Control of Keys to Facilities
UPPS No. 08.02.01
Issue No. 8
Effective Date: 7/14/2017
Next Review Date: 10/01/2022 (E5Y)
Sr. Reviewer: Director, University Police Department
- Texas State University’s key control policy is the framework by which all keys and facility access credentials are issued, duplicated, stored, controlled, returned, replaced, and accounted for to maintain security of facilities, equipment, furnishings, books, and confidential material.
KEY AND ELECTRONIC ACCESS CONTROL SYSTEMS
Access Services designs key systems for use in university facilities. Access Services must approve all key systems used or installed on university-controlled property or facilities.
Access Services is responsible for the management of the university keying systems. That responsibility includes controlling the production, storage, and issuance of keys; the replacement or rekeying of lock cylinders; the acquisition of new keying systems; and the maintenance of accurate records. All locks and keys must be approved by Access Services before installation, and only Access Services may operate key duplicators, core pinning equipment, and interchangeable core control keys.
Access Services is responsible for the management, installation, and maintenance of campus-wide electronic access control systems using the Texas State ID Card (also known as the Bobcat Card) to allow access.
Key Levels and Required Authorizations
Grand Master Key – provides total access to all buildings within a particular key system on campus. Authorization for this key is granted by the vice president for Student Affairs and the president; such key is restricted to essential need only. The KeyFormM is available for download.
Building Master Key – provides access to all spaces within an individual building. The issuance of this key is restricted to persons authorized by the building or department key/access controller, and the deans, directors or department chairs with final approval granted through the appropriate vice president, the vice president for Student Affairs and the president. Multi-departmental buildings will need approval from all key/access controllers, the deans, directors or department chairs, and each associated vice president, and final authorization is granted by the vice president for Student Affairs and the president. The KeyFormM is available for download.
Building Sub-Master Key – provides access to a group of rooms within a department or building. Authorization for this key will be determined by the key/access controller, the deans, directors, and department chairs. The KeyForm is available for download.
Individual Room Key – provides access to a room or office within an individual building. Authorization is granted by the key/access controller and the director of Development. The KeyForm is available for download.
Off Master Keys – provides restricted access to a room or a building reviewed and authorized to be off the university master key system. Issuance of this key is restricted to persons authorized by the vice president for Student Affairs and the president. Any request for keying a space off the university master key system requires authorization by the president. Off master areas will be reviewed every five years by Access Services to establish if the restricted off master key is still warranted. If such security is no longer warranted, the environment will be placed back on the university master key system. The KeyFormM is available for download.
ACCESS SERVICES KEY FILES
- Access Services will maintain a complete set of keys of all university facilities, buildings, and locks in a secure monitored location with a multi-method access log showing each instance the keys are accessed and by whom.
MANUFACTURE OR DUPLICATING OF KEYS
- The manufacturing, cutting, or duplicating of any key for university property by a person other than the university locksmith is forbidden and offenders will be subject to disciplinary action.
KEY ISSUANCE AUTHORITY
Access Services will issue and document the issuance of all keys to university facilities.
Key/access controllers are persons who are authorized to request the issuance of keys, or electronic access to buildings or rooms under the control of their department or division. The key/access controllers for each division or department are appointed by each division vice president, the provost, and the president. Key/access controllers must be full-time university employees. Access Services will maintain a list of authorized key/access controllers.
Key/access controllers will be responsible for maintaining records of keys and electronic access permissions issued by Access Services at their request. Key/access controllers will act as department liaisons between Access Services, the university Key Shop, and the respective division or department. Access Services will coordinate with key/access controllers to audit key issuances and electronic access permissions within the division or department.
KEY AUDIT PROCEDURES
Access Services will conduct annual audits of issued keys.
Access Services will maintain employee key records. Access Services will provide key/access controllers with reports of key records grouped by department as requested. Access Services will coordinate with key/ access controllers to reconcile the department’s records and Access Services’ records.
Access Services may conduct physical on-site audits of individual or departmental keys at any time.
Access Services will coordinate with key/access controllers to assist them in annual physical inventories of all grand master keys and off master keys.
PROCEDURES FOR OBTAINING AND RETURNING KEYS
Issuance of Keys
All faculty, staff, and students of Texas State may be issued keys for access to their workspace. In most situations, keys will be issued directly to the key holder. As key holders, individuals assume responsibility for the safekeeping, responsible use, and eventual return of university keys to Access Services.
All key requests must be made by the key/access controller using the AssetWorks AIM system for work orders maintained by Facilities. All requests must be made by the appropriate key/access controller. Access Services will approve all key requests. All key requests must include the key holder’s full name, net ID, and university identification number.
