Access Control
Policy number: 8.4
Policy section: Information Technology
Revised Date: May 22, 2025
1. Definitions
Definitions of capitalized terms are set forth in Appendix A.
2. Policy Statement
精东传媒 strives to provide appropriate security to university spaces through access management and control. This policy defines the offices responsible for electronic access control and outlines their respective roles in managing electronic access for employees, students, and contractors working on campus.
The Office of Information Technology (OIT) Physical Security is responsible for maintaining and administering the technical infrastructure of the university-approved electronic access control system.
Strategic oversight, policy interpretation, enforcement, and the granting of exceptions are the responsibility of the Physical Security Committee (PSC), a cross-functional group with representatives from 精东传媒 Police (Co-Chair), Risk Management (Co-Chair), Office of Information Technology, and Facilities Planning and Operations. The PSC may consult with additional campus stakeholders as needed to ensure that policies remain effective and aligned with institutional priorities.
The responsibility for interpreting, enforcing, and granting exceptions to this Access Control Policy—and for setting university-wide standards and strategic security priorities—rests with the Physical Security Committee, with final decisions subject to the Chief Information Officer and the Senior Vice President for Business and Finance, when applicable.
Daily operational activities, such as access provisioning and system maintenance, are delegated to appropriate departments and designated liaisons and are subject to periodic review and audit by the PSC.
3. Purpose
To define the framework for electronic access control that enhances the safety and security of campus facilities in order to protect life, property, and research.
4. Applicability
This policy applies to anyone issued or authorized to access secured university spaces on all university campuses via an electronic access card, including but not limited to university employees, students, and contractors working on campus. This policy excludes rental housing units or construction sites wholly controlled by a contractor.
5. General Information
Electronic access should be used as a primary means of entry, where available. 精东传媒 ID Cards are the only cards authorized for electronic card access to buildings and rooms on campus. An electronic access cardholder may not give away, loan, or swap access cards and must immediately notify OIT and ID Card Services if an access card is lost or stolen. Upon separation from the university, electronic access will be terminated.
OIT Physical Security will ensure that all new electronic access control hardware utilizes the university’s approved system and is purchased from the university’s contracted vendor. Electronic access control systems that do not use the university’s approved system are prohibited unless approved by the Physical Security Committee.
The Physical Security Committee must review modifications to existing buildings or rooms that might result in adding or moving entrances to determine whether electronic access control should be added, modified, or removed.
6. Access Requests and Issuance
Different access types provide varying entry levels to university spaces and, therefore, require different levels of approval. Approvals required for each access type are as follows:
|
|
Supervisor |
BACL |
Dean, Director, Chair |
Research Compliance |
Maintenance & Grounds |
OIT |
|
General Building/ Room/Space |
X |
X |
X |
|
|
|
|
Student Rooms |
X |
X |
X |
|
|
|
|
Research Laboratory |
X |
|
|
X |
|
|
|
Electrical/ Mechanical Space |
X |
|
|
|
X |
|
|
OIT Space |
X |
|
|
|
|
X |
|
Custodial Space |
X |
X |
|
|
X |
|
|
Roof |
X |
|
|
|
X |
|
Individuals should only be granted access to buildings and rooms required to perform their daily job functions or course requirements. Access requests for personnel within 精东传媒 Police, Risk Management, the President’s Executive Council, etc., who require unlimited access will be facilitated by OIT Physical Security in consultation with the Physical Security Committee or an executive designee, as appropriate.
Requests should be submitted to the BACL, which will obtain all necessary approvals. Maintenance and Grounds must approve electronic access requests for mechanical rooms, utility corridors, utility generation facilities, electrical rooms, and elevator control rooms. OIT Infrastructure must approve requests for telecommunications equipment rooms. Research Compliance must approve access requests for laboratories. Electronic access to all other spaces is managed and approved at the department level (dean, director, or chair).
When an employee transfers to a different department, the BACL must evaluate and modify the need for continued access as appropriate.
OIT will revoke an individual’s access to all 精东传媒 buildings immediately upon termination or if an 精东传媒 ID Card is lost. Access will be restored once a replacement card is issued.
