 |
PPM 5-44, Access Control, Lock, and Key Policy |
|
Responsible Office: Facilities Management |
1.0 PURPOSE
The objective of this policy is to outline access to University property, provide a reasonable level of security for the University and, at the same time, allow as much freedom of access as possible to the campus community.
2.0 REFERENCES
2.1 Utah Code § 63A-5b-1103
2.2 Facilities Management Guidelines for Access Requests
3.0 DEFINITIONS
3.1 Fees - Funds paid to the University related to the issuance of keys.
3.1.1 Deposit - Non-institutional funds paid to the University in exchange for keys being issued to an individual. Deposits are refunded when keys are returned. Deposits are forfeited if keys are not returned.
3.1.2 Key Fees - Institutional funds paid from one University entity to Facilities Management in exchange for keys being issued to an individual. Fees paid with institutional funds are non-refundable, even when the keys are returned.
3.1.3 Unreturned Key Fee - A fee assessed when a key is not returned for any reason (e.g. lost, stolen, etc.). If the key is later found and returned to Facilities Management, the person who paid the unreturned key fee may request a refund of any unreturned key fees paid, provided the unreturned key fee was paid with non-institutional funds. Requests for refunds of unreturned key fees will be considered (and either or approved or denied) by the Facilities Management Building Access Manager.
3.1.4 Replacement Deposit - An additional deposit is required to obtain replacements for unreturned keys.
3.1.5 Rekeying Fee - Expense related to rekeying a space due to unreturned keys.
3.2 Keys - All types of keys, as defined below:
3.2.1 Top Master Keys - A tool that is used within the Key and Lock Shop and is not issued to users.
3.2.2 Grand Master - Allows access to many different buildings within an identified area.
3.2.3 Building Master - Allows access to most doors within a single building.
3.2.4 Department Master - Allows access to most rooms within a single department.
3.2.5 Department Sub-Master - Allows access to limited subgroup areas within a single department; a smaller subset of a department master key.
3.2.6 Building Entrance - Allows access to a specific building through one or more exterior entrances.
3.2.7 Individual - Allows access to a single room.
3.2.8 Facilities - Allows access to mechanical areas, rooms with electrical panels, roofs, pipe chases, custodial closets, and certain outside entrances to buildings for service personnel.
3.2.9 Replacement - Any key issued to replace an unreturned stolen, or damaged key.
3.2.10 Information Technology – Allow access to the main distribution frame, intermediate distribution frame, or telecommunications rooms.
3.3 Access Level - Any combination of readers in the access control system. Access levels will be determined by the CAM.
3.4 Area Access Manager (AAM) - Person responsible for administering electronic access rights to approved cardholders in specific areas. The AAM position will be determined by the appropriate Vice President or Dean.
3.5 Audit Trail History - Reports obtained from the central electronic access control system detailing system usage
3.6 Central Access Manager (CAM) - Person responsible for the central control and administration of the central electronic access control system. The CAM position will be filled by the Building Access Manager (Facilities Management), or appointed designee.
3.7 Credentials - Any item that proves identity and allows a person electronic access. Credentials can be mobile or smart technology. User can have a mobile credential or smart card but cannot have both.
3.8 Electronic Access - Any access rights that are granted through the use of approved credentials and administered through the central electronic access control system.
3.9 University Personnel - All employees, students, and persons with official assignments with the University, as designated by the President or appropriate Vice President.
3.10 Other Personnel - Anyone who does not fall into the University personnel category. This includes contractors, consultants, visitors, etc.
4.0 POLICY
4.1 Applicability. This policy is applicable to all facilities owned, leased, or controlled exclusively by the University.
4.2 Access Request Forms. Key and electronic access requests must be made in accordance with Facilities Management’s Guidelines for Access Requests.
4.3 Access Approvals.
4.3.1 All access requests must have at least one authorized approval. If a requestor’s immediate supervisor is not at the minimum authority level listed below for the requested key type, additional approval authorizations will be required to meet the minimums. The President may approve any request, except their own.
All access requests require written approvals at the following minimum levels, whether that access be by steel keys issued to an individual, steel keys accessed through a key cabinet, or electronic access granted to a credential.
|
Access Type |
Minimum Authority Level for Approval |
|
Top Master Key |
Associate Vice President for Facilities and Campus Planning - not to be issued to users |
|
Grand Master |
Vice President for Administrative Services |
|
Building Master |
Vice President or Provost |
|
Department Master |
Responsible Dean or Division Head |
|
Department Sub-Master |
Responsible Dean or Division Head |
|
Building Entrance (without electronic access) |
Responsible Dean or Division Head |
|
Individual |
Responsible Dean or Division Head |
|
Facilities |
Associate Vice President for Facilities and Campus Planning
|
|
Information Technology |
Network Manager |
4.3.2 No person may authorize the issuance of their own key or access.
4.3.3 The first and second approvers for key and electronic access requests for the President of the University will be the Building Access Manager (Facilities Management) and the Vice President for Administrative Services.
4.4 Key Issuance.
4.4.1 After a demonstrated need is shown and the minimum authority level for approval has been met, the Facilities Management Key and Lock Shop will conduct a final review and either approve the issuance of the keys or discuss the request further with the requestor and/or appropriate approvers.
