Key and Card Access Control

Policy number: 8.4

Policy section: Information Technology

Revised Date: January 2, 2019

1.  Policy Statement

This policy is established to provide guidance and authority to audit and regulate the issuance, transfer and return of all keys and building access cards issued by the University. This policy outlines the responsibilities of departmental personnel, as well as the holders of keys and access cards. All key and building access card holders are responsible for the keys and access cards assigned to them. It is the intent of the University that exterior entrances for all buildings shall be locked outside of normal scheduled hours to maximize the security of the buildings, occupants, and building contents.

2.  Purpose

The purpose of this policy is to provide appropriate security for campus facilities in order to protect life, property, and research and to facilitate the administration and control of keys and access cards.

3.  Applicability

This policy applies to all locking devices securing University facilities and those individuals authorized to use them. University residential facilities are managed by Residential Life and Student Housing (“RLSH”) and are not covered by this policy.

4.  General Information

  1. Cards - The Parking and ID Card Services Office issues identification cards that are also used as a security access card into buildings and some parking areas on campus. Lost or stolen cards must be reported to Parking and ID Card Services. Damaged, lost, or stolen cards will be replaced for a fee.
  2. Issuance of Keys – Facilities issues keys to gain access to doors that are not secured via the electronic access control system. Requested keys must be picked up at the Parking and ID Card Services Office with an SMU ID or government issued identification. Duplicating and/or lending keys is prohibited. Damaged, lost, or stolen keys must be reported to the area building liaison within 2 business days. If a key is lost, the Lost Key Form should be filled out and logged in to the key management system.If a key is found that does not belong to the individual, it must be returned to the "IDCard Office" and the owner of the key will be notified.

5.  Requesting Access

  1. Authorization for Access – All employee access requests must be approved by both an individual’s direct supervisor and the appropriate area building liaison.
  2. Contractor, and Non-University Employee Access – Contractor access must be requested by the contracting department and approved by the appropriate area building liaison.
  3. Student Access – Student access requests must be approved by the appropriate instructor or supervisor and by the building liaison.
  4. The University provides different levels of security depending on the needs and uses of each building.

6.  Annual Audit & Inventory

Supervisors are required to annually audit user access for both keys and cards.  Within 12 months of the effective date of this policy, the University will create an electronic process for conducting this annual audit.

7.  Inadvertent Lockouts

Individuals that are temporarily without their appropriate access credential should contact the building liaison for temporary access to their work area. The building liaison will verify the person’s identity and the appropriateness of the requested access before providing access. All requests for lockout access will be logged, whether or not access was granted. For after-hours emergency access, the SMU PD should be contacted.

8.  Key Recovery

At the termination of employment or change in responsibility, it is the responsibility of the supervisor to recover the key(s) assigned to an individual. If during the annual audit, it is determined by the supervisor that access is no longer appropriate, the supervisor must recover they key at that time. Students must return keys to the building liaison or designee prior to graduation. Recovered keys must be returned to the Parking and ID Card Services Office within 5 business days.

9.  Non-Compliance

Failure by individuals, departments, or units to follow this policy and procedures may be subject to disciplinary action in accordance with Southern Methodist University policies and procedures as appropriate. Violations of this policy may result in additional costs to the individual, department, or unit.

10.  Exceptions

The Vice President of Business and Finance or his/her designee may grant exceptions to this policy or related procedures after a security risk assessment. The Assistant Vice President may at any time rescind any exceptions to this policy or procedures based on a new risk assessment or abuse of any exceptions granted. Residence Life will be an exception to this policy as that unit has its own keyless access policy due to the unique living arrangements.

11.  Questions

The Chief Information Officer (“CIO”) or designee shall be responsible for interpretation of this policy, resolution of problems and conflicts with departmental policies, and special situations. The CIO may grant exceptions to this policy and/or standards after a formal review.

Revised: January 2, 2019

Adopted: June 1, 1994