NMSU Procedural Guidelines (Policy 2.64 - Security Cameras on University Premises)



Similar documents
Contra Costa Community College District Business Procedure SECURITY CAMERA OPERATING PROCEDURE

Surveillance Equipment

Computing and Network Use Policy

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

ST. CLOUD STATE UNIVERSITY INSTALLATION AND USE OF VIDEO SURVEILLANCE EQUIPMENT PROCEDURE. Purpose

M E M O R A N D U M. Revised Information Technology Security Procedures INFORMATION TECHNOLOGY SECURITY PROCEDURES. I. General

Camera Use. Policy Statement and Purpose. Table of Contents

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Information Security Policy

California State University, Sacramento INFORMATION SECURITY PROGRAM

University of Pennsylvania Handbook for Faculty and Academic Administrators 2015 Version

Virginia Commonwealth University School of Medicine Information Security Standard

Identity Theft Prevention Program (Approved by the Board of Trustees)

Acceptable Use Policy

STATE UNIVERSITY OF NEW YORK AT BROOKLYN DOWNSTATE MEDICAL CENTER COMPUTER and NETWORK USAGE POLICY I. INTRODUCTION

Network Security Policy

Chapter RECORDS MANAGEMENT Sections:

Valdosta Technical College. Information Security Plan

ACCESS, PRODUCTION AND RETENTION OF CITY RECORDS

OIPC Guidelines for Video Surveillance by Public Bodies in Newfoundland and Labrador, June 2015 ATIPPA, 2015 Criminal Code of Canada

Government records findings--recognition of public policy.

How To Protect Research Data From Being Compromised

Connecticut General Statutes, Boards of Education to prescribe rules

David Coble Internal Control Officer

Computer, Communication, and Network Technology Acceptable Use

College of DuPage Information Technology. Information Security Plan

PHI- Protected Health Information

Virginia Commonwealth University Information Security Standard

Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Use of ESF Computing and Network Resources

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Microsoft Online Subscription Agreement/Open Program License Agreement Business Associate Amendment Amendment ID MOS13

University of Maryland Baltimore Information Technology Acceptable Use Policy

Responsible Access and Use of Information Technology Resources and Services Policy

HIPAA Compliance Policies and Procedures. Privacy Standards:

Corporate Policy and Procedure

FRONTIER REGIONAL/UNION#38 SCHOOL DISTRICTS. Records Retention Policy for Electronic Correspondence

DEPARTMENTAL POLICY. Northwestern Memorial Hospital

United Cerebral Palsy of Greater Chicago Records and Information Management Policy and Procedures Manual, December 12, 2008

NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO TABLE OF CONTENTS

I. U.S. Government Privacy Laws

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information

Security Awareness Training Policy

Rowan University IT ACQUISITION POLICY

Network Security Policy

Federal Trade Commission Privacy Impact Assessment

Compliance and Industry Regulations

SAMPLE BUSINESS ASSOCIATE AGREEMENT

POLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same

ITS Policy Library Use of . Information Technologies & Services

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

Health Sciences Compliance Plan

Policy for the Acceptable Use of Information Technology Resources

Policy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors

University of Wisconsin-Madison Policy and Procedure

Responsible Use of Technology and Information Resources

SUBJECT: INFORMATION TECHNOLOGY RESOURCES I. PURPOSE

Contact: Henry Torres, (870)

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Montclair State University. HIPAA Security Policy

State HIPAA Security Policy State of Connecticut

ESI Incident Response Procedures 1

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

Index .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY

DATA SECURITY AGREEMENT. Addendum # to Contract #

Protection of Clients' Personal Health Information G & G LIVING CENTERS, INC.'s Privacy Practices

Document Title: System Administrator Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

Caldwell Community College and Technical Institute

PRINCIPLE IV: THE SOCIAL WORK AND SOCIAL SERVICE WORK RECORD

2/3/2015 DATA GOVERNANCE AND FERPA FOUR THINGS YOU CAN DO RIGHT NOW

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

HIPAA BUSINESS ASSOCIATE ADDENDUM

Rowan University Data Governance Policy

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Electronic Records Management Guidelines

Mobile Devices Security Policy

Cal Poly Information Security Program

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data;