The Key Shop may charge to recover the costs of cutting requested keys. Divisions or departments will only be charged if a request requires an additional key to be cut. If a cut key is available in the key files, the key will be issued at no charge.
Replacement key requests for keys lost, stolen, or unreturned require a University Police Department (UPD) incident case number be included in the request (see Section 11.). Keys issued to students for residence hall rooms are exempt from this requirement.
The key holder being assigned a key must pick up the key in person. Only under extreme circumstances will there be exceptions to this rule.
Keys requested for key holders at the San Marcos campus will be issued at Access Services. Keys requested for key holders at the Round Rock Campus will be issued at the UPD office at the Round Rock Campus.
All requested keys must be picked up within 30 days or the request is void and a new request will need to be completed before a key can be issued. Keys requested but not picked up may result in the division or department being charged if a key was cut for the request.
Access Services will provide each key holder with a copy of their key issuance form for their personal record. It is the responsibility of the key holder to provide a copy to the key/access controller.
In special circumstances, Access Services may issue keys in a batch issuance, where keys are issued directly to key holders by a department key/access controller. A batch issuance is only to be used in extreme circumstances to avoid major disruptions of university operations. Access Services will provide individual key issuance forms for each key holder to be signed when the key is issued and returned to Access Services. If the batch issuance is the result of a building re-key, the key/access controller will be responsible for collecting the old keys in exchange for the new keys.
The keys issued to a key holder are intended for use by that person only.
Returning of Keys
The key holder must return all keys to Access Services. Keys issued at the San Marcos campus will be returned to Access Services. Keys issued at the Round Rock Campus will be returned to the UPD office at the Round Rock Campus.
University keys must be returned when key holders separate from university employment, retire, resign, transfer to another department, move to a new office or workspace, or the keys are otherwise no longer needed. A copy of the key holder issuance sheet indicating the key has been returned will be issued to the key holder by Access Services when the keys are returned. It is the responsibility of the key holder to provide a copy to the key/access controller.
Keys are not to be transferred from one key holder to another. Keys must be returned and verified by Access Services before being issued to the new key holder. Departments may not retain keys in anticipation of the replacement or a transferring or terminating employee.
Keys to Housing and Residential Life Facilities
The director of the Department of Housing and Residential Life (DHRL) is responsible for the management of building access and key control procedures for residence halls, residence room, or apartment keys for use by residents and departmental employees.
DHRL will maintain procedures and records for key control in line with this policy and approved by Access Services.
A key/access controller will be designated by the director of the DHRL.
Keys issued to the DHRL as replacement keys for residence halls will be delivered to the front desk of each residence hall or the DHRL key/access controller.
The DHRL is authorized to charge the resident for costs associated with lost keys and the expense of re-keying to recover both actual costs (labor, materials, and markup) and administrative costs required to process the work request. The DHRL will initiate these charges.
- Departments may maintain departmental keys for short term use by employees to perform tasks but who do not need a permanently-issued key. Departments are responsible for the security of these keys. Departmental keys should be stored in a secure area (lockable box or cabinet), and a check-out system should be established to track who has the key. These keys must be issued to the department and managed by a person delegated by the department to be responsible for their use and safekeeping. Departmental key storage and check-out procedures are subject to audit by Access Services.
PROCEDURES FOR SECURITY OF MASTER KEYS (MASTER, GM, GGM, GGGM, GGGGM)
This section outlines the procedures to limit the risk to the university posed by master and grand master keys.
Access Services will issue master keys to the minimum number of employees necessary to perform needed functions.
Master keys should not leave university property.
Access Services will issue master keys directly to the specified individual with the exception of Housing facilities; such responsibility is delegated to the associate director of the DHRL, or designee.
Those individuals issued master keys should physically secure the keys when not in personal use in either a key safe or unmarked, locked cabinet or drawer inside a locked area.
Departments maintaining master keys or key files not issued directly to an individual must have check-out procedures reviewed and approved by Access Services. The check-out procedures should document when the key was checked out, when it was returned, and the individual responsible for the key.
Access Services may conduct audits of key control practices.
ELECTRONIC ACCESS SECURE KEYWAY
Access Services may key all doorways equipped or controlled with electronic access control to a separate keyway maintained for electronic access. Access Services will determine whether an area implementation of the secure keyway is appropriate or warranted.
Only UPD will be issued master keys that operate the secure keyway.
Issuance of change keys to individual doors or groups of doors equipped with this keyway shall be limited to one or two keys only.
Keys issued to this keyway will be subject to an on-site physical key audit at least once every two years.
Master keys issued to this keyway require annual physical on-site audits.
Re-keying is mandatory if a secure keyway key is lost or misplaced.
PROCEDURES FOR SEPARATELY AND OFF-MASTER KEYED OFFICES
University master, GM, GGM, GGGM keys cannot open separately-keyed or off-master keyed offices.
