surveillance in connection with an active criminal investigation or specific court order.
    5. Any person who tampers with or destroys a camera or access control system may be prosecuted in the criminal justice system as well as the campus judicial system.
  5. Operational Considerations
    1. Video and access control system review or monitoring for security purposes will be conducted in a professional, ethical, and legal manner. Personnel involved in video review or monitoring will be appropriately trained and supervised in the responsible use of this technology
    2. The focus of cameras used in video surveillance will not cover areas where there is an expectation of privacy. This does not preclude monitoring the exterior of buildings, building lobbies, parking lots, roadways, or public areas.
    3. All recording or monitoring of activities of individuals or groups by university security cameras and access control systems will be conducted in a manner consistent with university policies, state and federal laws, and will not be based on the subjects' personal characteristics, including age, color, disability, gender, national origin, race, religion, sexual orientation, or other protected characteristics. Furthermore, all recording or monitoring will be conducted in a professional, ethical, and legal manner. All personnel with access to university security cameras or access control systems should be trained in the effective, legal, and ethical use of monitoring equipment. In addition they will receive a copy of the Video Surveillance & Access Control Policy and will provide written acknowledgement that they have read and understood it. Failure to provide written acknowledgement does not excuse violation of the policy.
    4. University security cameras and access control systems may not be monitored continuously under normal operating conditions but may be monitored for legitimate safety and security purposes that include, but are not limited to, the following: high risk areas, restricted access areas/locations, in response to an alarm, special events, and specific investigations authorized by Public Safety or the Information Security Office.
    5. Depending on the situation, the information obtained in violation of the Video Surveillance & Access Control Policy may or may not be used in a disciplinary proceeding against a member of the University's faculty, staff, or student population. It is not the intent of this policy to use video cameras for the monitoring of employees for disciplinary purposes, performance evaluation, or corrective action.
    6. All access to live or recorded camera and access control information shall be limited to authorized personnel only. The copying, duplicating and/or retransmission of this information must be authorized by Public Safety and the Information Security Office.
    7. Personnel are prohibited from using or disseminating information acquired from university access control or security cameras, except for official purposes. All information and/or observations made in the use of access control or security cameras are considered confidential and can only be used for official university and law enforcement purposes.
    8. The installation of "dummy" cameras that do not operate is prohibited. Unless being used for criminal investigations, all video camera installations should be visible.
  6. Placement of Camera
    1. The locations where cameras are installed may be restricted access sites such as a departmental computer lab; however, these locations are not places where a person has a reasonable expectation of privacy. Cameras will be located so that personal privacy is maximized.
    2. No audio shall be recorded except in areas where no one is routinely permitted. Requests to utilize audio surveillance that does not comply with this requirement will be evaluated on a case by case basis by Public Safety or the Information Security Office.
    3. Camera positions and views of residential housing shall be limited. The view of a residential housing facility must not violate the standard of a reasonable expectation of privacy.
    4. Unless the camera is being used for criminal investigations, monitoring by security cameras in the following locations is prohibited:
      1. Student dormitory rooms in the residence halls
      2. Bathrooms
      3. Locker rooms
      4. Offices
      5. Classrooms not used as a lab
  7. Storage and Retention of Recordings
    1. No attempt shall be made to alter any part of any surveillance recording or access control system. Access control and surveillance camera systems will be configured to prevent tampering with the transmission, storage, and duplication of recorded information.
    2. Access control or surveillance records shall not be stored by individual departments. All surveillance and access control records shall be stored in a secure university centralized location for a minimum of 30 days (or longer for sensitive data) and will then promptly be erased or written over, unless retained as part of a criminal investigation or court proceedings (criminal or civil). Individual departments shall not store video surveillance or access control information.
    3. A log shall be maintained of all instances of access to or use of surveillance and access control records. The log shall include the date and identification of the person or persons to whom access was granted
  8. Requests for Camera and Access Control Systems
    1. All requests for new cameras/access control systems must be submitted through the IT Acquisition Process with budget approval from the Department Head who is making the request. Once approved by the department head, the request must also be approved by Public Safety and the Information Security Office before the project can be started. Each new system must be assigned a Security Control Owner.
    2. All requests for changes to existing cameras/access control systems, and removal of cameras/access control systems must be approved by Public Safety and the Information Security Office in advance.
    3. All requests for individual user access to specific card access readers or security control areas must be approved by the Card Office or the designated "Security Control Owner"
    4. All requests, as defined in this policy, must be initiated through the IT Acquisition Process (for new installations) or the IRT Support Desk (for all other requests). There are three convenient ways to submit a request to the IRT Support Desk:
      1. On the Internet visit http://support.rowan.edu. Login with your network username and password. If you do not know your username or password go to http://www.rowan.edu/password to reset your password and retrieve your username.
      2. Send mail to support@rowan.edu.
      3. By telephone, if on campus call Extension 4400. If you are off campus dial 856.256.4400.
    5. All facility work orders for Cameras or Card Access Systems must not be started until the work is approved by Public Safety and the Information Security Office. Each work order must reference an approved IRT request ticket to ensure compliance with Audit requirements.
    6. All facility projects that include Cameras or Card Access Systems must be approved by Public Safety and the Information Security Office. Each project must reference an approved IRT request ticket to ensure compliance with Audit requirements. An IRT request ticket should be submitted once the final security design is completed. Any changes to the final security design must be approved in the same manner throughout the project lifecycle.
    7. All requests for "Administrator Access" must be reviewed and approved by the Information Security Office prior to any changes.
    8. All requests will be logged and tracked through the IRT request system initially to ensure compliance with Audit requirements. Once approved, requests can then be tracked though additional systems used by Facilities, the Card Office, Public Safety, and the Information Security Office as needed.
    9. The ITSB reserves the right to update the above request processes as needed to ensure compliance with this polic
  9. Exceptions
    1. This policy does not apply to cameras used for academic purposes. Cameras that are used for research would be governed by other policies involving animal or human subjects and are, therefore, excluded from this policy.
    2. This policy does not address the use of Webcams for general use by the university. This policy also does not apply to the use of video equipment for the recording of public performances or events, interviews, or other use for broadcast or educational purposes. Examples of such excluded activities would include video recording of athletic events for post-game review, video recording of concerts, plays, and lectures, or video recorded interviews of persons. Automated teller machines (ATMs), which may utilize cameras, are exempt from this policy.

...