Key Management Policy



Similar documents
FACILITIES MANAGEMENT DEPARTMENT

Security, Access Management and Key Control Policy and Procedures

Purchasing Card Program

KEY / CARD ACCESS CONTROL POLICY FOR FACULTY, STAFF AND STUDENTS

Access Control Regulations

KEY AND LOCK POLICY Physical Plant Division April 2003

2.09 Key and Card Access Systems Approved by Executive Committee: 8/17/04

UNIVERSITY OF MIAMI POLICY AND PROCEDURE MANUAL TITLE: Access Control REFERENCE:

TENANT ACCESS COORDINATOR HANDBOOK

U.S. Customs and Border Protection Security Seal/Hologram Program Procedures (Updated Sep 2010)

INSURANCE AGENCY AGREEMENT

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

How To Manage Keys At Trent University

Recommendations for Improving Purchasing Card Procedures

Data Center Access Policies and Procedures

CORPORATE PURCHASE PUR

Military Considerations

MANUAL OF PROCEDURE. Miami Dade College Purchasing Card Program. VI-2 Bidding for Commodities and Services VI-3A Minority Business Enterprises

LONG TERM RENTAL REGISTRATION APPLICATION All sections are required to be completed. Please print, type, or apply through portal.

DataCentre Access Policies & Procedures

LONDON DOWNTOWN CLOSED CIRCUIT TELEVISION (CCTV) PROGRAM CODE OF PRACTICE CITY OF LONDON, ONTARIO

Arrangement of Clauses

GNB RSA Token Standards and Procedures

MUNICIPALITY of COLCHESTER PURCHASING CARD POLICY. January 2006

8.1.6 POLICY ON KEYS AND OTHER BUILDING ACCESS DEVICES. Policy Statement COLLEGE OF CHARLESTON POLICY ON

University of Nevada, Reno. UNR Building Access Cards and Key Control Procedures 1

Annex 4 Operational Certification Procedures. Rule 1 Definitions

REGULATION ON FINANCIAL HOLDING COMPANIES (Published in Official Gazette dated November 1, 2006 Nr )

(TRANSLATION) CHARTER OF THE BOARD OF DIRECTORS SONY CORPORATION

Financial Instructions

Encryption Security Standard

Overview A. What is the Visa Purchasing card?

KEY, SWIPE CARD AND ELECTRONIC FOB POLICY

Schoeller Allibert Limited Job Description. Reports to: Operations Director Date of Completion. 04/05/16

Definitions: The Certification of Exemption memorandum must be signed by the principal investigator s dean or department chair.

Samford University Purchasing Card (PCARD) Program Policy and Procedures May 1, 2016

DOOR ACCESS CONTROL SYSTEM POLICY

Appendix 1 Payment Card Industry Data Security Standards Program

Xx Primary School. Finance Policy

POLICY TITLE: IDENTITY THEFT PROTECTION POLICY

Ch. 435a KEY, GAMING & NONGAMING EMPLOYEES a.1. CHAPTER 435a. KEY, GAMING AND NONGAMING EMPLOYEES; BOARD-ISSUED CREDENTIALS

CITY UNIVERSITY OF NEW YORK EMPLOYEE ACCESS TO THE STUDENT INFORMATION MANAGEMENT SYSTEM AT SELECTED CAMPUSES. Report 2007-S-23

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Pursuant to Article 95, item 3 of the Constitution of Montenegro I hereby pass the ENACTMENT PROCLAIMING THE LAW ON BANKS

Berea College Purchasing Card Policy. Adopted November 1, 2003

1. The records have been created, sent or received in connection with the compilation.

INTERNAL CONTROL QUESTIONNAIRE OFFICE OF INTERNAL AUDIT UNIVERSITY OF THE VIRGIN ISLANDS

YORK CATHOLIC DISTRICT SCHOOL BOARD

MySign Electronic Signature

Contra Costa Community College District Business Procedure SECURITY CAMERA OPERATING PROCEDURE

CAMPUS KEY POLICY. Gerry, Bomotti, Senior Vice President for Finance and Business

DFA EXTERNAL AGENCY POLICY AND FORMS FOR ACCESS CONTROL

Andrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration

Revised June, 2002 FACILITY ACCESS AND IDENTIFICATION BADGE POLICY AND PROCEDURES

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

MU 20/15 - LIA MINIMUM STANDARD FOR LIFE INSURANCE ADVISORY PROCESS (EFFECTIVE DATE: NO LATER THAN 1 APRIL 2015)

Audit Report on the New York City Police Department Data Center 7A06-093

Virginia Commonwealth University School of Medicine Information Security Standard

Registration Procedures

Neutralus Certification Practices Statement

CONCORD UNIVERSITY BOARD OF GOVERNORS

Vodafone Group Certification Authority Test House Subscriber Agreement

Presentation by BSI on the main changes to the IATF ISO/TS certification scheme

RENTAL APPLICATION. (All applicants must complete RRM and GLVAR applications)