UPD and Access Services will provide a security and keyway analysis for all requests when receiving a request for a separately-keyed area.
The president must approve requests to key an office or other area separately from the university grand master system.
Access Services will conduct annual audits of keys issued for separately-keyed or off-master areas.
PROCEDURES REGARDING LOST, STOLEN, OR UNRETURNED KEYS
Individuals and departments must report immediately all lost, stolen, or unreturned keys to Access Services and file a police report with UPD.
Access Services shall provide a written report to the director of UPD and the vice president for Student Affairs outlining the exposure and risk posed by the lost key, strategies for mitigating the loss, and estimated costs. Keys issued to students for residence hall rooms are exempt from this requirement.
Departments whose employees lose a key or fail to return an issued key will pay to re-key all doors or buildings affected by replacing all current key holders’ keys. The vice president for Student Affairs and the director of UPD will decide the scope of any mitigation plan.
KEYS ISSUED FOR CONSTRUCTION OR CONTRACT SERVICES
- Access Services will not issue keys directly to a contractor. When university keys are required to be issued to contractors or contracted service providers working on campus, keys needed will be determined by Access Services for the project manager or the department managing the contracted service. The keys will be issued to the department managing the contracted service. The key information will be recorded on a Contractor Key Agreement Form to be signed by the contractor representative or contracted service provider. Departments managing contractors or contracted services should ensure contracts detail the contractor’s responsibility for reestablishing security of the areas affected if the keys are not returned.
ELECTRONIC ACCESS CONTROL
Electronic access controlled doors are for the areas accessed by individuals by way of a Texas State ID card, temporary access card, I-button fob, or pin code. Access to individual doorways or groups of doors are controlled by adding or removing individuals from electronic access permission groups. The permission groups are administered by Access Services at the request of key/access controllers who oversee the spaces controlled.
Normally keys are not issued to any electronic access control doors to include locks that use a Texas State ID card, temporary access card, I-button fob, or pin code to gain access. Keys will only be issued to electronically-controlled doors on the electronic access secure keyway for designated police officers and locksmiths. All requests for exceptions based on business need to this rule must be submitted in writing to the vice president for Student Affairs, or designee. If an exception is allowed, the door lock will be changed to an individual room key with a limited number of keys issued based on the same business need. The door lock will also be placed under the normal university master key system and removed from the electronic access secure keyway.
A Request for Security Devices form must be submitted to Access Services to request the installation of any electronic access control device. All requests for installation of electronic access control devices must be approved by the vice president for Student Affairs.
Students, faculty, and staff are required to maintain a Texas State ID card for access. Contractors, vendors, and volunteers must apply for access through the sponsoring department’s key/access controller.
The key/access controller will request electronic access permissions for individuals to be added or removed by using the Asset-Works AIM maintained by Facilities.
Individuals not able to obtain a Texas State ID card will be issued a temporary access card by Access Services at the request of the sponsoring department’s key/access controller. Temporary access cards will be issued with expiration dates so that the sponsoring department’s key/access controller may audit and control access. Upon request, Access Services will provide the key/access controller with a list of temporary access cards issued at their request. Access Services will coordinate with the key/access controller to audit temporary access cards annually.
Access Services will not issue temporary access cards directly to the contractor for construction or contracted services. Electronic access permissions needed will be determined by Access Services in consultation with the project manager or department managing the contracted service. Temporary access cards will be issued to the key/access controller of the department managing the contracted service. Access Services will provide a Temporary Access Card Issuance form to be signed by the contractor’s representative and returned to Access Services.
Tampering with or attempting to bypass security on an electronically-controlled or monitored door in any way, including, but not limited to, key bypass, propping, taping, and dogging is prohibited.
The departmental key/access controller will have the overall responsibility of ensuring that the building users are using the electronic access control system and not bypassing it. Reported and uncorrected violations of this and other security incidents resulting in unauthorized entries to buildings or false alarms will be investigated and corrective actions taken, including, but not limited to, termination of access.
Upon request, Access Service will provide the key/access controller with a list of individuals assigned to the department or division’s electronic access permission groups. Access Services will coordinate with the key/access controller to audit electronic access permission groups annually.
REVIEWERS OF THIS UPPS
Reviewers of this UPPS include the following:
Position Date Director, University Police Department October 1 E5Y Associate Director, Housing and Residential Life-Housing Facilities Services October 1 E5Y Sergeant, Access Services October 1 E5Y Vice President for Student Affairs October 1 E5Y
This UPPS has been approved by the following individuals in their official capacities and represents Texas State policy and procedure from the date of this document until superseded.
Director, University Police Department; senior reviewer of this UPPS
Vice President for Student Affairs