|Policy Title||Building Access Policy|
|Responsible Office||Vice President for Operations|
|Policy Type||Facilities and Property|
|Last Revision Date||11/1/2019|
Binghamton University strives to maintain the security of its facilities through strict control of building access. All staff, faculty, students, contractors, and other appropriate individuals (e.g., residential summer camp attendees), needing regular access to a University facility will be provided with the proper building access by following the process documented in this management procedure.
The purpose of this management procedure is to maintain a safe and secure living and working environment, prevent thefts from buildings, control access to buildings and assure the accountability of individuals and departments requesting the use of University-owned facilities.
Management of Access System Permissions and Key Issuance
Each building on campus has a Building Administrator who is responsible for many building management duties. In some buildings that have numerous departments housed within, multiple Building Administrators may be assigned. View list of Building Administrator duties.
One of the specific duties of Building Administrators is to oversee building access control, authorize the distribution and return of all internal keys and maintain an accurate accounting for this purpose. This authority makes the Building Administrator the Access Manager for the entire building. Building Administrators may authorize individual departments to designate an Access Manager at the department level. In these cases, the department will control authorization for access permissions and key issuance for areas under department-level control, but the Building Administrator has the ultimate responsibility for the entire building or facility. The flexibility recognizes that the occupancy of each building on campus is unique in that some may house strictly administrative offices while others may house a diverse combination of offices such as academic departments, laboratories, food service facilities, recreation facilities, libraries and other non-related areas each of which may require an Access Manager. Therefore, it may be necessary to delegate access authority in a more locally decentralized manner to best accommodate the unique needs of each building. All building Administrators are considered Access Managers but additional department-level Access Managers may be appointed as necessary for the efficient administration of this policy.
- Keys and Electronic Access Level Permissions
Keys and electronic access permissions are issued based on need, not by position or job title. That need is determined by the Department Chairs/Directors in coordination with the appropriate Vice President, Division Head and/or Dean and based on the job function of the individual. Keys and electronic access levels are only assigned to individuals as is necessary for the performance of their job duties. A higher-level key in the key hierarchy or broader access level in the electronic access system may be authorized for an employee whose job requires access to multiple areas on campus in order to be effective in the performance of assigned duties. For example, a University Police Officer has a defined need for access to the entire campus based on the unique requirements of the job he or she performs. Convenience is not a reason for issuance of a high-level key or for electronic access beyond what the employees job function requires. Any special requests for exceptions to the above must be directed in writing, with a strong justification, to the Associate Vice President for Facilities Management and Associate Vice President for Emergency Services.
- Responsibilities of Building Administrators/Access Managers:
- The Building Administrator has the ultimate responsibility for building access in
his or her specific building, however, individual departments may designate an Access
Manager who may assume more localized control of access at the department level. This
individual will be officially authorized by the Dean, Director, Division Head or Chair
of a department and given the authority and responsibility to authorize keys for the
department. When this type of Access Manager is used it will be in close coordination
with the Building Administrator. Responsibilities of Access Managers, whether at the
department level or Building Administrator level include:
- Submitting requests for keys to the Physical Facilities customer Service Center (CSC). Each request must include the name of the individual who will be receiving the key(s). When keys issued to an Access Manager are assigned to another individual, the Lock Shop must be notified of that reassignment. Notification must include the name of the individual and the unique stamped identifier on the key issued to that individual.
- Assuring an individual has proper identification when picking up their keys.
- Returning a signed receipt from the individual to CSC.
- This individual is responsible for the recordkeeping of all persons who have access and who have been issued keys for any area that falls under control of the department.
- All Access Manager records will be subject to periodic audit by the University’s internal auditor.
- It is the Access Manager’s responsibility to authorize the issuance of exterior door keys to only those individuals who have a continuous need to access the building after normal building hours.
- The department will be held accountable for any individual for whom it has authorized
a key. If the authorized individual loses a key or does not return a key(s) upon the
end of their relationship with the University, the department will be charged $50
per key per door for each change key that is lost or not returned. This fee is required
to recoup a portion of the costs associated with the need to rekey any and all spaces
accessible by the key. This is absolutely essential to maintain the safety and security
of the university environs.
Any category of master key can open a large number of doors. A department or building master key could control over 500 doors. A loss of a building master key controlling this number of doors, requiring the changing of locks, could cost a department in excess of $25,000. Issuance of department and building masters should be kept to a minimum. Departments authorizing master keys to personnel assume a higher liability in the event of a lost key. This must be considered during the authorization process.