Procedures for the Acceptance of Wastewater from Asbestos Abatement Projects

PURCHASING CARD POLICY AND PROCEDURES

ABBVIE C-TPAT SUPPLY CHAIN SECURITY QUESTIONNAIRE

WINONA STATE UNIVERSITY TRAVEL CREDIT CARD PROGRAM USERS GUIDE

THE SOCIALIST REPUBLIC OF VIETNAM Independence - Freedom - Happiness No: 23/2014/TT-NHNN Hanoi, 19 August 2014 CIRCULAR

HIPAA Employee Compliance Program TRAINING MANUAL

Onboarding and De-boarding of Personnel in the MICH Community

Travel Card Policy and Procedure Manual

Home Working Policy Version Date Status Comments

University of Limerick Data Protection Compliance Regulations June 2015

MASTERCARD PREPAID CARDHOLDER TERMS & AGREEMENT

Transcription:

THE LAMBTON COLLEGE OF APPLIED ARTS AND TECHNOLOGY Issued Date: Supersedes Date: Policy #: January 04, 2006 October 02, 2003 4000-4-7 Key Management Policy Policy It is the policy of the Lambton College to maintain a unified access program throughout all College sites, ensuring the highest security standards in the protection of site facilities and create a safe working environment by restricting access through the issuance and control of keys and cards related to the operation of Lambton College facilities. Scope To provide a high security keying and electronic access program encompassing the maintenance of all locks, issuance of security keys and key cards, tracking, auditing and retrieval of system keys and cards ensuring the integrity of the keying and electronic access management program. Management Structure Reference management chart (PDF) - appendix. College Program Coordinator The college Program coordinator is appointed to oversee the security keying program through all the Lambton College facilities. The coordinator is empowered to maintain the unified standards, policy and operation procedures remain consistent and of the highest standards.the coordinator will act as an ex-official member of all the management committees and receive all reports and documentation required to ensure that a unified effective keying program is being maintained throughout Lambton College. Access Management Committee The access management committee shall consist of three individuals representing management, security and physical plant with the College program coordinator and access control manager acting as ex official members of the committee representing all facilities and interrelated smaller facilities. This committee shall be empowered to issue or deny access to keys and cards and mandated to enforce the policies and process established a teach site. This committee, in conjunction with the program coordinator will have the power to change the access policy from time to time as the operational state of the facility changes. Members of the management committee may assign a temporary replacement during their absence Access Control Manager An individual with knowledge of the keying management and electronic access system will be selected and empowered to manage the day to day processes of issuing, tracking, auditing and retrieving keys and cards.the key control manager will oversee all record keeping and storage of non issued keys and cards including the report auditing of all departments. Reporting Structure

The access control manager is empowered to operate the day to day keying and access control program through the access management committee. The daily access system operation and management is based on the established access system policy and processes. The access control manager is required, utilizing the key management software and electronic access software, to forward status report confirming operational integrity to both the management committee and College system controller. Reports: 1. Key issuance 2. Lost/stolen key or card status 3. Request for key changes 4. Key design changes Key and Card Holder Accountability 1. All systems keys and cards are the property of Lambton College. The proper use and care of the keys and cards is the responsibility of the individual to whom the keys are issued. 2. System keys and cards are not to be loaned. 3. System keys and cards are not to be transferred. 4. System keys and cards are to be rendered on request and returned to the access control center if retirement, transfer, termination or separation from or within the College occurs. 5. Adherence to the access control is required. Issuance of Keys Keys will be issued to employees and students of the Lambton College and approved individuals. This policy and the access management committee will govern issuance of keys based on the level in the hierarchy design. LEVEL I ZONE LEVEL II BUILDING LEVEL III FLOOR LEVEL IV DEPARTMENT LEVEL V CHANGE Level I II These levels will be issued to a key tracking system. The keys in these levels are to be used on the College premises only and are not to leave the premises at any time. Only authorized individuals approved by the management committee will be allowed access to these keys by the issuance of a tracking auditing system. These keys must be returned daily to the tracking system based on the individual's job and time requirements. The access control manager has the authority to demand that keys be returned at any time if the assigned individual fails to return the key at the designated time or removes the key from the Lambton College facility. Level III The access control manager is assigned the authority to issue or deny Level III keys. These keys may be issued to the control center key trackers. The removal of these keys from the operating facility is not allowed. Any individuals not returning keys at the designated return time will be called and required to return keys to the facility. Issuance of Level IV & Level V The access control manager is assigned the authority to issue or deny Level IV & V keys. These keys will be assigned to individuals with the approved authority of area managers established and assigned to the key management software. Hierarchy

