POLICY CONCEPT FORM. Krista Dillon Director of Operations, Safety and Risk Services Security- Physical Space and Environment

Similar documents
Number: USF System Emergency Management Responsible Office: Administrative Services

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Information Security Incident Response Plan

NASA Policy Directive

Security Surveillance Camera and Video Policy

Information Security Incident Response Plan

Select Agents and Toxins Security Plan Template

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

Making YOUR Organization More Efficient and Effective Through Business Continuity / Continuity of Operations Planning

DETAILED POLICY STATEMENT

COLUMBUS CENTER SPACE POLICY

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Standard for Security of Information Technology Resources

Best Practices for Campus Security. January 26, 2017

Management. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,

Credit Card Data Compromise: Incident Response Plan

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Subject: University Information Technology Resource Security Policy: OUTDATED

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

Information Security Incident Response and Reporting

Emergency Support Function (ESF) #17a: COMMUNICATIONS: PUBLIC. ESF Activation Contact: Cornell University Police (607)

Emergency Management & Disaster Planning

TELECOMMUNICATIONS ACCESS POLICY 2011

Kansas City s Metropolitan Emergency Information System (MEIS)

National Strategy for CBRNE Standards

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Virginia Commonwealth University School of Medicine Information Security Standard

Laguna Honda Hospital and Rehabilitation Center. Security Management Plan

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

UCOP Guidelines for Protection of Electronic Personal Information Data and for Security Breach Notification

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

Corporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates

How AlienVault ICS SIEM Supports Compliance with CFATS

MNsure Privacy Program Strategic Plan FY

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Business Continuity: How to Keep City Departments in Business after a Disaster

Opportunity Lives Here

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

01.0 Policy Responsibilities and Oversight

SAFETY AND RISK SERVICES UNIT ANNUAL REPORT FISCAL YEAR 2016

Academic Program Review at Illinois State University PROGRAM REVIEW OVERVIEW

UTAH VALLEY UNIVERSITY Policies and Procedures

Standard CIP 004 3a Cyber Security Personnel and Training

Student Union Social Programming Board Constitution

Statement of Organization, Functions, and Delegations of Authority: Office of the

Memorandum of Agreement

XAVIER UNIVERSITY Building Access Control Policy

The University of British Columbia Board of Governors

Drinking Water Emergency Management Ministry of the Environment 2012 Drinking Water Leadership Summit October 25, 2012

Global Risks Peculiar to Resorts: Richard G. Hudak Managing Partner Resort Security Consulting Inc.

JSC THE JUSTICE & SAFETY CENTER. Snapshot 2014

ONE ID Identification Information and User Name Standard

Critical Infrastructure Protection Version 5

Texas Commission on Fire Protection

System Chief Business Officer - B. J. Crain The Texas A&M University System Position Description--January 13, 2010

Postal Inspection Service Mail Covers Program

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

Open Data Policy City of Irving

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Approaches and Tools to Quantifying Facility Security Risk. Steve Fogarty, CSO

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY

SAVANNAH LAKES VILLAGE PROPERTY OWNERS ASSOCIATION, INC. JOB DESCRIPTION

SECURITY PLAN CREATION GUIDE

The CISO is the owner of the vulnerability management process. This person designs the process and ensures is implemented as designed.

CYBER SECURITY POLICY REVISION: 12

Policies & Procedures Effective Date: January 24, Key Control

Security Management at Capital Power. Ross Johnson, CPP Senior Manager Security & Contingency Planning

Data Governance Framework

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Audit and Compliance Committee - Agenda

RCMP Support / Bylaw Services Department

ROYAL CANADIAN MOUNTED POLICE (RCMP) - NORTH VANCOUVER DETACHMENT

University of North Texas System Administration Identity Theft Prevention Program

Statement of Chief Richard Beary President of the International Association of Chiefs of Police

Cybersecurity in Higher Ed

Texas A&M University Controlled Substances Guidelines Training Module. September 2017

