HS90 – Access Control & Monitoring [DRAFT]

Records of access management and monitoring for University buildings, facilities, and stationary equipment.

Related Records | Responsible Unit | Information Steward | Information Confidentiality Classification | Retention | Disposition | Authority | Retention Rationale | Version Information

Content & Scope

Access control and monitoring for University buildings, facilities, and selected stationary equipment are supported by access control, intrusion detection, video surveillance (CCTV) camera, stationary equipment security protection systems, and other systems. Information Systems & Technology (IST) is responsible for installation and management of the required IT systems and infrastructure. The Plant Operations Key Control office is responsible for the management, distribution, and safeguarding of physical keys for doors/entrances, and selected desks and cabinets.

This class excludes records of parking services, responses and investigations by Special Constable Service or other units of recorded incidents (e.g. intrusion detection alarms), and identity and access management for University computer networks and information systems.

The records include: requests for physical keys, electronic key fobs/cards, and access codes, and the associated authorization and distribution records; entry and access events recorded by access control and monitoring systems; intrusion detection system and stationary equipment security protection system arming/disarming events and alarms; video recordings of University locations captured by video surveillance systems.

Related Records

Responsible Unit

  • Information Systems & Technology.
  • Plant Operations.
  • Units authorizing assignment of physical keys, key fobs/cards, or access codes.

Information Steward

Vice-President, Administration and Finance.

Information Confidentiality Classification

  • Public: guidelines and other instructional information approved for public release.
  • Restricted: video recordings, event/alarm and other access monitoring records which may contain the personal information of University community members or visitors.
  • Confidential: all other records.

Retention

  • Guidelines and other instructional information: until superseded or obsolete.
  • Requests for keys, key fobs/cards, and access codes, and the associated authorization and distribution records: 2 months after last administrative use (e.g., the key, fob or card is returned; the access code is deactivated).
  • Records of entry/access events, system arming/disarming events, alarms, and video recordings of University locations: minimum of 14 days and a maximum of 2 months.

Notes:

  • Records required for the response to or investigation of events/incidents are retained as response/investigation case records in other records classes: for example, HS80 – Special Constable Service & Law Enforcement, for responses and investigations by Special Constable Service.
  • Anonymized data derived from these records may be retained by the University until superseded or obsolete.

Disposition

Secure Destruction.

Note

Responsible Units should document the disposal/destruction of official records using the University records destruction form or equivalent documentation, to verify that we are following our records retention rules.

Authority

University of Waterloo Act, 1972.

Retention Rationale

Retention is based on operational use.

Under Review Date

4 September 2020.

Previous Version

19 December 2011

(This records retention schedule replaces HS85 – Surveillance Video-recordings)