- All returned keys that will not be reissued must be returned to the Physical Facilities Customer Service Center. A receipt will be issued to the Access Manager. If the Access Manager takes possession of keys that will be reissued, the Lock Shop must be notified of this change, and notified again once the keys have been reissued.
- University locks shall not be replaced or supplemented with non-university issued locks. Any such lock installations will be removed and replaced with a University lock. The responsible department will be responsible for all charges associated with the change.
- The Building Administrator has the ultimate responsibility for building access in his or her specific building, however, individual departments may designate an Access Manager who may assume more localized control of access at the department level. This individual will be officially authorized by the Dean, Director, Division Head or Chair of a department and given the authority and responsibility to authorize keys for the department. When this type of Access Manager is used it will be in close coordination with the Building Administrator. Responsibilities of Access Managers, whether at the department level or Building Administrator level include:
- Responsibilities of Individual Key Holders:
- The duplication of any University issued key is strictly prohibited.
- Any individual issued a key to any University facility is responsible for the safekeeping of the key and its authorized use. It must never be loaned, given, or transferred to any other individual.
- Damaged keys must be reported and returned immediately to the Access Manager who will coordinate with Physical Facilities Customer Service Center. Replacement charges will be waived if the damage is a result of normal wear and tear. If a damaged key is reported but not returned, it will be treated as a lost key.
- Lost keys must be reported immediately to the Access Manager and University Police Department and the appropriate Incident Report filed. Replacement keys will not be issued by the Access Manager and Lock Shop without the University Police Department Incident Report number and a key order form with departmental authorization.
- Personnel whose employment with the University is ending or those being placed on a leave where access to the University facilities (for which they have keys) has not been authorized must return all keys to the Access Manager for return to the University Lock Shop by their last day of work. Failure to return all keys may result in a delay of the individual’s final paycheck.
- Personnel transferring from one department to another or building to another must return their keys to the originating Access Manager and process a new key authorization request form signed by the new Department Access Manager.
- Keys must be surrendered by an individual at any time at the request of University Police, the Physical Facilities Lock Shop, the authorizing department or upon separation from the University. A receipt will be issued upon return of all keys. A key is not considered officially surrendered until an individual is issued a receipt for the return.
- Procedures for the Issuance and Return of Keys:
- To request a key(s), the individual must complete a Key Request Form which can be obtained from Physical Facilities Customer Service, on-line, or from the Access Manager. The individual should submit this to the Access Manager and obtain the appropriate authorization. The Access Manager will send it to the Customer Service Center. Requests are generally processed once received by CSC within 72 hours.
- Once the new key is received by the Access Manager, the requestor will be notified and must pick the key up in person and present appropriate identification. They will sign for the key and the Access Manager will return a copy of the signed form to CSC.
- Upon issuance of keys or access permissions to authorized persons in a building or department, it is the responsibility of each department or the Building Administrator to educate and/or train the keyholder about their responsibilities as a keyholder. This should include familiarizing the keyholder with this policy which can be found on the Division of Operations website under Policies and Procedures. https://www.binghamton.edu/operations/policies/
- All returned keys must be returned by the Access Manager to the Physical Facilities Customer Service Center if they are not going to be re-issued. A receipt will be issued to the Access Manager for all returned keys. If the Access Manager takes possession of keys that will be reissued, the Lock Shop must be notified of this change, and notified again once the keys have been reissued.
Section 2: Electronic Access
- Electronic Access Hierarchy:
The granting of electronic access is a decentralized process. The Card Access Office may manage some areas or facilities, but in general, access is the responsibility of the Building Administrators or in some cases the Access Managers who have the ability to grant and restrict access to their areas of responsibility. The access level is determined by the Access Manager with technical guidance and support from the Card Access Office. Access level includes:
- Affiliation (student, faculty, staff, external)
- Space (where access should be granted)
- Time (when access should be granted)
- Dates (activation/deactivation)
- Requests for Card Access Installations:
The university has a campus-wide electronic door access system. This system consists of an access control database that is centrally administered and locally managed, access control hardware that is installed in the individual buildings, and Binghamton University ID cards that are held by individual cardholders. ID cards issued by the University ID Card office are used as the access credentials for the electronic door access system.