Agency Information Collection Activities: Proposed Collection; Comment Request

Standard CIP-006-3c Cyber Security Physical Security

Effective: 12/31/17 Last Revised: 8/28/17. Responsible University Administrator: Vice Chancellor for Information Services & CIO

Standard CIP-006-4c Cyber Security Physical Security

Seven Requirements for Successfully Implementing Information Security Policies and Standards

SECURE NETWORK INFRASTRUCTURE GUIDE

INFORMATION TECHNOLOGY POLICY

Access to University Data Policy

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

UF CEMP Support Group Annex: Public Safety

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC

Policies and Procedures Date: February 28, 2012

Business continuity management and cyber resiliency

TransLink Video Surveillance & Audio Recording Privacy Statement

The Common Controls Framework BY ADOBE

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

Putting It All Together:

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

STRATEGIC PLAN. USF Emergency Management

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Transcription:

POLICY CONCEPT FORM Name and UO Title/Affiliation: Policy Title/# (if applicable): Submitted on Behalf Of: Responsible Executive Officer: Krista Dillon Director of Operations, Safety and Risk Services Security- Physical Space and Environment University of Oregon Police Department Andre Le Duc AVP Safety and Risk Services and Chief Resilience Officer SELECT ONE: New Policy Revision Repeal Click the box to select HAS THE OFFICE OF GENERAL COUNSEL REVIEWED THIS CONCEPT: Yes No If yes, which attorney(s): Doug Park GENERAL SUBJECT MATTER Include the policy name and number of any existing policies associated with this concept. Creation of a policy to guide physical security elements and projects on campus. Establishes the University of Oregon Police Department and Campus Vulnerability Assessment Team as the lead for physical security assessments and recommendations and establishes a threetiered standard for physical security elements for new construction and remodels. RELATED STATUTES, REGULATIONS, POLICIES, ETC. List known statutes, regulations, policies (including unit level policies), or similar related to or impacted by the concept. Include hyperlinks where possible, excerpts when practical (e.g. a short statute), or attachments if necessary. Examples: statute that negates the need for or requires updates to an existing policy; unit level policy(ies) proposed for University-wide enactment; or existing policies used in a new, merged and updated policy. None STATEMENT OF NEED What does this concept accomplish and why is it necessary? While some standards on physical security exist on campus, they are not consistently applied and there is no clear lead department or group assigned to assess risk and determine appropriateness of physical security elements. This policy aligns existing standards and establishes a lead entity to assess risk and make recommendations on physical security.

AFFECTED PARTIES Who is impacted by this change, and how? Departments wishing to add new physical security elements outside of a remodel or new construction and units that are completing major remodels and new construction will be impacted by the policy. Campus Planning and Real Estate, Design and Construction, and Safety and Risk Services and the UO Police Department each will play a role in implementing the policy. In some cases this policy will require the addition of physical security elements to a project that previously were not required. Those elements may result in one-time installation costs and some system/equipment maintenance costs. CONSULTED STAKEHOLDERS Which offices/departments have reviewed your concept and are they confirmed as supportive? (Please do not provide a list of every individual consulted. Remain focused on stakeholders (e.g. ASUO, Office of the Provost, Registrar, Title IX Coordinator, etc.).) Name Office Date Tom Shepard Design & Construction 11/2/17 Greg Ottoman, Judd Mentzer Housing 11/3/17 James Stegall UOPD 12/11/17 Ken Straw CPFM 12/13/18 Darin Dehle Design & Construction 1/18/18 Jeff Madsen Design & Construction 1/18/18 Christine Thompson Campus Planning 1/18/18 Doug Park General Counsel 1/18/18 Tiffany Lundy SRC 11/25/17 Brent Harrison SRC 11/25/17 Laurie Woodward EMU 11/25/17 Devon Shea Athletics 11/25/17

