Policy AD65 ELECTRONIC SECURITY AND ACCESS SYSTEMS

Policy Steward: Vice President for Administration

Contents:

  • Purpose
  • Scope
  • Policy
  • Definitions
  • Descriptions of Electronics Security Systems
  • Electronic Security System Standards
  • Approvals
  • Responsibilities
  • Fiscal Responsibility
  • A.C.E.S. (Access Controls and Electronic Security Programs)
  • University Police
  • Environmental Health and Safety
  • Budget Executives
  • Security Assessment Team
  • Electronic Security Systems Committee
  • Design and Construction
  • Archiving of Electronic Security System Information
  • Access to Electronic Security System Information
  • Policy Review
  • Further Information
  • Cross References

  • PURPOSE:

    To promulgate policies, practices, and protocols governing assessment of physical security needs, as well as the design, specification, installation, testing, acceptance, maintenance, and operation of electronic security systems within or around the campuses and facilities of The Pennsylvania State University.

    SCOPE:

    This policy applies to all facilities owned, leased and/or under the control of The Pennsylvania State University excluding Hershey Medical Center, the College of Medicine, and the Pennsylvania College of Technology.  In general, this does not apply to environmental and life-safety systems.

    POLICY:

    It is the policy of The Pennsylvania State University to preserve an open access environment for students, faculty, staff, and the general community while facilitating safety and security by establishing and maintaining standards for electronic security and access control. To that end, standards and procedures, as established by this policy, shall be implemented for all new construction or facility alterations, for access to electronic security information including surveillance and electronically stored information, and for all applicable safety and security enhancements. Integration with the central access control, alarm monitoring, and surveillance systems is mandatory for all installed electronic physical security technology. All access control systems installed shall be functionally compatible with the University ID card.

    DEFINITIONS:

    Access Control Systems: electronic systems that use a code, card, device or biological characteristic of an individual as the basis for determining authorization to enter or exit a facility, or an area within a facility.

    Security Alarm Systems: all electronic systems installed for the purpose of monitoring, signaling, and reporting the condition (status) of interior/exterior spaces or objects.

    Duress Alarm Systems:  all electronic devices installed to actuate and transmit a “silent” alarm signal to University Police and/or other designed police or security agency.  Duress alarm systems are installed in areas where the risk of personal confrontation is heightened because of the nature of the work unit’s business and/or other environmental factors.

    Hold-up Alarm Systems: all electronic devices installed to actuate and transmit a “silent” alarm signal to University Police and/or other designated police or security agency.  Hold-up alarms are installed in areas where the risk of robbery is heightened because of the nature of the work unit’s business and/or environmental factors.

    Certificate of Fitness:  certification substantiating the successful completion of training on the proper use of duress and hold-up alarm devices/systems in an individual's work area.  For more information, refer to the “Approval” section below.

    A.C.E.S. (Access Controls and Electronic Security Programs): a unit within the University, whose mission is "to provide professional security services (including fire alarm protection) to The Pennsylvania State University community, consistent with the University’s mission, culture, and resources in order to facilitate a safe and secure campus environment.” For more information, refer to the "Responsibilities" section, below.

    Video Surveillance Systems: any video security equipment installed for viewing and/or recording video images for facilitating deterrence, detection, documentation, and/or remote observation.

    Security Assessment Team (S.A.T.): A unified effort jointly managed by A.C.E.S. and University Police, working closely with Risk Management and other University units, as warranted. The S.A.T. identifies potential vulnerabilities and recommends integrated technical and operational security solutions specific to the customer’s situational needs.  The S.A.T. will recommend security measures compliant with this policy, the University’s Strategic Security Plan (SSP), and security best practices.

    A.C.A.M.S.:  Access controls, alarm monitoring, and surveillance.

    DESCRIPTIONS OF ELECTRONIC SECURITY SYSTEMS:

    All electronic security systems within the scope of this policy fall into three sub-system categories--access control, security alarms and video surveillance (A.C.A.M.S.). The published Electronic Security System Technical Guide specifications, which are referenced in this policy, define the mandatory architecture for each of these distinct systems to which all proposed systems must comply. The goal of this program is to develop and implement technically and operationally integrated security systems, enterprise-wide.  Wherever possible, proposed installations shall be integrated with other sub-systems or be consistent with their eventual integration.

    ELECTRONIC SECURITY SYSTEM STANDARDS:

    Electronic Security System Technical Guide Specifications

    A.C.E.S., in conjunction with the Electronic Security Systems Committee and Office of Physical Plant Design and Construction, publishes and maintains standards and requirements for the application, design, installation and maintenance of electronic access controls, video surveillance, and security alarm systems. Click here to view those those standards and requirements.

    Five Categories of Security Standards

    All University facilities shall be assigned to one or more of five categories.  The S.A.T., in conjunction with customers, Design and Construction, and Risk Management, shall determine the security category to be assigned to a facility or an area(s) within a facility.

    Category I Security Standards:  Facility Perimeter

    Applies to “University’s standard Educational and General Purpose buildings, with no unusual vulnerabilities noted.”

    The following electronic security and access systems are required for this facility type:

    Note:  Only mechanical access measures (non-electronic) may be required for some facilities as defined by the S.A.T. (policy reference:  SY19).

     

    Category II Security Standards:  Facility Perimeter and Selected Interior Spaces

    Applies to “University’s facilities which have particularly sensitive information, other University special business or regulatory requirements, and/or high-value asset exposures.”

