Responsible Unit: Office of Public Safety
E-mail: publicsafety@arizona.edu
Last Revised Date: April 2026
Purpose
These Procedures operationalize the Security Camera Policy (Interim) (Policy) by defining the day‑to‑day processes for requesting camera placement, managing access to the University Video Management System (University VMS), requesting recorded footage, and ensuring transparent, auditable use under the authority of the Chief Safety Officer (CSO) and the Office of Public Safety (OPS).
Scope
These Procedures apply to all University Units, Employees, DCCs, and University Community members who request, deploy, access, or use University‑owned Security Cameras or the University VMS on University Property or in University programs.
- Definitions
Capitalized terms used but not defined in this procedure have the meaning assigned in the Security Camera Policy.
- Chief Safety Officer (CSO) or designee means the University official with authority for implementation, oversight, exceptions, and approvals described herein.
- Office of Public Safety (OPS) means the operational unit responsible for intake, administration, training, role‑based access, logging, reporting, and coordination with the Real Time Coordination Center (RTCC).
- Real Time Coordination Center (RTCC) means the operations center that monitors and administers the UVMS and fulfills authorized requests.
- Threat Assessment & Management Team (TAMT) means the multidisciplinary team authorized to request data/video from the RTCC when conducting an inquiry.
- Security Cameras and Security Camera Footage may only be used for Security Purposes. Any other use of Security Cameras or Security Camera Footage, including but not limited to, surveillance of individuals or groups without a legitimate safety/security objective is prohibited.
- Access to Security Cameras and/or Security Camera Footage is role‑based, time‑bounded as appropriate, and logged.
- All requests for and exports of Security Camera Footage are recorded in an auditable system maintained by OPS.
- The University balances safety with privacy expectations, signage, and community communication, consistent with Policy and applicable law.
Chief Safety Officer (CSO) or designee
- Approves Policy and Procedures implementation, exceptions, and high‑risk deployments.
- Authorizes emergency access when necessary.
- Receives the Annual UVMS Report (see §13).
Office of Public Safety (OPS)
- Serves as single point of intake and oversight for all Security Camera placement/changes and for all Security Camera Footage/data requests.
- Administers the UVMS, role‑based access controls, training, and user (re)certification.
- Maintains access/export logs for at least one (1) year.
- Produces regular operational reports to OPS leadership and the Annual UVMS Report to the CSO (see §13).
Real Time Coordination Center (RTCC)
- Operates the UVMS and fulfills authorized live/recorded Security Camera Footage requests.
- Ensures all access to and exports of Security Camera Footage are logged with required metadata (see §10.3).
University Information Technology (as applicable)
- Partners with OPS on UVMS security, integrations, lifecycle, and availability.
Requesting Units / Requestors
- Submit Security Camera placement/changes and Security Camera Footage requests to OPS using the standard intake.
- Ensure requests comply with the Policy and these Procedures.
UAPD and TAMT
- Blanket authority to request Security Camera Footage from the RTCC when conducting an inquiry (see §10.2).
- All such requests must include an associated event/incident/case number and are logged (no additional approval required).
Intake & Routing
- All requests for new Security Cameras, relocations, removals, or material configuration changes are submitted to OPS via the standard intake form (see forthcoming Manual appendix).
Evaluation Criteria (applied by OPS under CSO authority)
- Upon receipt of a requests for a new Security Camera, or relocation, removal, or material configuration of a current Security Camera, OPS will consider the following when evaluating the request:
- Policy alignment and authorized purposes.
- Privacy and expectation of privacy considerations.
- Community communication needs.
- Technical suitability (power, network, field of view, light, durability).
- Safety value, incident history, and risk.
- Cost, funding source, and UVMS integration requirements.
Decision & Documentation
- OPS documents the decision and implementation details in the intake system and updates the UVMS inventory and campus Security Camera map/registry.
Installation Standards
- All Security Cameras must connect to and be managed in the University VMS. Any exception requires written approval by the CSO or designee (see §12).
Authorization
OPS grants access to UVMS based on job role and completion of required training (see §11). Access is limited to the minimum necessary functions (live, search, export) and areas of responsibility.
Authentication & Security
Access to UVMS requires University credentials and adherence to information security controls, including multi‑factor authentication where applicable.
Monitoring & Auditing
All user sessions, queries, and exports are logged by RTCC/OPS and retained per §14.
Use of Security Cameras or Security Camera Footage other than for Security Purposes is prohibited.
Who May Request
- University Units with a legitimate Security Purpose need aligned with Policy who do not already have role-based access to footage or data (see § 7).
- UAPD and TAMT under blanket authority when conducting an inquiry (see §10.2).
How to Request
Submit requests to OPS using the standard intake form, including:
- Purpose and Policy basis
- Date/time range and location(s)
- Need for export vs. internal review only
- Any legal holds or preservation needs
Fulfilling Requests
RTCC/OPS searches, reviews, and fulfills approved requests. Where feasible, reviews will occur within UVMS without export; exports are provided when necessary and appropriate.
Scope
When conducting an inquiry, UAPD and the Threat Assessment & Management Team (TAMT) may obtain Security Camera Footage from RTCC without additional approvals.
Logging Requirement
- All UAPD/TAMT requests must include an event, incident, or case number.
- RTCC/OPS logs the request, access, search parameters, and exports per §10.3.
Required Log Elements (all requests/exports)
- Requestor identity and unit
- Authority (e.g., UAPD/TAMT blanket, CSO approval, or standard OPS approval)
- Event/incident/case number (if applicable)
- Date/time submitted and fulfilled
- Security Camera(s) and date/time range accessed
- Whether live viewed, searched, or exported; export filename/hash if applicable
- Preservation/legal hold indicators
- OPS provides required training covering Policy, privacy, authorized use, UVMS operation, and data handling.
- Access to Security Camera Footage and the UVMS is contingent on completing training; OPS manages periodic recertification appropriate to role.
Any exception to these Procedures or to UVMS connection requirements must be approved in writing by the CSO or designee with:
- Justification and scope
- Duration and review/expiration date
- Compensating controls
OPS maintains an exceptions register.
- Regular operational reports will be produced by OPS for internal oversight (e.g., utilization, requests fulfilled, exports, exceptions count, notable trends).
- An Annual UVMS Report will be delivered to the CSO or designee summarizing: inventory, system health/uptime, training/recertification status, aggregated request/export volumes, exceptions, and improvement actions.
- UVMS retention periods for recorded video are governed by Policy and system configuration.
- Access/export logs are retained for at least one (1) year by OPS.
- Legal holds and preservation directives supersede normal retention.
RTCC/OPS may share video externally to law enforcement agencies or as otherwise authorized by law and Policy, with CSO or designee approval. All such disclosures are logged (see §10.3).
OPS and University IT maintain UVMS security, patches, user lifecycle, and integration standards. Credentials and exports must be safeguarded per University information security requirements.
The RTCC Manual will provide:
- Intake forms for §6 and §9
- Daily/weekly operational checks and runbooks
- Role matrices and least‑privilege profiles for UVMS
- Export packaging, hashing, and chain‑of‑custody procedures
- Incident/after‑action review templates and communication playbooks
These Procedures take effect upon CSO approval and remain in force until revised. OPS maintains the current version and archives prior versions.