Volga Koval UHC 11/25/17 Matt Carmichael UOPD 12/11/17 Jeff Butler CPFM 12/7/17 Andy Vaughn IS 11/14/17 Cass Moseley VPRI 6/6/18 Amy Salmore, Sheryl Johnson, Monte Matthews, Chuck Williams, Analinda Camacho VPRI 7/5/18 Steve Stuckermeyer EHS 10/15/18 REVISIONS: The June 2018 PAC recommended that additional feedback be sought from the Office of the Vice President for Research and Innovation ( Research ). SRS provided the draft policy language to Research leadership for feedback. Policy revisions reflect the need to address fire safety concerns as part of physical safety. In addition, edits were made to incorporate feedback from Research including: clarification of the process to determine building levels under the policy, articulating a process when stakeholder parties disagree, clarification on the role of CVAT based on recent programmatic changes, and simplification of administrative responsibilities. ORIGINAL: While some standards on physical security exist on campus, they are not consistently applied and there is no clear lead department or group assigned to assess risk and determine appropriateness of physical security elements. This policy aligns existing standards and establishes a lead entity to assess risk and make recommendations on physical security.

Reason for Policy University of Oregon Policy xxxxxx Physical and Environmental Security Page 1 of 3 This policy sets out how the University aims to protect its community members and its assets (including its buildings, property, information, and equipment) against physical threats such as crime (theft and criminal damage), fire, and terrorism through the implementation of physical fire protection and security controls. Physical fire protection and security requires appropriate 'layering' of physical and technical measures and involves a balance between prevention, detection and response. Entities Affected by this Policy All members of the UO community and visitors. Web Site Address for this Policy [to be completed when posted] Responsible Office For questions about this policy, please contact Safety and Risk Services: (541) 346-8070, safety@uoregon.edu Enactment & Revision History [to be completed upon enactment] Policy I. To support a unified campus implementation of physical fire protection systems, the UO Fire Marshal Office has the responsibility and has been delegated authority to ensure the UO complies with Oregon fire and life safety regulations as adopted in Oregon Fire Code and local municipality ordinances. When these regulations are silent or in conflict, fire prevention decisions are made by the UO Fire Marshal, under guidance of nationally recognized practices or standards such as those promulgated by the National Fire Protection Association, other nationally recognized fire protection agencies, and commonly accepted fire protection practices. II. To support a unified campus security policy, UO has established three building security levels. Buildings are assigned security levels based on the functions that occur within the building.

University of Oregon Policy xxxxxx Physical and Environmental Security Page 2 of 3 a. In certain cases, a portion or room of a building could receive additional security elements beyond the building s level. Definitions of the building levels and the accompanying security elements are located in the security standard. III. IV. Based on the principles of common crime prevention, the University will incorporate appropriate and proportionate physical security measures in both the design and layout for new campus buildings and major remodels. Security levels may apply to the internal and exterior design of campus facilities (including buildings and grounds). V. Determination of the building level occurs during the programming phase of the design process for major remodels and new construction to determine the plan for physical security elements and will be done in close collaboration with user groups, stakeholders and the the Campus Vulnerability Assessment Team (CVAT). Determinations shall not negatively impact the unit s activity. a. In the event that involved parties disagree on security elements identified above the Base levels, then respective unit leadership will be consulted. If agreement cannot be reached there, the decision will go to the vice presidents of the respective units. VI. VII. VIII. IX. Physical security elements are implemented through campus standards, managed by UO Design and Construction and Facilities Services. UO will integrate industry standard practices in building and space design to enhance crime prevention as part of the Campus Design Process. No Department or Auxiliary will install a standalone physical security system (e.g., alarms, cameras, outdoor emergency phone systems, etc) without consulting with the Campus Vulnerability Assessment Team. Centralized systems are encouraged to ensure interoperability. Certain circumstances, including, but not limited to, large scale special events, temporary displays of high value, or occurrence of an emergency or incident may result in the need to temporarily increase security elements in or around a facility. In these instances, UOPD will be responsible for recommending temporary security measures. X. In special cases, CVAT and the user group may determine that certain physical security elements identified in the building levels are not necessary. In these cases, the reasoning will be documented and kept by CVAT. Responsibilities I. Protecting the people and assets of the University of Oregon is the responsibility of the whole campus community. All university personnel are expected to support the university s safety and security policy and associated procedures. II. The University of Oregon Fire Marshal, an officer within the Department of Environmental Health and Safety, in accordance with agreement of the Eugene-Springfield Fire Marshal, is

