LegalLegal srodriguez31 Fri, 05/11/2012 - 14:55
Confidentiality/Non-Disclosure AgreementsConfidentiality/Non-Disclosure Agreements jgastley3 Fri, 07/20/2012 - 07:45
For more information about Confidentiality/Non-Disclosure Agreements, please see the Office of Legal Affairs website:
Consulting AgreementsConsulting Agreements jgastley3 Fri, 07/20/2012 - 07:46
ContractsContracts jgastley3 Fri, 07/20/2012 - 07:51
EU General Data Protection Regulation Compliance PolicyEU General Data Protection Regulation Compliance Policy
The European Union has passed a data privacy regulation that is applicable throughout the entire European Union (“EU”), and to those who collect personal data about people in the EU. The European Union General Data Protection Regulation (“EU GDPR”) imposes obligations on entities, like Georgia Tech, that collect or process personal data about people in the EU. The EU GDPR applies to personal data collected or processed about anyone located in the EU, regardless of whether they are a citizen or permanent resident of an EU country.
Georgia Institute of Technology (“Georgia Tech” or the “Institute”) is an institute of higher education involved in education, research and community development. In order for Georgia Tech to educate its foreign and domestic students both in class and on-line, engage in world-class research, and provide community services, it is essential and necessary, and Georgia Tech has a lawful basis, to collect, process, use, and/or maintain the personal data of its students, employees, applicants, research subjects, and others involved in its educational, research, and community programs. These activities include, without limitation, admission, registration, delivery of classroom, on-line, and study abroad education, grades, communications, employment, applied research, development, program analysis for improvements, and records retention.
Georgia Tech takes seriously its duty to protect the personal data it collects or processes. In addition to Georgia Tech’s overall data protection program, Georgia Tech must make sure it complies with the dictates of the EU GDPR. Among other things, the EU GDPR requires Georgia Tech to:
- be transparent about the personal data it collects or processes and the uses it makes of any personal data
- keep track of all uses and disclosures it makes of personal data
- appropriately secure personal data
This policy describes Georgia Tech’s data protection strategy to comply with the EU GDPR.
2.1 Lawful Basis for Collecting or Processing Personal Data
Georgia Tech has a lawful basis to collect and process personal data. Most of Georgia Tech’s collection and processing of personal data will fall under the following categories:
- Processing is necessary for the purposes of the legitimate interests pursued by Georgia Tech or by a third party.
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which Georgia Tech is subject.
- The data subject has given consent to the processing of his or her special categories of sensitive personal data for one or more specific purposes.
There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases
2.2 Data Protection & Governance
Georgia Tech will protect all personal data and special categories of sensitive personal data that it collects or processes for a lawful basis. Any personal data and special categories of sensitive personal data collected or processed by Georgia Tech shall be:
- Processed lawfully, fairly, and in a transparent manner
- Collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes
- Limited to what is necessary in relation to the purposes for which they are collected and processed
- Accurate and kept up to date
- Retained only as long as necessary
2.3 Sensitive Personal Data & Consent
Georgia Tech must obtain consent before it collects or processes special categories of sensitive personal data.
2.4 Individual Rights
Individual data subjects covered by this policy will be afforded the following rights:
- information about the controller collecting the data
- the data protection officer contact information (if assigned)
- the purposes and lawful basis of the data collection/processing
- recipients of the personal data
- if Georgia Tech intends to transfer personal data to another country or international organization
- the period the personal data will be stored
- the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
- the existence of the right to withdraw consent at any time
- the right to lodge a complaint with a supervisory authority (established in the EU)
- why the personal data are required, and possible consequences of the failure to provide the data
- the existence of automated decision-making, including profiling
- if the collected data are going to be further processed for a purpose other than that for which it was collected
Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.
This policy applies to the personal data and special categories of sensitive personal data protected by the EU GDPR and all Georgia Tech Units who collect or process personal data and special categories of sensitive personal data protected by the EU GDPR.
Collect or Process Data
Collection, storage, recording, organizing, structuring, adaptation or alteration, consultation, use, retrieval, disclosure by transmission/dissemination or otherwise making data available, alignment or combination, restriction, erasure or destruction of personal data, whether or not by automated means.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Under the EU GDPR:
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Georgia Tech Unit
A Georgia Tech college, school, office or department.
