It is rare when a singular event leads to the replacement of a master key system. Usually there are many symptoms that can be detected before a master key system is fully defective.
As the person who performs service to the system, the locksmith is the first person to discover symptoms and can predict irreparability. But when locksmiths pass this information to management, it is often ignored as the cost to replace a system is expensive and judgment calls usually side on "let's wait until we absolutely have to act."
It is important to understand what symptoms will lead to master key system failure.
What is a master key system?
A master key system is any keying arrangement having two or more levels of keying. Master key systems are a means of controlling access to places and things while having a direct influence on safety and security. Locksmiths not only understand the mechanics of a master key system, but also have a technical understanding of how master-keying works.
Company management probably does not even know the locksmith is using a formal master key system. Management is more likely to consider the locksmith as applying an arcane lock-by-lock technique to turn different keys on and off. Management usually has no idea at all how it works and strictly relies on the locksmith to make things happen, usually without giving the locksmith credit as a knowledgeable professional.
The locksmith would be better served if management had a better understanding.
There is a quick means to bring management up to speed as there are other systems that management is well aware of that exactly parallel what the locksmith does. Master key systems are very similar to computer network systems. The computer network system manages information and access to information. It affects productivity, security, and safety.
Management hires specialists to maintain the networks and manage data. Computer network systems eventually have to be replaced or upgraded. Once management understands the comparison, it will be easier to for the locksmith to communicate needs. When a computer network is "broken," management understands the need for immediate repair regardless of expense. Master key systems can "break" in similar ways.
Losing control of master keys
Compromise of master keys is the number one reason why master key systems are replaced.
The issuance of high level master keys (i.e. the keys that open everything in the system) should be strictly limited to the very few who actually need them. A person's job functions dictate the need to possess master keys. Locksmiths, emergency responders and roving guards are on the short list.
In the work environment, executives will often procure the TMK (Top Master Key) regarding its possession as an indicator of their personal status. As others attain the same "status," they demand issuance of the TMK. The proliferation of top master keys can lead to compromise simply by the number of executives possessing them.
Issuing top master keys in this manner drastically limits the ability of the locksmith to provide effective keying.
A typical scenario occurs when a new CEO wants to have areas keyed so that others who possess the TMK are locked out.
The additional provision that the CEO only carry one key to everything triggers the replacement of the master key system.
A typical six-pin system may have a TMK that can access all 64 pages of key combinations. The 64 pages may be split into four groups of 16 pages. Each of these groups has a master key that can open all 16 pages.
The more these types of high-level keys are issued, the greater the chance that a problem can occur. A typical problem is when the master key falls into the hands of the wrong person or the master key is lost. The seriousness may lead to the rekey of locks in that group of 16 pages which then affects a quarter of all key combinations in the system.
Losing control of high-level master keys can eliminate so many key combinations that the system must be replaced.
Flawed keying strategies
Master key systems allow the locksmith to designate groups of key combinations for specific use with a sub-master over the group. The initial development of these groups is the locksmith's keying strategy. Keying strategies can be developed for people, places, and things.
When keying strategies are developed for people, key combinations are reserved for use by persons or departments within the company's organization. These keying strategies by nature will be volatile as persons will change jobs or responsibilities and departments will move from locations.
Expect these keying strategies to rapidly expire as change affects the persons or departments. If the keying strategy involves many key combinations, it can lead to premature replacement of a master key system.
Keying to places is more static. A place might be a location like a building or part of a building.
Persons or departments that work in the location might come and go. Retrieving keys allows the locksmith to re-issue the keys to the location's new tenants. Keying to places is more reasonable as long as existing keys can be retrieved.
Keying to things is very static. Examples of things are: padlocks; desks; cabinets; utility lockers; and tool boxes. These things move around but require less rekey.
Regarding all key strategies, it is important to retrieve keys when necessary.
Not having in place a mechanism to retrieve keys
Whatever the level of the key, it is important to have a mechanism in place that guarantees that the key will be returned. Management can establish written policy that persons need to return keys when no longer needed or when asked by management to do so, but such policies are rarely enforced.
Frequently, the responsibility of key retrieval is left to the locksmith to manage and without the resources needed. The locksmith may not know when a person no longer needs a key. Persons change jobs or are terminated without the locksmith's knowledge and before keys can be retrieved.
Too often the locksmith is made the "key police" and asked to retrieve a key when the company demands it back. If the company demands keys be returned, the collection should involve the security personnel.
An effective means to retrieve keys is to develop a working arrangement with the locksmith, human resources and security.
