3-3 Electronic Systems and Equipment

Policy Type: Local

Responsible Office: Chief of Police, Virginia Commonwealth University Police Department

Initial Policy Approved: 6/16/2014 

Current Revision Approved: 6/2/2017

 

General

Electronic systems and equipment provides the VCU Police Department with enhanced communication abilities for both routine and emergency situations. The Administrative and Business Operations Division is responsible for the procurement, operation, maintenance and security of the Department's computers and computer systems. This policy is designed to supplement existing Commonwealth of Virginia and VCU computer, network use and electronic systems policies which are applicable to all employees upon hire. VCU reserves the right to monitor any of its electronic systems, including email messages and any other known messages, documents, spreadsheets or files. 

 

Accountability Statement

All employees are expected to fully comply with the guidelines and timelines set forth in this written directive. Failure to comply will result in appropriate corrective action. Responsibility rests with the division commander to ensure that any violations of policy are investigated and appropriate training, counseling and/or disciplinary action is initiated.

 

Definitions

  1. CRIMINAL JUSTICE INFORMATION SERVICES (CJIS) SECURITY POLICY - A federal policy to provide appropriate controls to protect the ful/ lifecycle of criminal justice information, whether at rest or in transit. 
  2. ELECTRONIC SYSTEMS - All hardware, software, and tools owned by VCU that are available for official use by VCU employees, including but not limited to, electronic mail, voice mail, calendaring and systems such as internet, etc. 
  3. INTERNET SYSTEM - A global information system of interconnected computers and computer networks used to receive and transmit information and electronic messages.
  4. INTRANET SYSTEM - A local information system used to receive and transmit information and electronic documents among authorized users.
  5. MOBILE DATA COMPUTER (MDC) - The hardware device used by officers in the field to run communications, NCICNCIN inquiries, and other software applications. The term MDC shall apply to both the fixed mounted and laptop versions.
  6. DIGITAL MOBILE VIDEO RECORDER SYSTEM (ARBITRATOR) - Equipment installed in patrol vehicleswhich is used to record a video/audio account of events.
  7. WIRELESS COMMUNICATION DEVICES - Wireless communicationdevices shall be defined as cellular telephones, iPhone/iPad units, or any other electronic communication devices and services.
  8. ROLES AND RESPONSIBILITIES - For all systems with criminal justice information, the following table shows the designated roles and responsibilities over the applicable system: 

 

SystemData StewardOwner/AdminData CustodianSystem OwnerDepartment TechSystem Admin
Arbitrator - vehicle camera system Chief IT Manager Officers Chief IT Manager IT Manager
Evidence.com/Sync - body camera software Chief IT Manager Officers Chief IT Manager IT Manager
Treds/Report Beam - vehicle accident reporting system Chief IT Manager Officers Chief IT Manager Records Manager
Campus Camera System Chief IT Manager Officers Chief IT Manager IT Manager
LInX - law enforcement info exchange Chief Admin Director Officers Chief IT Manager IT Manager
AS400 - legacy incident report system Chief Admin Director Officers Chief IT Manager Admin Director
RMS/MobLan/MFR - incident report system Chief Admin Director Officers Chief IT Manager Admin Director
LiveScan - fingerprinting system Chief IT Manager Officers Chief IT Manager IT Manager
VCIN - Virginia criminal info network Chief ECC Manager Officers Chief IT Manager ECC Manager
NICE - ECC phone recording system Chief ECC Manager Officers Chief IT Manager IT Manager
LiveSafe - campus safety app Chief ECC Manager Officers Chief IT Manager ECC Manager
Tipsoft - text-a-tip system Chief ECC Manager Officers Chief IT Manager ECC Manager
Tracker - property & evidence bar code tracking system Chief Captain, Support Services Officers Chief IT Manager Property Manager
CAD - software system for dispatching/monitoring ECC calls Chief ECC Manager Officers Chief IT Manager ECC Manager
TruVision - legacy campus camera system Chief ECC Manager Officers Chief IT Manager ECC Manager
Crystal Reports - statistical data extraction software Chief Accreditation & Compliance Coordinator Officers Chief IT Manager Records Manager
NetViewer - web access to CAD data Chief ECC Manager Officers Chief IT Manager ECC Manager

 