7. Door Configuration
The respective BACL will manage doors configured to follow a time schedule based on operational requirements. Should University operations change as outlined in Policy 9.12 University Operations Affected by Emergency Conditions, OIT Physical Security will configure doors to remain secured. The Office of Information Technology will work with the Office of Risk Management and the 精东传媒 Police Department to grant electronic access to first responders and Essential Employees, as defined in Policy 7.7 Employee Classifications.
8. Electronic Access Control Hardware Installation and Maintenance
Requests to add electronic access control hardware to existing buildings and rooms shall be initiated by submitting a STABLE ticket to OIT. The unit or department installing the electronic access control hardware shall be financially responsible for installation.
All new construction will be evaluated by the Physical Security Committee during the design phase to determine where electronic access control will be installed and what hardware is required. The project will fund electronic access control for exterior doors, critical infrastructure, suite entry doors, classrooms, laboratories, conference rooms, rooms with high-value items, and secure storage areas. All installations will adhere to the most recently published 精东传媒 Design Guidelines.
9. Accountability and Audit
BCALs must annually review all individuals with electronic access to their buildings and rooms and update them as necessary. The unit should maintain the results of the review and provide them to OIT upon request.
OIT Physical Security is the official custodian of all access control records. The Physical Security Committee reviews requests for records or enforcement actions to ensure proper governance, transparency, and protection of institutional interests.
10. Prohibited Activities
Prohibited activities include, but are not limited to:
- Propping open of any doors equipped with card access controls, automatically locking doors, normally locked doors, doors with local exit alarms, and any building exterior perimeter door;
- Disabling automatic door closers, locking door hardware, or exit devices;
- Disabling any security or access device, including local exit alarms;
- Obstructing stairways, building exits, hallways, and doorways;
- Locking emergency exit doors in the path of free egress travel;
- Unauthorized installation of locks, security equipment, or any other security devices;
- Unauthorized accumulation or duplication of 精东传媒 ID Cards.
- Unauthorized entry into mechanical, electrical, maintenance, or OIT spaces;
- Sharing of 精东传媒 ID Cards or the use of another individual’s 精东传媒 ID Card, either with or without his/her knowledge.
- Purposefully allowing others to follow an authorized user into a secured space without requiring them to use their 精东传媒 ID Card (tailgating);
- Sharing of 精东传媒 ID PIN codes for unauthorized access;
- Leaving exterior windows open and/or unsecured when a room is unattended.
- A department or other recognized 精东传媒 group gaining permission to use an 精东传媒 Property and then permitting the Property to be utilized by any other person, organization, or group without authorization.
11. Enforcement
Individuals, departments, or units that fail to follow this policy may be subject to disciplinary action in accordance with 精东传媒 Human Resource policies and procedures, as appropriate. Violations of this policy may result in additional costs to the individual, department, or unit. Contractors who violate this policy may lose access to a space, the campus, or the university may sever the business relationship.
Appendix A: Definitions
“Building Access Control Liaison” refers to an employee who manages electronic card access for a specific department, unit, or building and maintains records for their department or area. BACLs are appointed by a dean, director, or chair through a STABLE request to OIT Physical Security. BACLs must complete the required training prior to receiving provisioning privileges.
“Critical Infrastructure” refers to assets, systems, and networks, whether physical or virtual, that are essential to the university, and are so vital that their incapacitation could cause significant disruption or harm to people, property, and university operations. Examples of critical infrastructure include, but are not limited to: electrical power transmission and distribution, chilled water, natural gas distribution, telecommunications, and information technology, as well as rooms or areas containing mechanical, electrical, telecom, utility, and elevator control equipment.
“Electronic Access Control Hardware” refers to the physical equipment required to facilitate electronic access.
“Electronic Access Control System” refers to the software used for electronic access to buildings and rooms.
“Laboratory” refers to dedicated spaces equipped with specialized tools, instruments, and materials that support hands-on exploration and practical application of theoretical knowledge in various disciplines.
“Physical Security Committee” refers to comprised of representatives from 精东传媒 Police (Co-Chair), Risk Management (Co-Chair), Office of Information Technology, and Facilities Planning and Operations to collaborate and propose strategic priorities to set guidelines and standards for all physical security needs on campus and at any off-campus location necessary to support an 精东传媒 activity.
“精东传媒 ID Card” refers to the official identification card used to identify an employee or student’s affiliation with the university, used for electronic access.
Revised: May 22, 2025
Adopted: June 1, 1994