Identified or Identifiable Person
An identified or identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.
Examples of identifiers include but are not limited to: name, photo, email address, identification number such as GT ID#, GT Account (User ID), physical address or other location data, IP address or other online identifier
Processing of personal data shall be lawful only if and to the extent that at least one of the following applies:
Processing of personal data is lawful if such processing is necessary for the legitimate business purposes of the data controller/processor, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Any information relating to an identified or identifiable person (the data subject).
A natural or legal person, public authority, agency or other body who processes personal data on behalf of the controller.
Special Categories of Sensitive Personal Data
Special categories of sensitive personal data that require consent by the data subject before collecting or processing are:
|5.1 Data Governance|
Document Lawful Basis for Collection or Processing
All Georgia Tech Units who collect or process personal data protected by the EU GDPR must document the lawful basis for the collection or processing of personal data and special categories of sensitive personal data they collect or process, why they collect it, and how long they keep it using the online Georgia Tech EU GDPR Lawful Basis Form: http://eugdpr.gatech.edu/georgia-tech-compliance
All data at Georgia Tech shall be kept in compliance with the USG-BOR Records Retention Schedules.
|5.2. Privacy Notice|
Georgia Tech’s Privacy Notice
Georgia Tech’s Privacy Notice to data subjects must specify the lawful basis for Georgia Tech to collect or process personal data and include:
A link to the Georgia Tech Privacy Notice is available on the footer of all Georgia Tech websites – “Legal & Privacy Information”: http://www.gatech.edu/privacy
|Georgia Tech Units Privacy Notice||Each Georgia Tech Unit that collects or processes personal data protected by the EU GDPR must create and publicly post a privacy notice that meets the requirements (a) through (h) set forth above. A link to the Georgia Tech Unit Privacy template is available at: http://eugdpr.gatech.edu/georgia-tech-compliance|
Documentation of Consent
Georgia Tech Units must obtain affirmative consent before it collects or processes sensitive personal data.
|Withdrawal of Consent||Georgia Tech must have a process for individuals who request to withdraw their consent.|
|5.4 Individual Rights|
Exercise of Rights
Any individual wishing to exercise their rights under this policy should contact: firstname.lastname@example.org
|5.5 Data Protection|
Security of Personal Data
All personal data and special categories of sensitive personal data collected or processed by any Georgia Tech Units under the scope of this policy must comply with the security controls and systems and process requirements and standards of NIST Special Publication 800-171 as set forth in the Georgia Tech Controlled Unclassified Information Policy found here: https://policylibrary.gatech.edu/information-technology/controlled-unclassified-information
Any Georgia Tech Unit that suspects that a breach or disclosure of personal data has occurred must immediately notify Georgia Tech Cyber Security here: https://security.gatech.edu/report-incident
8.1 Responsible Party:
Georgia Tech Units:
To document the lawful basis for personal data or special categories of sensitive personal data collected or processed pursuant to this policy.
To cooperate with the Privacy Program within the Office of Ethics and Compliance when individuals inquire about their personal data or special categories of sensitive personal data collected or processed pursuant to this policy (See Section 2.3).
To immediately notify (24/7) and cooperate with Georgia Tech Cyber Security relating to any data breach: https://security.gatech.edu/report-incident
8.2 Responsible Party:
Privacy Program within the Office of Ethics and Compliance:
To field inquiries about personal data or special categories of sensitive personal data collected from individuals while in the EU (See Section 2.4).
To coordinate with Georgia Tech Units responding to inquiries about personal data or special categories of sensitive personal data collected from individuals while in the EU.
8.3 Responsible Party:
To answer questions about and review data security measures.
To handle data breach notification for the Institute.
Violations of the policy may result in loss of system, network, and data access privileges, administrative sanctions (up to and including termination or expulsion) as outlined in applicable Georgia Tech disciplinary procedures, as well as personal civil and/or criminal liability.