4.4.2 Keys should be issued with the least amount of access appropriate for the individual’s authorized access. Higher level access keys should be kept in centralized key cabinets whenever possible.
4.4.3 No individual or department will obtain keys for reissue to another individual unless approved in writing by the President, the Vice President for Administrative Services, or their designee. This does not apply to keys that are part of a Facilities Management-approved lock box system.
4.4.4 Duplication of keys other than by the Facilities Management Key and Lock Shop is prohibited. Any person who knowingly makes or duplicates a University key in any manner not authorized by this policy is subject to disciplinary action by the University, pursuant to established procedures and/or prosecution in accordance with Utah Code § 63A-5b-1103.
4.4.5 Persons to whom keys are issued shall use the keys only in accordance with this policy.
4.5 Key Returns.
4.5.1 Keys that are no longer needed by an individual must be returned to the Facilities Management department. Individuals and approving departments are financially responsible for lost key and rekeying fees related to unreturned keys.
4.5.1.1 University personnel. When an employee’s need for a key no longer exists (whether as a result of termination of employment, change of department/responsibility, or other reason), it is the responsibility of the employee and/or the employee’s supervisor to collect the unneeded key(s) and return them to Facilities Management. Failure to do so will result in deposits being forfeited, and lost key fees imposed on the department who approved the employee to receive the keys.
4.5.1.2 Students. Any student who fails to return keys before leaving the University will have a hold placed on their transcripts or their ability to register for classes. Deposits will be forfeited and lost key fees imposed.
4.5.1.3 Other personnel. Other personnel who fail to return keys will have their final project payment held (if applicable). Deposits will be forfeited and lost key fees imposed.
4.6 Key Transfers.
4.6.1 Key transfers between individuals must be facilitated by the Facilities Management department to ensure that records remain accurate.
4.6.2 The person to whom the keys are being transferred must have a completed and approved key request before the transfer can take place.
4.7 Damaged or Worn-Out Keys. Key(s) that are damaged or worn out must be returned to the Facilities Management department before replacement keys will be issued. If more than 50% of the original key is unavailable for exchange, it will be treated as a lost key.
4.8 Unreturned Keys.
4.8.1 If a key is unreturned, the individual responsible for the key must initiate a report to Facilities Management. Unreturned key fees will be charged to the individual and/or responsible department.
4.8.2 Departments authorizing students or other personnel to obtain keys will assume responsibility for those keys. It is also the responsibility of that department to see that the key is returned when no longer needed. If it is not returned, the department must initiate a report to Facilities Management. Unreturned key fees will be charged to the responsible department.
4.8.3 Facilities Management may initiate a police report.
4.8.4 If the determination is made to re-key an area for security reasons due to unreturned keys by University personnel, the individual or department will be responsible for the associated rekeying expenses.
4.8.5 If the determination is made to re-key an area for security reasons due to unreturned keys by a student or other personnel, the department or company will be responsible for the associated rekeying expenses.
4.9 Deposits and Key Fees. A deposit or key fee must be paid prior to any keys being issued. Deposits must be paid in accordance with processes identified in the Facilities Management Guidelines for Access Requests. The amounts and frequency of required deposits are outlined in Schedule A, which may be modified as needed with approval from the University President or the Vice President for Administrative Services.
4.10 Fees. A fee will be assessed for any key that is unreturned. Fee amounts are outlined in Schedule A.
4.11 Locks. Any repair or replacement of University door locks will be coordinated by the University locksmith or Building Access Manager. Any repair or replacement undertaken by an outside contractor must have the prior approval of the Building Access Manager. All changes will follow the University construction standards available from Facilities Management.
4.12 Electronic Access Issuance.
4.12.1 Electronic access credentials shall be used only by the individual to whom they are issued. Misuse of credentials to gain facility access may result in loss of access or disciplinary action.
4.12.2 All credentials must be tracked to an individual. No shared credentials are allowed. The transfer of electronic access credentials directly from one individual to another is prohibited.
4.12.3 Electronic access credentials are considered the property of the University and may be confiscated or revoked at any time.
4.12.4 Duplication of credentials other than by the Wildcard Office is prohibited. Any person who knowingly makes or duplicates University credentials in any manner not authorized by this policy is subject to disciplinary action and/or prosecution in accordance with Utah Code § 63A-5b-1103.
4.12.5 Credentials that are lost or stolen must be reported immediately to the AAM and/or Facilities Management so access can be disabled in the central electronic access system. Lost, stolen, or damaged cards may be replaced at the Wildcard Office upon payment of the replacement card fee. Fees for new or replacement Wildcards with electronic access capabilities will be determined by the Wildcard Office.
4.13 Electronic Access Termination.
4.13.1 The University reserves the right to terminate access at any time the University deems appropriate.
4.13.2 University Personnel. When an employee’s need for electronic access no longer exists (whether as a result of termination of employment, change of department/responsibilities, or other reason), it is the responsibility of the employee and/or the employee’s supervisor to notify the appropriate AAM and/or the Facilities Management Key and Lock Shop so electronic access may be terminated.