Security Systems Surveillance Policy

Information Security Policy

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

PII Personally Identifiable Information Training and Fraud Prevention

Information Security Plan May 24, 2011

Information Security Policy

EXAMINATION OUTLINE FOR PRIVATE INVESTIGATORS

ARTICLE 10. INFORMATION TECHNOLOGY

Code No.: PS /09. Video Surveillance Procedures

Chronic Disease Management

Policy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:

Matrix Technical Support Mailer - 72 Procedure for Image Upload through Server in SATATYA DVR,NVR & HVR

Virginia Commonwealth University School of Medicine Information Security Standard

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements

CODE OF BUSINESS CONDUCT AND ETHICS

How To Use A College Computer System Safely

Transcription:

NMSU Procedural Guidelines (Policy 2.64 - Security Cameras on University Premises) A. NMSU Entities requesting security cameras will be required to follow the procedures outlined below. 1. Justification and Approval: Individual NMSU Entities desiring to install security camera equipment shall submit a written request to their appropriate unit administrator, dean or vice president describing the proposed location of security camera (s), justifying the proposed installation, as well as identifying the funding source for purchase and ongoing maintenance. (See Appendix 2-A - Security Camera Proposal & Justification Form). a. Upon approval by appropriate administrator, dean or vice president, the Security Camera Proposal & Justification Form will be submitted to the CIO for information purposes and maintain a copy on-site. b. The University s Chief Information Officer or designee is responsible to assure compliance with this policy and operating guidelines. 2. Installation: Installation of all networked security cameras should be coordinated through Networking Services to ensure they are on a secure network and access is restricted. a. All networked security cameras and related equipment should be configured to require proper authentication (user IDs and passwords) and not use default or common logins. b. Networking Services, Security Camera Coordinator and Facilities Services will collaborate to install network infrastructure to ensure all relating building codes are followed. c. When appropriate, installing department is encouraged to seek the assistance of the ICT Computer Systems function to ensure proper system setup, configuration and to clearly identify location of software i.e. PC or Server. 3. Signage: Signage for security cameras shall be placed conspicuously in areas with cameras, as determined by the Chief Information Officer and consistent with requirements of Policy 9.60, Wayfinding and Signage. 4. Training: a. Authorized personnel responsible for security cameras shall receive a copy of the security camera policy, procedures and provide written acknowledgement that they have read and understood the contents. (See Appendix B - Training Acknowledgment Form) b. Authorized personnel shall attend any meetings or trainings convened by the CIO. 5. Transitioning Security Cameras In Use Prior to Policy Effective Date: The use of existing security cameras shall comply with this policy requirements for professional, legal and ethical use. To the extent that existing equipment or software make it infeasible to comply with technical requirements, the NMSU Entities shall proposed a transition plan to the CIO explaining the steps needed for compliance and a proposed timeline. 6. Unit Level Camera Security Operations: a. Unit Level Protocols Required: NMSU Entities will need to Develop Security Camera Protocols: All NMSU Entities responsible for security cameras governed by this policy shall develop and maintain written policies and processes detailing operation of cameras and how tampering with, intercepting, or duplicating of recorded information will be prevented. Written protocols shall be no less stringent than those outlined in this policy. b. Inventory and Documentation: Each NMSU Entity shall maintain a master inventory and associated documentation of all existing and approved components to their security camera, including but not limited to equipment, software and authorizations received. Inventories must include but may not be limited to: i. Name of responsible person for security cameras and review/approval date; ii. Name and contact information of the person requesting the installation and/or approval of Page 1 of 5