To report suspected instances of noncompliance with this policy, please contact: email@example.com, or visit Georgia Tech’s EthicsPoint, a secure and confidential reporting system, at: https://secure.ethicspoint.com/domain/en/report_custom.asp?clientid=7508
Enforcement of the EU GDPR shall be carried out by the appropriate Data Protection Authority within the European Union.
|01-25-2022||Office of Ethics and Compliance||Editorial Updates|
|05-03-2018||Institutional Research & Enterprise Data Management||New Policy|
Export Issues and International TravelExport Issues and International Travel jgastley3 Fri, 07/20/2012 - 07:53
Intellectual Property and CopyrightIntellectual Property and Copyright jgastley3 Fri, 07/20/2012 - 07:52
- Faculty Handbook 5.4 Intellectual Property Policy
- Intellectual Property Assignment Agreement
- Intellectual Property-Legal Aspects
- Patents-Legal Aspects
- Copyright & Fair Use at Geeorgia Tech
- Copyright Infringement Procedure
- Copyright-Legal Aspects
- USG Copyright Resources:
Minors on CampusMinors on Campus agarton3 Thu, 09/27/2012 - 10:21
- Mandatory Reporting of Child Abuse Policy
- Youth Programs Policy
- Minors in Laboratories, Hazardous Areas and Animal Facilities Policy
For additional information regarding Minors on Campus, please see the Youth Programs website here.
Open Records Act PolicyOpen Records Act Policy
As a public institution, Georgia Tech is subject to the Open Records Act, O.C.G.A. § 50-18-70 et seq. The law requires that Georgia Tech make available for public inspection public documents within three business days of receiving a request. The purpose of this policy and its procedures is to ensure compliance with the law.
Georgia Tech must respond to Open Records Act requests as required by the Open Records Act, O.C.G.A. § 50-18-70 et seq. (the “ORA”). With limited exceptions, Georgia Tech must respond to such requests within three business days. In response to an ORA request, Georgia Tech will allow the requester to view public documents and, for a fee, make copies.
Institute Communications (IC) has been designated by the President of Georgia Tech as the office responsible for responding to ORA requests on behalf of the custodian of the records. Departments and school, as custodians of Georgia Tech’s records, must work in cooperation with IC to ensure Georgia Tech’s compliance with the ORA. The custodian of the records remains responsible for compliance with the ORA and for any civil or criminal penalties imposed for failure to comply.
Departments, schools, faculty or staff who receive an ORA request from any person, or an ORA inquiry from IC, shall respond promptly, following the procedures in this policy.
This Policy applies to all Georgia Tech departments, schools, faculty, and staff.
All documents or other records (including video, audio, or electronic records) prepared or maintained by Georgia Tech, as well as documents prepared or maintained by its employees as part of their job responsibilities, are subject to the ORA. For example, employee notes of official University business (e.g., notes of meetings) are public, not personal, documents. The ORA includes “computer based or generated information” within the definition of a “public record.” This includes, for example, e-mail and logs kept on a server.
The person responsible for maintaining the records in the ordinary course of business.
See Office of Legal Affairs website: www.legal.gatech.edu.
IC has been designated by the President of the Institute as the office responsible for responding to ORA requests.
Georgia Tech Departments and Schools
Georgia Tech departments and schools are responsible for maintaining their own records and for collecting and preparing requested documents in response to an ORA request.
Any person who knowingly and willfully fails to respond to a written ORA request may be found guilty of a misdemeanor criminal act, and fined up to $1,000 for the first violation. Additional civil and criminal penalties may also be imposed.
Violation of this Georgia Tech policy may result in disciplinary action, up to and including termination of employment.
|04-17-2012||Office of Legal Affairs||Update per change in ORA law.|
|10-12-2012||Office of Legal Affairs||Established a formal written policy.|
|6-16-2020||Institute Communications||Updated Policy Owner and references.|
Individuals with access to Georgia Tech’s personal data assets are responsible for ensuring such information is collected, maintained, and used by Georgia Tech only for purposes that are relevant and necessary to perform the job or task that reasonably serves a legitimate Georgia Tech function. Such collection, maintenance and use must also comply with applicable laws and regulations, Georgia Tech policies, and USG requirements governing privacy of information.
Management and Access to PII
Individuals with responsibility for Records containing Personally Identifiable Information (PII) should only Process or seek to access such PII as appropriate in the performance of their assigned role or duties for Georgia Tech and in accordance with all applicable laws and regulations, Georgia Tech policies, and USG requirements. Access to PII as part of an individual’s assigned responsibilities or role does not constitute authority to release such information to other employees, students, parents or guardians, or third parties.