Access

  1. New department members and all department members annually thereafter, sign the Confidentiality and Compliance Statement included in their Employee Work Profile. A member’s signature indicates agreement to abide by the department, state, and university policies and procedures concerning confidentiality and information processing. The new employee checklist initiated by the supervisor indicates appropriate access to the department’s computers and/or systems, based on the employee’s new role.
  2. Violations to these policies will result in access removal and/or disciplinary action in accordance with the Commonwealth of Virginia 1.60 Standards of Conduct.
  3. Approved applicants will be given a user ID along with system and application passwords.
  4. The system (sign-on) password must be changed the first time a new user signs onto a system. This new password shall be unique to the individual and shall not be shared with others or written down in a conspicuous location. 
  5. Periodic changing of passwords is required by the systems. VCU IT makes users aware of any required password changes.
  6. Personal devices cannot be utilized to extract, store, transfer or copy VCUPD data.

 

Security

  1. The computer server room shall remain locked at all times. Only authorized personnel are permitted in the server room.
  2. Generally, the department's computer programs are password protected, and other applications of a confidential nature are protected by user ID access and restrictions.
  3. Only individuals authorized to run a particular application may do so. No department member shall make a deliberate attempt to bypass system or resource security.
  4. While actively logged onto a VCUPD computer, no computer shall be left unattended. Only one active session per system is allowed per use; do not open multiple sessions of the same program. VCUPD system users are required to log out of computer sessions when access is no longer needed. The IT Manager will make periodic security checks to enforce the department's computer security policies.
  5. Systems administrator for various electronic and network systems will assign individual levels of security. These levels will determine access to system objects, programs and functions. Specific access restrictions for security levels are based on the applicability of each system.
  6. VCUIT/Information Security must conduct and complete a security review of any proposed external party access to VCUPD data. Third-party data transmission or storage is prohibited unless approved by the Chief.
  7. Only VCUPD provided equipment is to be utilized to access and/or print VCUPD email and/or records that include criminal information. Dual Factor Authentication (DUO)/Virtual Private Network (VPN) is the only approved method to remotely access VCUPD data or records. VPN access must be approved by the Chief or their designee. Department issued computers must be used in order to access VCUPD systems from home.
  8. Removal or reissuance of equipment containing VCUPD data or records must be in compliance with record retention policies or approved by the Chief or their designee, which includes hard drives or memory in all electronics (computers, cameras, copiers, USB drives, etc.). 
  9. Non-VCUPD personnel accessing VCUPD computers must log-in with their own credentials; VCUPD personnel will not allow non-VCUPD personnel to access computers using the VCUPD personnel’s credentials.
  10. In the event of a system crash, only designated VCUIT personnel are permitted to work on resolving the issues and systems.
  11. In the event of a data breach or other data security event involving VCUPD data, VCUPD personnel should immediately notify the Chief and the VCUPD IT Manager, who will immediately notify VCUIT/Security.
  12. Per the Gramm-Leach-Bliley Act and CJIS, documents containing personal or criminal information data must be secured when it is not needed.

 

Information Backup

  1. Backups are performed nightly for all VCU-owned or controlled systems by VCUIT.
  2. The RMS system backups are conducted by the Richmond Police Department.
  3. A complete system backup is performed whenever a system change is implemented by VCUIT.

 

Application Documentation and Training

  1. Application programs are purchased for departmental use, and user documentation is provided as part of the program purchase.
  2. User training for application documentation will be provided as needed to department members for programs specific to a member's job responsibilities. Certain positions within the department require extensive training related to computer use.
  3. The System Administrator is responsible for ensuring that adequate training of personnel is accomplished.

 

Email

  1. Electronic mail is a department resource and is provided as a business tool. It shall be used to augment other types of communication already in the workplace, such as the telephone, fax machine, voice mail, written memorandum, and the like.
  2. Email messages shall be treated like paper memos, faxes and the like, with regard to privacy. When a paper memo, fax, or email has left the sender, they relinquish control over it.
    1. NOTE: Confidentiality/Privacy – All departmental electronic systems are considered public records and are subject to inspection and disclosure. Employees have no expectation of privacy in their use of electronic mail.
  3. Email users shall exercise caution when logging in and out of the electronic system so as to prevent someone else from utilizing their password to send or retrieve messages 

Revision History

This policy supersedes the following archived policies:

6/16/2014 - 3-3 Computer Systems and Equipment