    The following electronic security and access systems are required for this facility type:

    Category II Security:  Possible Interior Security Measures

    • May include alarm protection of interior spaces
    • May include electronic access controls of selected interior spaces
    • May include surveillance of selected interior spaces
    • May include assistance phones

     

    Category III Security Standards:  Private Residences, Hotels, and University Facilities Providing Sleeping Accommodations

    Applies to “University’s facilities with private residences, hotels, and those with sleeping accommodations.”

    The following electronic security and access systems are required for this facility type:

    Category III Security:  Possible Interior Security Measures

    • May include alarm protection of interior spaces
    • May include electronic access controls of selected interior spaces
    • May include surveillance of selected interior spaces
    • May include assistance phones

     

    Category IV Security Standards:  Security Sensitive Facilities/Areas

    Applies to “University’s facilities which pose special (inherent) risks to facility users, the University community, and/or the general public due to the nature of their special events, research activities, materials stored/handled or other unique facility conditions which may exist.”

    Category IV security standards include the electronic security and access systems required for Category I and II facilities (i.e., facility perimeter and interior space coverage), as well as:

     

    Category V Security Standards:  Exterior Common Areas

    Applies to “University’s exterior common areas, traffic ways, and parking facilities used as travel pathways or gathering places.”

    Based on a site-specific assessment by the S.A.T., there may be a need for:

    NOTE:   All new construction or facility alterations, at a minimum, shall include the following:

    1. At least one public entrance door shall be access controlled with a card reader which utilizes the University ID card.
    2. All exterior doors used for ingress shall include electronic locking and unlocking capability.
    3. All exterior doors, exclusive of numbers 1 and 2 above shall require status monitoring (door/latch position) via the access system.
    4. Perimeter entrance doors equipped with card readers shall be monitored by video surveillance cameras for ingress/egress.

    APPROVALS:

    RESPONSIBILITIES:

    Fiscal Responsibility:

    Fiscal responsibility is detailed in the Strategic Security Plan (SSP) and is administered through the Strategic Security Program and related policies established by the Electronic Security Systems Committee, the S.A.T., and the A.C.E.S. group as approved by the Senior Vice President for Finance and Business.

    A.C.E.S. (Access Controls & Electronic Security Programs)

    • Primary responsibility for implementing and managing the Strategic Security Plan (SSP) and this policy, University-wide. 
    • Manages day-to-day security operational needs and provides the leadership for the long-term implementation, support, and success of the SSP University-wide.
    • Maintains and chairs the Electronic Security Systems Committee. The Electronic Security Systems Committee shall include representation from University Police, the Office of Physical Plant, ITS, and Auxiliary and Business Services. Additional committee members may be appointed as deemed appropriate by the permanent committee.
    • Reviews and approves all proposed electronic security systems falling under the provisions of this policy.
    • Ensures ongoing operation and maintenance of installed systems and makes recommendations regarding long-term replacement.
    • Establishes and maintains Design and Construction Standards for electronic security systems.
    • Co-manages the S.A.T. with University Police.

    University Police:

    Environmental Health and Safety:

    Budget Executives:

    Security Assessment Team:

    Electronic Security Systems Committee:

    Design and Construction:

    ARCHIVING OF ELECTRONIC SECURITY SYSTEM INFORMATION:

    Electronic security system data shall be archived consistent with the operational needs and technical resources of the University.  In any event, for new installations, access control and security alarm information shall be maintained for a minimum of six (6) months.  Video surveillance information shall be maintained for a minimum of thirty (30) days.

    Security sensitive facilities may store electronic security system information for one (1) year or longer depending upon site-specific requirements.  For any facility desiring to archive and retain electronic security system information for greater than one (1) year shall submit a written proposal to the S.A.T. and the University’s Chief Privacy Officer detailing the proposed archiving and retention procedures, as well as the circumstances warranting such extended retention periods.

    ACCESS TO ELECTRONIC SECURITY SYSTEM INFORMATION

    Access by University units and individuals to information gathered, processed, and archived through electronic security systems shall occur only under the following conditions:
    Entity
    Access
    Purpose
    University Police Authorized personnel only Review, investigation, investigation support
    A.C.E.S. Authorized personnel only

    Review, investigation
    support

    Risk Management Authorized personnel only Review, investigation support
    Chief Privacy Officer Authorized personnel only Review, investigation support
    Human Resources Must request through University Police Review, investigation, investigation support
    Police/Law Enforcement Agency (external to University Police) Must request through University Police or Court Order Review, investigation, investigation support
    Individuals in Category IV Security Standard Facilities Authorized personnel only Review
    Any individual Must request through University Police or Court Order Review

    POLICY REVIEW:

    This policy shall be reviewed on an as-needed basis, but in any event, at least every five (5) years.  The policy steward and the Electronic Security Systems Committee shall be responsible for completing the review of this policy.

    FURTHER INFORMATION:

    For questions, additional detail, or to request changes to this policy, please contact University Police & Public Safety.

    CROSS REFERENCES:

    Other policies and procedures may also be referenced, especially the following:

    AD20 - Computer and Network Security

    AD23 - Use of Institutional Data

    AD24 - Identification Cards for Faculty/Staff, Students, and Affiliates

    AD35 - University Archives and Records Management

    AD53 - Privacy Statement

    AD57 - General Regulations on Use of University Property

    AD68 - University Access Policy (formerly University Key Policy)

    Procedure SY2001, University Access: Clearance Keys and Access Devices; Authorization, Issue and Fees


    Effective Date: March 30, 2010
    Date Approved: March 29, 2010
    Date Published: March 30, 2010 (Editorial changes, January 29, 2014)

    Most recent changes:

    Revision History (and effective dates):

    | top of this policy | GURU policy menu | GURU policy search | GURU home | GURU Tech Support | Accessibility Statement | Penn State website |