the security camera; iii. List of authorized personnel and other members of management, by position and by name, who may be permitted access to the recorded images/information; iv. Purpose and justification for the proposed security camera, consistent with the permitted uses of this policy; v. Explanation of how the recorded information may be reviewed and/or used; vi. Measures that have been taken to minimize the impact on personal privacy; vii. Assertion that the planned installation and operation of the security camera system shall comply with applicable law and this policy; viii. Nature of the physical space in which the security camera will be placed, and a description of the types of activities reasonably likely to be captured on the recordings by the security camera; ix. Implementation details, including: physical location of installation, field of view of the camera(s), capabilities of the camera(s) (video, audio, pan, tilt, zoom, etc.) or microphone(s) that have been disabled, and the make and model of equipment and software; the location and the timing relating to storage and retention of the recorded information. c. Acknowledgement of Training and Compliance Requirements: All authorized personnel, and supervisors involved in security camera operations, including the review of recorded images, will perform their duties in accordance with this policy and any supplemental procedures which may be issued by the University s Chief Information Officer. They shall each indicate acceptance of this responsibility by signing the Security Camera Training Acknowledgment Form. d. Maintenance of Log for Security Camera Recordings Access or Use: A log shall be maintained of all instances of access to or use of security camera recordings. At a minimum, the log shall include the date and identification of the person or persons to whom access was granted. (See Appendix C Example Access Log Form) e. Prohibition of Tampering with Security Cameras: Security cameras shall be configured to prevent authorized personnel from altering or otherwise tampering with recorded information. Allegation of tampering with a security camera, software, or other instrument or documentation related to the administration of this policy will be treated seriously, investigated thoroughly and appropriate criminal, civil, or administration action taken. 7. Storage and Retention of Recordings: Recordings from all security cameras governed by this policy shall be stored by the individual NMSU Entities in accordance with the document retention requirements of the State of New Mexico, codified at NMAC 1.15.5 et seq, and also as directed by the NMSU Records Management and Retention Office, summarized below: a. All administrative records relating to the Security Cameras program initiative, including training materials generated or utilized by it, shall be retained until the information value ceases, and then shall be transferred to Library Archives and Special Collections for review for further disposition; b. Routinely recorded images shall be retained for a minimum of thirty (30) calendar days from the date of recording or creation. c. Excepted from this retention policy are security camera images and any other program maintenance information when related to a criminal investigation or civil administrative or legal proceeding, or other bona fide use approved by the NMSU Police Chief and University General Counsel. Page 2 of 5

New Mexico State University Security Camera Proposal & Justification Form Security Camera Proposal & Justification Form The purpose of this form is to document the need of a security camera and justify the business need and consideration of ongoing costs and ensure compliance with Policy 2.64 - Security Cameras on University Premises. Submitted Date: Department: College/Branch: Contact: Describe the business purpose, justification and location of security camera(s) (Provide all relating detail): Who will be responsible for coordination of Security Camera(s) (Security Camera Coordinator)? Funding: Funding source or sources for purchase of security camera(s) and installation costs: Index Fund Account Funding source or sources for ongoing maintenance: Index Fund Account Approvals: Dean or Vice President: Security Camera Review Committee: Print Name Yes No Signature Page 3 of 5

New Mexico State University Security Camera Training Acknowledgment Form Training Acknowledgment Form This Form is intended to define the responsibilities of those employees handling surveillance devices and related information, which are considered NMSU records that could contain sensitive or confidential information about students, employees, donors or other individuals, and to record his or her recognition and acceptance of that responsibility. New Mexico State University maintains the confidentiality and security of records in compliance with the Family Educational Rights and Privacy Act of 1974 (FERPA), the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), in addition to other federal and state laws. These laws pertain to the security and privacy of personal academic, medical and financial information, along with identifying information such as social security numbers, names and photographs (surveillance recordings could reveal/contain identifying information). Within NMSU, employees are authorized access to university records only to the extent necessary to perform their official university duties, and are responsible for protecting such information against unauthorized access or disclosure. Employee: Recognizing this responsibility, I agree to the following (please initial each line): I will access university records only as required to perform my assigned duties. I will store information under secure conditions and make every effort to ensure individual s privacy. I will not divulge, copy, release, sell, loan, review, alter or destroy records except as properly authorized by the appropriate university official within the scope of applicable state or federal laws, record retention schedules and internal policies. I will forward all requests for information via an open records request to the university s general counsel for guidance. I will not release information covered by these requests until instructed to by university s general counsel or my supervisor. I will not release information about students, staff or employees that was requested on the basis of non-public information (for example recordings, verbal talk, etc.) I have read the NMSU Security Camera Policy and Procedures and agree to comply with its provisions. I understand that failure to comply may result in disciplinary action, including termination of employment. Print Name Employee Signature/Date Page 4 of 5

Access Log Form New Mexico State University Access Log of Security Camera Records The purpose of this form is to provide an example of a log that should be maintained for all accesses to or use of security camera records and to ensure compliance with Policy 2.64 - Security Cameras on University Premises. No. Rec. Date Name Purpose 1. 2. 3. 4. 5. Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information