4.13.3 Students. Electronic access must be renewed each semester.
4.13.4 Other Personnel. Electronic access will be terminated upon completion of the specified and agreed upon length of time requested on the original building access request form.
4.13.5 Access credentials do not need to be returned to Facilities Management upon leaving the University as they have no functionality once access is removed from the central electronic access system.
4.14 Electronic Access Audit Trail Reports. Audit trail reports may be viewed only for official purposes. Written requests for audit trail reports may be submitted via e-mail to the Facilities Management Key and Lock Shop. In addition to the authorizing entities listed in section 4.3.1.2, University Police, Internal Audit and the Area Access Manager may request audit trail reports.
4.15 Electronic Access Archives. Reports and data from the electronic access system will be kept for a period of three years. Data older than one year will be purged from the access control system.
4.16 Appeals.
4.16.1 Any decision made by the Building Access Manager (including, but not limited to, denied access or assessed fees) may be appealed. Appeals must be filed per Facilities Management Access Request Guidelines within 30 business days of the decision. bA form is available on the Facilities Management website to start the appeals process.
4.16.2 An appeals officer will review the case and issue a decision within 30 business days. The appeals officer may conduct a hearing, convene a larger committee to review the issue, and has the authority to adjust fees and/or deposit amounts. Decisions made by the appeals officer will be in writing, with copies provided to the individual making the appeal and the Key and Lock Shop. Decisions made by the appeals officer are final.
4.17 Key Verifications.
4.17.1 University personnel are required to review the keys issued to them on an annual basis and affirm that said keys are still in their possession. The verification process for full-time personnel takes place within the Key and Electronic Access channel in eWeber.
4.17.2 Supervisors are required to ensure that their employees (both full-time and part-time) have verified their keys on an annual basis.
4.18 Best Practices for Building Security Training.
4.18.1 University personnel are required to view a short training program regarding best practices for building security on an annual basis.
4.18.2 Supervisors are required to ensure that their personnel have completed this training on an annual basis and maintain records indicating that the task has been completed.
4.19 Restricted Access Spaces. Facilities Management may designate certain spaces as restricted in order to meet safety, legal, or audit requirements. Spaces defined as restricted will require a higher level of review and approval (the levels of review and approval will vary by individual spaces, depending upon the nature of what is inside the space).
Schedule A: Deposits and Fees
|
Required Deposits for University Personnel and Students |
||
|
Type of Key |
Amount of Deposit |
Frequency of Deposit |
|
Grand Master |
$25.00 |
Only one deposit is required per person, regardless of the number of keys issued. The deposit must be paid prior to the first key being issued and will be refunded when the last key is returned. |
|
Building Master |
$25.00 |
|
|
Department Master |
$25.00 |
|
|
Department Sub-Master |
$25.00 |
|
|
Building Entrance |
$25.00 |
|
|
Individual |
$25.00 |
|
|
Facilities or Information Technology Keys |
$25.00 |
|
|
Required Deposits for Other Personnel |
||
|
Type of Key |
Amount of Deposit |
Frequency of Deposit |
|
Grand Master |
$100.00 |
Other Personnel must pay the deposit per key. For example, if four department keys are requested, the deposit would be $400, which must be paid prior to any keys being issued. |
|
Building Master |
$100.00 |
|
|
Department Master |
$100.00 |
|
|
Department Sub-Master |
$100.00 |
|
|
Building Entrance |
$100.00 |
|
|
Individual |
$100.00 |
|
|
Facilities or Information Technology Keys |
$100.00 |
|
|
Access to Keys in a Key Cabinet |
$100 |
$100 per key that is allowed to be checked out at a time. For example, if a contractor would like to be able to check out three keys at a time, the deposit would be $300. |
|
Fees for Keys that are Unreturned by Personnel or Students |
||
|
Type of Key |
Amount of Fee |
Frequency of Fees |
|
Grand Master |
$200.00 |
Fees are paid per key. Fees must be paid prior to any replacement keys being reissued. |
|
Building Master |
$150.00 |
|
|
Department Master |
$100.00 |
|
|
Department Sub-Master |
$50.00 |
|
|
Building Entrance |
$50.00 |
|
|
Individual |
$25.00 |
|
|
Facilities or Information Technology Keys |
$25.00 |
|
|
Key Cabinet Fob |
$100.00 |
|
|
Fees for Keys that are Unreturned by Other Personnel |
||
|
Type of Key |
Amount of Fee |
Frequency of Fees |
|
Grand Master |
$500.00 |
Fees are paid per key. Fees must be paid prior to any replacement keys being reissued. |
|
Building Master |
$300.00 |
|
|
Department Master |
$200.00 |
|
|
Department Sub-Master |
$200.00 |
|
|
Building Entrance |
$100.00 |
|
|
Individual |
$100.00 |
|
|
Facilities Key |
$100.00 |
|
|
Key Cabinet Fob |
$100.00 |
|
Revision History
Creation Date: 4-20-77
Amended: 12-5-17; 3-19-19; 9-14-99; 5-22-25 (combined with PPM 5-44a)