Both units and individuals are responsible for protecting PII against accidental or intentional misuse or improper disclosure or exposure within or outside of Georgia Tech. For more information concerning safeguarding Institute Records and PII, see the Cyber Security Policy, the Protected Data Practices resource, and the Security Procedures and Standards resource. Concerns regarding the security and safeguarding of PII can be reported to the Georgia Tech Cyber Security Teamhttps://security.gatech.edu/report-incident.
Georgia Tech shall not use social security numbers, driver’s license numbers, passport numbers or other governmental-issued numbers or designations as an official Institute personal identifier unless required by applicable law or reviewed and approved by the Risk Panel.
Individuals with responsibility for Processing PII must be able to identify and articulate the following:
- whose PII is being Processed (what group or population of individuals)
- why the PII is being Processed (the purpose(s) or business need for the Processing),
- how that Processing will take place (the Processing activity),
- and who has access to the PII being Processed.
This includes Processing within Georgia Tech as well as external to Georgia Tech (third parties such as vendors and contractors).
Where appropriate and practicable, persons Processing PII should implement the principle of Data Minimization, and if possible, Disassociate and De-identify datasets that include PII.
This policy applies to all parties, both internal and external to Georgia Tech, that are Processing Administrative Data that contains PII generated or collected by Georgia Tech.
Administrative data includes Organizational Data that is administratively or operationally generated, owned or managed, by or on behalf of, Georgia Tech.
Examples of Administrative Data include, but are not limited to, data about students or employees, finance, facilities, technology, student life, Campus Services and Professional Education.
It also includes Administrative Data about research (such as financial components of research and grants and contracts details), as well as research of Administrative Data (such as research on student success, work force demographics, campus network traffic and facilities data.)
The unauthorized acquisition or exposure of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector. Breaches do not include good faith acquisitions of personal information by an employee or agent of the entity that is collecting data for a legitimate business purpose—so long as the personal information is not used for a purpose unrelated to the entity’s business or is subject to further unauthorized disclosure.
Any person whose PII is being Processed.
The method used to prevent a Data Subject’s personal identity from being revealed. For example, data produced during human subject research might be de-identified to preserve privacy for research participants.
As defined in the Data Governance and Management Policy, Organizational Data is “Data generated, owned, or managed, by or on behalf of, Georgia Tech including all data to which Georgia Tech has been granted stewardship by third parties. Organizational Data record facts, statistics, or information, which is read, created, collected, used, updated, reported, shared, stored, transferred, or deleted by Georgia Tech units. Data may be in any form, including electronic or physical. Organizational Data may reside in an Information System hosted by Georgia Tech or a third party.*
Personally Identifiable Information (PII)
Any information about an individual that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name or biometric records; and any other information that is linkable to an individual, such as medical, educational, financial and employment information.
Process or Processing
Data life cycle operations, including, but not limited to, collection, creation, sharing, dissemination, transmission, storage, use, retention and disposal.
Record is defined by USG.
A group of Georgia Tech stakeholders, from areas including but not limited to privacy, cyber security, data governance, and enterprise risk management, that will gather to review the risk associated with Processing Administrative Data, on an asneeded basis.
A security incident is an event, as determined by Georgia Tech Cyber Security, that violates an applicable law or Institute policy including the violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. An incident could also be established based on the potential for harm to the confidentiality, integrity, or availability of Georgia Tech IT resources.
Report an Incident
If an individual believes a Security Incident or a Data Breach of PII has occurred, the individual should report the suspicion immediately to the Georgia Tech Cyber Security Team at https://security.gatech.edu/report-incident. Incidents relating to individuals can also be reported to the Ethics Hotline.
GDPR Data Subject Requests
Any individual wishing to exercise their rights under the EU GDPR should visit the EU GDPR website for more information and additional instructions.
Institute Personal Identifier Requests
If an individual wishes to utilize social security numbers, driver’s license numbers, passport numbers or other governmentalissued number or designation as an official Institute personal identifier, the individual must receive approval from the Risk Panel. All requests should be sent to firstname.lastname@example.org.
Senior Privacy Officer
The Senior Privacy Officer oversees and manages the Georgia Tech Privacy Program. The Georgia Tech Privacy Program monitors, helps to verify compliance with, and provides guidance on privacy laws and regulations. It also provides oversight and maintenance of any privacy policies, procedures, training and awareness, or engagement activities.