University of Oregon Policy xxxxxx Physical and Environmental Security Page 3 of 3 the designated authority having jurisdiction in the interpretation and application of fire protection codes and regulations and authorized to enforce applicable fire and life-safety codes, laws, regulations, and implementation of fire protection systems within campus facilities. III. IV. The University of Oregon Police Department (UOPD) is the lead department responsible for assessing physical security needs and making recommendations for security improvements for campus facilities. Departments will work in partnership with UOPD to plan, coordinate and implement and install security elements in their facilities. Examples of campus security needs include but are not limited to site security, assets protection, camera systems, security alarms, and personal safety, etc. The UO Campus Vulnerability Assessment Team (CVAT) works on enterprise-wide safety, security, and vulnerability policies and protocols to address campus vulnerabilities and vet request for standalone security elements. V. All administrators, deans, department heads, directors, supervisors and/or principal investigators are directly accountable for the provision of appropriate training and promotion of a culture of security.

Materials Supporting the Policy This information included in this section is not part of the policy, but is considered supplementary and will be used by UOPD and the Campus Vulnerability Assessment Team in implementing the policy. A. Security Levels As the security level increases, the security elements from lower levels are also applied to the higher levels. The security elements are considered to be required unless financial or logistical barriers prove to be an unreasonable hardship. This will be determined by the AVP for Safety and Risk Services, or their designee. Security Level Building Functions Characteristics Required Security Elements Recommended Security Elements Base All UO buildings will include a minimum Low rating Exterior prox access with building access on a set schedule allowing for open access during set business hours Exterior surveillance at entrances/exits (may be building mounted or pedestal mounted away from the building) General security patrols performed by UOPD Police Officers and/or Security Officers General staff training None

Security Level Building Functions Characteristics Required Security Elements Recommended Security Elements Medium Laboratories Lab-Support Facilities Shops / Craft Centers Residence Halls Dining Facilities Cash handling Hazardous materials stockrooms High content value ($1 10 Million) Childcare Centers Healthcare Centers Building mechanical and IT rooms Building electrical vaults Building loading docks Records containing Personal Identifiable Information (HIPAA, FERPA, etc) Counseling Centers Activities including advising, conduct Prox access on restricted interior spaces Interior surveillance in large open, or public spaces Intrusion alarms Duress alarms

Security Level Building Functions Characteristics Required Security Elements Recommended Security Elements High Extremely high content value (Greater than $10 Million) Large events (1,000 people or more) Radiation Sources of Concern Controlled Substances Select Agents High-field magnets Research animals Housing Specialized research Data Centers HIPAA data in Data Centers Power/Utility Generation Department of Homeland Security Chemicals of Interest (Building Wide) Tunnel Access Police Operations Interior surveillance beyond restricted spaces Exterior surveillance beyond entry and exit points On-site security and/or human monitoring public entry. Intrusion alarms On-site security and/or human monitoring public entry. Intrusion alarms

B. Financial Impacts of Policy Implementation This policy will result in additional costs tied to major remodels and new capital projects. The costs of purchasing and installing physical security elements will be borne by the project. Maintenance of physical security elements is dependent on the type of security component: Access Control Maintenance of all campus access control systems is currently accounted for in the CPFM budget. Cameras Finance and Admin Shared Services (FASS) is creating an inventory of cameras not managed by auxiliaries for the purpose of developing a maintenance budget. The approval of such as budget has not occurred as of this policy submission. Auxiliaries are responsible for maintenance of camera systems located in their facilities. Security systems Additional security system elements, such as duress alarms or panic buttons, are the responsibility of the individual department to purchase and

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback