Rule 3-234A: Building Access and Surveillance Systems

1. Administrative responsibility and funding for Building Access and Surveillance Systems.
2. Registration and Approval of Surveillance Systems
3. Key Systems

Purpose and Scope‌

1. Purpose.

   This Rule implements University Policy 3-234 Building Access and Surveillance Systems. The purposes of this Rule are to regulate the installation and operation of building access systems (including building key systems and electronic access and associated management interfaces), regulate the installation and operation of surveillance systems, and regulate the collection, storage, and use of surveillance data collected through system surveillance systems for University buildings and outdoor areas.

2. Scope.

   This Rule regulates building access systems and surveillance systems with a primarily fixed location at a University building or outdoor area.

‌Definitions‌

The definitions provided in Policy 3-234 apply for this rule.

‌Rule‌

1. ‌Administrative responsibility and funding for Building Access and Surveillance Systems.‌

   1. Administrative responsibility for systems.

      1. Departments operating surveillance systems registered with and approved by the Surveillance Systems Administrators Committee (SSAC) are responsible for the installation, management, maintenance, and use of surveillance software (which ordinarily will be carried out by the department’s designated Information Technology staff). And see Policy 3-234-III-B-2-b, prohibiting the operation of any system which has not been registered and approved, unless exempted.

      2. Each surveillance system monitoring activity in an area which has been designated by the DPS as a Public Safety Space will ordinarily be centrally managed, by the Campus Building Access Team.

   2. Funding of Systems.

      1. Initial acquisition and installation costs and renovations of both building access systems and surveillance systems are funded through various sources apart from ongoing operations and maintenance.

      2. After initial installation, the designated [Facility Steward] for a building ordinarily manages the operation and maintenance, and routine replacement of building access systems and surveillance systems for that building, funded through per-device fees and other fund allocations within the purview of the [Facility Steward].

      3. The Campus Building Access Team reviews actual costs and projections annually for the operations and maintenance of Electronic Access Control and Surveillance Systems and proposes fee adjustments. The Vice President for Administrative Services approves such adjustments.

      4. Devices providing electronic access or surveillance for areas designated as Public Safety Spaces, and other areas ordinarily used by the general public, are funded from the General Fund. Other devices are funded by the department using those devices. Departments are responsible for damage and costs resulting from unauthorized installations.

2. ‌Registration and Approval of Surveillance Systems.‌

   1. The following exemptions from the otherwise applicable surveillance system registration requirements of Policy 3-234-III- are hereby granted.

      1. Clinical Patient Care.

         1. Monitoring patients under medical care by authorized medical professionals.

      2. Human Subject Research.

         1. Research authorized by the Institutional Review Board for Human Subject Research.

      3. Teaching and Learning.

         1. Recording for instructional purposes as part of an approved University of Utah course, under supervision of the course instructor.

      4. Video Conferencing.

         1. Meetings conducted through electronic devices where all parties are aware of being recorded.

      5. Personal Communication Devices (i.e., smart phones) and others, as specified by the SSAC.

3. ‌Key Systems.‌

   1. A key system consists of mechanical locks and keys, including master keys.

   2. Each building key system for a University facility must meet campus design standards and be approved by the applicable Facility Steward.

   3. Initial key systems, including keys for the initial set of authorized users, are ordinarily provided in conjunction with the construction or renovation project, with costs for the keys included in the project costs.

   4. Replacements for lost keys are provided by the Campus Building Access Team, with replacement costs billed to the requesting department. Replacements for broken or faulty keys which are returned are replaced at no cost to the requesting department.

   5. If a University-owned or -occupied facility has been identified as a “security risk” such that changing locks becomes necessary, then the building occupant responsible for the risk is liable for the resulting costs. The SSAC, along with input from Risk Management and Property Accounting, will determine whether a facility is such a security risk. Considerations in this determination may include, but are not limited to:

      1. number or type of keys unaccounted for or lost;

      2. theft or vandalism risk;

      3. life safety concerns;

      4. sensitive, technical, proprietary, or high-value equipment.

   6. Departments are required to account for keys annually, or as requested by the Campus Building Access Team or the Department of Public Safety.

   7. Departments are responsible for returning keys when access is no longer required.

   8. All key users (persons to whom any key is issued) must be approved by an Approving Officer (as defined in Policy 3-234) or their designee.

   9. Prior to authorizing keys, an Approving Officer or designee must have completed the University-authorized access security training within the past two years.

   10. Master keys are issued to individuals only upon receiving the appropriate authorization. The level of required authorization is based on the type of master key, as follows:

       1. Master keys covering multiple buildings and/or electronic access override keys, Surveillance System Administrators Committee (SSAC)

       2. Building master for multi-department building, cognizant vice president for each department.

       3. Building master for single department building and/or department master within multi-department building, Approving Officer

       4. Other keys (building entrances, department sub-master, offices etc.), Approving Office or authorized representative.

          ---

          Sections IV- VII are for user information and are not subject to the approval of the Academic Senate or the Board of Trustees. The Institutional Policy Committee, the Policy Owner, or the Policy Officer may update these sections at any time.

          ---

‌Policies/ Rules, Procedures, Guidelines, Forms and other Related Resources‌

1. Policies/ Rules.

   1. Policy 3-234: Building Access and Surveillance Systems

2. Procedures, Guidelines, and Forms. [ reserved ]

3. Other Related Resources. [ reserved ]

‌References‌

1. [ reserved ]

‌Contacts‌

The designated contact officials for this regulation are:

1. Policy Owner(s) (primary contact person for questions and advice):

   1. Systems: Executive Director of Facilities Management

   2. Data: Chief of Police

2. Policy Officer(s): Vice President for Administrative Services

   See Rule 1-001 for information about the roles and authority of policy owners and policy officers.

‌History‌

Revision History.

1. Current version. Revision 0.

   1. Approved by the Academic Senate on January 7, 2019, and the Board of Trustees on March 12, 2019 with effective date of March 12, 2019.

   2. Legislative History

   3. Editorial Revisions

2. Previous versions.

3. Renumbering

   1. Not applicable.