Data Management Committee
The Data Management Committee (“DMC”) is a sub-committee of the broader Data Governance Committee. It is comprised of a selection of Georgia Tech leaders (including faculty, staff, and student representatives) and is responsible for recommending and advising on various matters including privacy related policy and procedures and providing guidance and support for Institutional privacy efforts.
Units include various departments, offices, colleges/schools, and other groups across Georgia Tech that Process PII. Each unit should abide by the terms of this policy in how it Processes that PII. This includes taking into consideration which unit members should have access to the PII based on their role and regularly checking and removing access provisions as necessary. Units should also consider whether the PII being Processed requires any additional training or knowledge about a specific privacy law, regulation, or policy. Examples might include FERPA, HIPAA, or GDPR.
Employees Processing PII
Employees may need to Process PII in their assigned role at Georgia Tech. All employees should abide by the terms of this policy in how they Process that PII. Employees should have access only to the PII needed to accomplish the duties within their assigned role and should complete any additional training necessary to properly Process the PII.
Georgia Tech, the University System of Georgia, the state of Georgia, the federal government, or another regulatory agency may periodically audit compliance with this policy. To report suspected instances of noncompliance with this policy, please contact the Privacy Program at: email@example.com.
Presidential Signature AuthorityPresidential Signature Authority
The Board of Regents of the University System of Georgia (BOR) has delegated authority to the president of each system institution or their designee to execute certain types of agreements. This policy is intended to describe the process by which the President of the Institute may designate other Institute officials to execute, accept or deliver those agreements and the conditions under which the officials so designated are expected to act.
The President of the Institute may, by written delegation, designate additional officials of the Institute to assist in executing Agreements in the name of the Georgia Institute of Technology on behalf of the Board of Regents. A delegation of signature authority by the President shall apply to the incumbent in the position named in the delegation or in any position which replaces the named position.
The individual exercising the delegated signature authority is expected to execute, accept or deliver only those Agreements that are specified in the delegation and are within the purview of the individual’s position. Each such individual should act with the concurrence and approval of the senior leadership of their respective unit.
Only those individuals designated by the President may execute, accept or deliver Agreements in the name of the Institute. A delegation of signature authority may not be further delegated.
This policy applies to the execution, acceptance and delivery of Agreements, including those agreements necessary for the day-to-day operation of the Institute.
This policy does not apply to Purchasing Agreements which should be reviewed, approved and executed by Georgia Tech Purchasing.
|Agreements||Those agreements described in the BOR policies (see Related Information below). The term includes any document entered into on behalf of the Institute in which the parties make legally enforceable commitments, whether or not titled a contract or agreement. Terms used to describe an Agreement may include letter of agreement, letter of intent, memorandum of understanding, consortium agreement, operating agreement, or equipment loan.|
|Purchasing Agreements||Agreements for the purchase of supplies, materials equipment and certain contractual services of $10,000 or more. Authority to commit Institute funds for these purposes has been delegated to Georgia Tech Purchasing within the limits established by the State Department of Administrative Services.|
|Delegation of Authority Memorandum||The President of the Institute may periodically issue a memorandum to confirm the conditions under which other officials of the Institute have been authorized to act in the place of the President. A Delegation of Authority Memorandum will supersede and replace all prior delegations.|
|Legal Affairs Review||A delegation of signature authority shall, unless otherwise specified, extend only to standard form agreements that have been developed by the Office of Legal Affairs or to specific agreements that have been reviewed by the Office of Legal Affairs.|
The Office of Legal Affairs (firstname.lastname@example.org) will assist in determining who is authorized to sign a specific Agreement.
Violation of this policy may result in disciplinary action up to an including termination of employment. Under Georgia state law, individuals who sign without authority may incur personal liability for any contracts they sign.
|07-18-2011||Legal Affairs & Risk Management||New Institute Policy|
|09-25-2012||Legal Affairs & Risk Management||Policy statement edited to limit scope to Presidential signature authority|
|11-23-2015||Legal Affairs & Risk Management||Updated policy|
Security Camera UseSecurity Camera Use
Video Management Systems (hereafter, “VMS”) and video surveillance devices are necessary to deter, detect and prosecute wrong-doing on the Georgia Tech Campus. This policy is necessary to ensure the effective, efficient, ethical, and legal use of the Institute’s VMS and video surveillance devices in: protecting sensitive or classified information; protecting Georgia Tech and personal resources; and identifying those responsible for committing criminal acts, safeguarding video evidence, and pursuing prosecution in accordance with the U.S. Constitution, United States Federal law, Georgia State law, City of Atlanta municipal ordinances, and Board of Regents and Institute policy.