When controlled keys (keys that are part of the master key system) are issued, the recipient of the keys should sign an agreement to turn the keys in when requested by the company. The agreement should have a "bounty" attached to the keys that can be automatically deducted if the keys are not returned when asked to do so. A turnkey process needs to be developed where the initial control of the key is activated and maintained by the locksmith, then reports are sent to human resources.
When human resources change an employee's status, they refer to the report as a preliminary clearance. If the employee is not accountable for any keys, the status change moves forward. If the employee has outstanding keys, the keys are returned on the spot or the transaction must be rectified through the locksmith before status is changed. In this manner, companies can guarantee that keys are retrieved.
When keys are not returned, locks are unnecessarily rekeyed. Every unnecessary rekey ebbs away at the master key system, especially if the key that wasn't retrieved was a master key.
When status of issued keys are not properly tracked
The primary responsibility of the locksmith is to track the status of every issued key that is part of a master key system. This can be done on paper using a filing system that cross-references people, places, and things. Preferably the tracking is performed by computer using either a commercial application designed for the purpose,; custom-made spreadsheets or databases.
What should be tracked is:
1. When the key was issued.
2. Who the key was issued to.
3. Who authorized its use and for what reason.
4. The current status of the key (with the user, lost, returned, ready for pick up).
5. An optional mandatory return date.
6. What cylinders the key can access in the system.
There will always be instances in which areas that are protected by the master key system are violated. When the system is properly tracked, a list of suspects can be developed and the violation can be contained.
A master key system is a tool to provide access control. The integrity of the system is the means to index who has access. When there is no means of indexing, access the system is worthless.
Duplication of unauthorized keys
All processes and procedures can be followed properly and the master key system can still be compromised by the duplication of unauthorized keys.
If the system's key stock is readily available from local hardware stores and key shops, unauthorized keys will proliferate. It is useless to attempt to control keys if persons can take keys down to hardware stores and have as many keys cut as they wish.
Again, the locksmith is usually the person who receives the first indications that unauthorized keys are being used. Anytime a locksmith is handed a key ring, the ring should be inspected for possible unauthorized keys added to existing master keys.
Also, when extracting broken keys from lock cylinders, the key parts should be inspected.
When keys are returned, locksmiths have another instance to perform inspection. Locksmiths should forward reports anytime unauthorized keys are found and explain the implications to management.
Over-tasked Master Key Systems
Sometimes master key systems are misused by implementing key functions better handled by other types of systems. One of these tasks is securing the perimeter of locations. When cylinders are master-keyed more than one key can operate the cylinder. Security is diminished.
Perimeters are usually accessed by many persons (i.e. security guards, emergency responders, executives). As persons move on, perimeters keyed in this fashion are often rekeyed, further taxing the master key system.
For example, consider the need to provide "lock-out" padlocks at a facility. A "lock-out" padlock is required for safety purposes so that a technician can shut down an electrical circuit when necessary. The technician should have the only key to the padlock and the padlock should not be part of the master-key system.
It seems simple enough to dedicate several pages of key combinations within a master key system so that each padlock can be uniquely keyed.
A better method is to develop a separate system for this use. Diversification makes sense especially if the key stock used in the master key system goes public.
When To Replace The System
It is time to replace the system when the one or more of the following scenarios are true:
1. Areas are being accessed; things are missing, and there is no explanation as to who is making entry. When rekeyed, the actions continue. Too many persons are in possession of master keys.
2. The repeated rekey of groups of key combinations for persons or organizations has exhausted the system so that groups of key combinations are no longer available.
3. Persons that shouldn't have certain keys do. When key holders left the job, they gave the keys to others rather than properly turning in their keys. Multiple areas are being accessed by unauthorized persons.
4. Areas that are freshly keyed are being accessed by unauthorized keys. After decoding the keys, it becomes evident the keys were issued but not properly tracked. It becomes impossible to determine fresh key combinations as so many un-tracked keys were issued that control of the area cannot be guaranteed.
5. After a fresh rekey, there are complaints that persons are making entry. When their key rings are inspected, it becomes obvious keys are being cut by local hardware and key shops. These types of keys are being found routinely as keys are turned in or key rings are audited.
Because the master key system is over-used, there is no longer any room to accommodate new projects.
There are a lot of reasons why master key systems fail before their time. Many of the reasons can be prevented but it takes the cooperation of locksmiths, their management and support departments like human resources and security.
When symptoms are properly addressed, the life expectancy of the master key system can be enhanced indefinitely.
