¾«¶«´«Ã½

Policy number: 6.5

Policy section: Facilities Management

Revised Date:

1.  Definitions

Definitions of capitalized terms are set forth in Appendix A.

2.  Policy Statement

¾«¶«´«Ã½ (¾«¶«´«Ã½) is committed to providing a safe and secure environment for learning, teaching, living, and working. To support this commitment, the University regulates the use and management of keys and electronic access to its facilities. All keys and locking mechanisms remain the property of ¾«¶«´«Ã½ and are managed in accordance with this policy.

¾«¶«´«Ã½ strives to provide appropriate security for university spaces through the management of physical key systems. This policy defines the offices responsible for physical key control and outlines their respective roles in issuing, maintaining, and overseeing key access for employees, students, and contractors working on campus.

The Office of Facilities Planning and Management (OFPM) is responsible for maintaining and administering the university's physical key infrastructure, including the issuance, tracking, and maintenance of all keys and locking mechanisms.

Strategic oversight, policy interpretation, enforcement, and the granting of exceptions are the responsibility of the Physical Security Committee (PSC), a cross-functional group with representatives from ¾«¶«´«Ã½ Police (Co-Chair), Risk Management (Co-Chair), the Office of Information Technology, and Facilities Planning and Operations. The PSC may consult with additional campus stakeholders as needed to ensure that key control policies remain effective and aligned with institutional priorities.

The responsibility for interpreting, enforcing, and granting exceptions to this Physical Key Control Policy—and for setting university-wide standards and strategic security priorities—rests with the Physical Security Committee, with final decisions subject to the Vice President for Facilities Planning and Management and the Senior Vice President for Business and Finance, when applicable.

Daily operational activities, such as key issuance, record maintenance, and lock system management, are delegated to appropriate departments and designated liaisons and are subject to periodic review and audit by the PSC.

3.  Purpose

This policy defines the framework for physical key control that enhances the safety and security of university facilities to protect life, property, and research. It establishes responsibilities and expectations to ensure physical keys are granted appropriately based on institutional roles and operational requirements.

4.  Applicability

This policy applies to anyone issued physical keys to access secured university spaces on all university campuses, including, but not limited to, university employees, students, and contractors working on campus. It excludes rental housing units or construction sites wholly controlled by a contractor.

5.  Physical Key Control Principles

• Physical keys should only be used as the primary method of entry for spaces not equipped with electronic access.
• Only university-issued keys are authorized for use in accessing ¾«¶«´«Ã½ facilities. The duplication, loan, or transfer of keys is strictly prohibited.
• Key holders must report lost or stolen keys immediately OFPM. Upon separation from the university, all issued keys must be returned, and access will be terminated.
• OFPM will ensure that all new lock hardware and key systems conform to university standards and are procured through approved vendors.
• The installation or use of non-standard key systems or lock types is prohibited unless approved by the Physical Security Committee.
• The Physical Security Committee must review any proposed modifications to buildings or spaces—such as the addition or relocation of doors—to determine whether changes to key control systems are required.

6.  Responsibilities     

Key Holders are responsible for the security of all physical keys issued to them and for safeguarding the spaces these keys unlock. Key holders must not duplicate, loan, or share their keys and must report any loss, theft, or suspected misuse immediately to the Office of Facilities Planning and Management (OFPM).

Supervisors and Department Heads are responsible for initiating and approving key access requests for their personnel, ensuring keys are issued only as needed based on job responsibilities. They must ensure that all keys are returned and access privileges revoked when an individual separates from the department or changes roles.

The Office of Facilities Planning and Management (OFPM) is responsible for maintaining and administering the university’s physical key control system. This includes setting access control standards, issuing and recovering keys, maintaining accurate records, and providing technical guidance in accordance with university policy.

Building Access Control Liaisons (BACLs) serve as designated departmental contacts for key management. BACLs are responsible for coordinating key access requests within their department or unit and must be registered with OFPM.

The Physical Security Committee (PSC) provides strategic oversight for physical key control policies. The PSC reviews standards, approves exceptions, and advises on changes that affect university-wide security or key infrastructure.

7.  Access Requests and Issuance

Access is categorized by space type (e.g., general academic space, laboratories, mechanical areas) and is subject to tiered authorization based on risk level.

High-security and restricted spaces may require approval from senior leadership, compliance officers, or centralized committees, depending on the nature of the space and purpose of access.

Requests should be submitted to the BACL, which will obtain all necessary approvals. Maintenance and Grounds must approve physical key requests for mechanical rooms, utility corridors, utility generation facilities, electrical rooms, and elevator control rooms. OIT Infrastructure must approve physical key requests for telecommunications equipment rooms. Research Compliance must approve physical key requests for laboratories.

8.  Enforcement

Depending on the individual's role, non-compliance with this policy may result in disciplinary action in accordance with ¾«¶«´«Ã½ Human Resource policies and procedures, loss of access privileges, financial liability for rekeying, or termination of contracts.

Appendix A: Definitions

“Building Access Control Liaison” refers to an employee responsible for coordinating access requests and approvals within a department of buildings. BACLs are appointed by a dean, director, or chair.

“Critical Infrastructure” refers to assets, systems, and networks, whether physical or virtual, that are essential to the university, and are so vital that their incapacitation could cause significant disruption or harm to people, property, and university operations. Examples of critical infrastructure include, but are not limited to: electrical power transmission and distribution, chilled water, natural gas distribution, telecommunications, and information technology, as well as rooms or areas containing mechanical, electrical, telecom, utility, and elevator control equipment.

“Electronic Access Control” refers to selective restriction of access to buildings or rooms using authentication methods, including, but not limited to, identification cards, personal identification numbers, and biometrics.  

“Physical Key” refers to a mechanical key that provides access to a lock.

“Electronic Access” refers to card or digital credentials used to unlock secured university spaces.

“Tiered Access Key” refers to a physical key with access to multiple locks within a defined hierarchy of spaces (e.g., building-wide or multi-area access).

“Lock Shop” refers to the university’s central facility for key management, fabrication, and records maintenance.

Adopted: May 22, 2025