All requests for repairs of card access hardware should be made through the ITS Help Desk.
Requests for new installations, conversions, or upgrades may be done through the ITS Security Infrastructure and Support department. Smaller projects can be requested via an estimate request through the ITS Service Now Card Access Request Service Portal.
Additionally, Security Infrastructure and Support can provide guidance for card access for project planning, design, and construction.
All card access installations will meet the Binghamton University Design & Construction Standards for Security and Access Control Systems defined by the ITS Security Infrastructure and Support department.
- Responsibilities of Building Administrators/Access Managers:
- It is every individual department’s responsibility to designate an Access Manager.
This individual will be officially authorized by the Dean, Director, Division Head
or Chair of a department and given the authority and responsibility to authorize electronic
access credentials for the department. This individual will be responsible for the
- Provisioning requests for electronic access control, and changes to access. Coordinates the issue of keys and Electronic Access Control with the Key Holder, Department Head and the assigned Access Control Grantor.
- Can approve access if formally delegated by the appropriate authority.
- Regulate access to buildings with time zones and access levels.
- Issuing temporary access levels when required.
- The secure recordkeeping of all confidential information related to persons who have access and who have been issued electronic access credentials for any area that falls under the control of the department. Maintains accurate records of all access control activities.
- It is the Access Manager’s responsibility to authorize the issuance of exterior and interior door access to only those individuals who have a continuous need to access the building(s) after normal building hours.
- The department will be held accountable for any individual for whom it has authorized electronic door access.
- Access Managers shall not allow electronic access credentials of any kind to be transferred from one individual to another. University issued ID cards are for the sole use of the recipient to whom they have been issued.
- It is every individual department’s responsibility to designate an Access Manager. This individual will be officially authorized by the Dean, Director, Division Head or Chair of a department and given the authority and responsibility to authorize electronic access credentials for the department. This individual will be responsible for the following:
- Responsibilities of Individual ID Card Access Holders:
- Any individual issued ID card access for use at any University facility is responsible for its authorized use. It must never be loaned, given, or transferred to any other individual.
- Damaged ID cards must be reported and returned immediately to the Access Manager who will coordinate with the Card Access Office.
- Lost or stolen electronic access credentials must be reported immediately to the Access Manager during normal business hours and the University Police Department after normal business hours.
- Individuals who are temporarily without their access device(s) and locked out of spaces to which they have authorized access must follow their individual department/college/unit procedures to obtain access.
- Personnel whose employment with the University is ending or those being placed on a leave where access to the University facilities (for which they have electronic access credentials) has not been authorized must return all electronic access credentials to the Access Manager for return to Human Resources by their last day of work. Access levels assigned to the user’s credential will be rendered nonfunctional.
- Personnel transferring from one department or building to another must contact the Access Managers for each respective location. The Access Manager can directly add and remove access levels associated with the former/new access locations.
- Electronic access credential(s) must be surrendered by an individual at any time the request of University Police, the authorizing department, or upon separation from the University.
- The Office of Human Resources will coordinate with the Access Manager and/or the Security Infrastructure and Support office when an employee is placed in a temporary status that requires their access to facilities be suspended.
- Procedures for obtaining electronic access control on your University ID Card
- To request access to a facility with electronic access, the individual must contact the corresponding Access Manager for authorization. Once access is granted, an email will be sent to the requesting department and all Department Heads with operations in that particular building.
- Unless otherwise authorized, all student access is terminated at the end of the semester. New requests for access must be submitted each semester. Full time faculty and staff retain given access unless otherwise indicated.
- Key Control Security Boxes
In order to reduce the number of keys carried by individuals on campus and to improve afterhours secure access to facilities, Binghamton University has implemented Key Control Security Boxes in several buildings. The Key Control Security Box contains building access keys that are electronically tagged with a Smart Key device with built-in memory chip for control and the recording of usage. These boxes reduce the number of keys in circulation at a given time. By assigning different access levels to departments and individuals in the campus community, the Key Control Security Box increases coordination, safety and efficiency efforts while standardizing key control methods across campus.
Users are approved in the same manner as key and access issuance. The Key Control Security Box provides the following:
- Ensure only authorized users have access to specific keys
- Check when a key is taken and returned, and by whom
- Identify keys that have not been returned
- Determine frequency of use of a particular key and how long for
- Notify a manager via email or text an alert situation