An approved keying hierarchy design reflecting the integration of the key master keying criteria for the College is the only keying structure to be followed in the maintenance, servicing and additions to the keying program. No cross keying or maizon keying to be allowed unless approved by the access manager committee.any keying outside the hierarchy criteria must be by the site management committee with clear justification and forward to the College program coordinator. Key Request All keys must be requested and supplied through the access controller and authorized in accordance with the policy and processes established by the Lambton College.Request for keys is to be on a Lambton College key request form. Authorization Level I & II The authorization for issuance of Level I & II keys to be approved by & II the access management committee with two signatures required. Level III The authorization for issuance of Level II keys to be approved by the access control manager with request from approve signatures of the department manager or supervisor of the operations department requesting the use of the keys. Level IV & V Level IV to V authorization for issuance of keys to be approved by & V the department manager of supervisor of the individual for which the key is being requested. The department manager or supervisor is required to complete a key request form and submit it to the access control manager. Electronic Card Issuance The access cards are defined in three levels: 1. Level I Security: access, this level controls building and high level entry doors in real time control with alarm response. 2. Level II Controlled: these doors are controlled by security with direct linkage and accountability by other groups. 3. Level III Departments: access, this level is directed to the departmental level and is managed by the individual or group as an independent location. Card Issuance Card issuance may be as direct distribution or utilization of an individual's present student or staff card. The security control and maintenance is by software or on site programming. Request re applications for access is through a security request form with proper authorization for approved location access. The control of all access is through the access control manager or their designate. Auditing The control and management of the electronic access is maintained by the access control manager or designate. Auditing of the software to ensure integrity will create managed entry points. Individuals in violation of the security protocols at any entry point will be subject to an operational review by security or direct supervisor and have denied access status until such time as violations are corrected. Electronic Card Returns The integrity of the electronic access is not dependant on the cards being returned, it is the policy of Lambton College to request that all access and I.D. be returned to the access manager upon retiring, transfer, separation or termination from the employment or attendance at Lambton College. Key Storage It is the responsibility of the key control manager that all spare keys to be secured in a key cabinet and ensure that all software data is properly maintained and updated as required for all system keys accountability. Key Auditing/Operational Processes

Attached to the policy are the operational key control requirements. Addendum: Operational Key Control F16. It is the responsibility of the access control manager to review the process outline and establish an operational plan to ensure all aspects of the issuance, tracking,auditing and retrieval are followed as established in the process outline approved by the corporate program coordinator. Change to Access Policy The access management committee in conjunction with the College system coordinator has the authority to make changes to the management policy as required to maintain a policy compliant with the operational requirements, staff and students, at Lambton College. Key Returns Security keys issued to individuals for the purpose of access to Lambton College remain the property of Lambton College and must be returned to the access control manager or their designate upon retiring, transfer, separation or termination from the employment or attendance of Lambton College. Individuals not returning their approved keys will be held responsible for a two or five hundred dollar penalty depending upon status or key level. Keys assigned with deposits, if not returned, will have the deposits held. Key Issuance Internal With the approved authorized signature, the access manager is required prior to issuance of security system keys to update the computer information and develop a signature acknowledgment form for which the key holder must sign. A key card I.D. will be issued to each key holder. The I.D. is to be registered with the appropriate departments ensuring retrieval of all keys prior to discharge or transfer. Key Issuance External The issuance of keys to external contracts is to be approved by the access control manager or authorized designate. The external contract will sign an acknowledgement of the key assignment and accept the cost of replacing keys if lost or stolen. (Form to be developed by corporate program manager). Lost/Stolen Keys & Cards Any individual in receipt of a security access key or card issued by Lambton College is responsible to notify immediately any key which is lost or stolen. Lost or stolen key reports must be reported immediately and not exceed a 12 hour period. The response as to the action required to ensure security is maintained is the access control manager and access management committee's responsibility. Departments or individuals may be held responsible for the cost of re-keying the College premises due to lost or stolen keys. Key System Changes Any keying changes to the master key system or renovations to the facility which will require new locking hardware will be processed through the access control manager. No individual may change any keys or locks at the facility without the consent of the key control manager. Any changes must follow the hierarchy design or be approved by the management committee. Maintenance The access control manager is empowered to maintain and service the keying and electronic access systems. All additions must use qualified key codes as designed in the original system or system approved by the access control manager. Key Management Software

The software is to reside on the computer in a location accessible by the access control manager. The software is the central management for control and issuance of any keys. An individual will be required to operate as the software manager. This individual or site designate will process all key requests and distribute keys in accordance with the management policy. Also required by the software manager is to process requests from Human Resources or department responsible for all individuals leaving the College facility and have a timely report of all individuals to allow the retrieval of keys before departure and process the reregistration of those keys in the software. Key Identification Lambton College requires that all systems keys be identified with a site code,location code and individual tracking codes. Multiple keys are to be attached to a serialized security ring or security identifying seal prior to issuance and this coding to be used for individual accountability. Key Card Tracking Every individual receiving a security system key will be issued a key card with the care and maintenance clearly explained. The individual serial code will be used to ensure key retrieval within the organization. Information System A document key record form must be used when: - Requesting keys # Reporting lost/stolen keys # System servicing # All rules and processes defined on the forms must be closely followed. Key Production Security and registered key production is restricted to the access control manager or their designate and production is restricted to Lambton College unless approved by the access management committee. Control of Codes All system codes must be maintained by the access control manager and use of the codes by the hardware manufacturer must be in conjunction to the restrictions and security needs of Lambton College. New Construction/Additions All system cylinders or electronic access used at Lambton College facilities must be supplied through the approval of the access control manager or the management committee in conjunction with the architectural criteria required in the new construction. Appendix Management Control and Accountability

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information