The Institute’s employees, contractors, representatives, and others having responsibility for installing, maintaining, having access to, having the capability of viewing, or otherwise having the ability to utilize VMS and video surveillance devices associated with any real property owned, leased or occupied by the Institute, or any entity with a Georgia Tech affiliation, shall utilize said video surveillance devices in a manner consistent with the U.S. Constitution, United States Federal law, Georgia State law, City of Atlanta municipal ordinances, Georgia Tech Police Department’s (hereafter “GTPD”) “Video Surveillance” policy, and Institute “Ethics” policy.
Installation of any video surveillance devices shall be coordinated with either GTPD’s Physical Security Specialist or the Georgia Tech Research Institute’s (hereafter “GTRI) Research Security Department in order to ensure video surveillance devices are not placed or positioned in such a way as to compromise a person’s expectation of privacy. No one is authorized to install security controls, to include video surveillance devices, web cams or other intrusive electronic devices used for surveillance, without the proper coordination with either the GTPD or GTRI Research Security Department.
The installation and monitoring of all such video surveillance devices shall be solely for the legitimate purposes of protecting human life, personal property, and the Institute’s interests and assets.
Recorded images shall not be made public, nor shall recorded images be released to, provided to, or otherwise made accessible to, any person, party or entity inside or outside of the Institute, without the Institute’s express permission, or as required by law.
All requests to obtain recorded images must be submitted through the Georgia Tech Police Department Records Division.
This policy applies to all Institute Building Managers, Security Contractors, Security Equipment Installers, GTPD Employees, GTRI Employees, and all others with the capability of accessing, viewing or utilizing live or recorded images associated with the video surveillance devices on any Institute VMS.
The Georgia Institute of Technology
Video Surveillance Device
Any device capable of viewing, transmitting and/or capturing still or streaming video images, whether or not associated with monitoring or recording devices.
Video Management System
Also referred to as “VMS” - is any electronic system capable of receiving, displaying, capturing, and/or recording images transmitted by cameras, whether across a network or within a closed circuit.
5.1 Requests for Video
Internal Requests for Video Footage
Submit an email request to the Georgia Tech Police Department’s Records Division.
5.2 Installation of New Cameras
New Construction & Building Renovations
Adding Cameras to Existing VMS
Reference GTPD Video Surveillance System Policy 7-05c, 4.1
New VMS Installation Not Related to Construction or Building Renovation
Reference GTPD Video Surveillance System Policy 7-05c, 4.1
Georgia Tech Police Department
The GTPD’s employees, as defined by the GTPD Video Surveillance System Policy, will be responsible for the day-to-day operational use, administration, and maintenance of the GTPD’s VMS, to include training, creation of accounts, assignment of user privileges, repair, and maintenance of video surveillance devices.
Georgia Tech Research Institute
GTRI’s Research Security and Information Systems Department (ISD) will be responsible for the day-to-day administration and maintenance of their VMS, to include training, creation of accounts, assignment of user privileges, repair and maintenance of video surveillance devices, etc.
Access to Georgia Tech’s VMS and information via Georgia Tech computer systems is limited to those employees and faculty who have a legitimate business reason to access such information. The Institute has policies and procedures in place to complement the physical and technical (IT) safeguards in order to provide security to Georgia Tech information systems.
Violations of the policies may result in loss of usage privileges, administrative sanctions (including disciplinary action) as outlined in applicable Georgia Tech disciplinary procedures, as well as personal civil and/or criminal liability.
To report suspected instances of noncompliance with this policy, please contact GTPD or visit Georgia Tech’s EthicsPoint, a secure and confidential reporting system, at: https://secure.ethicspoint.com/domain/en/report_custom.asp?clientid=7508
|April 2018||GTPD, Physical Security||New Policy|