I’ve worked at two large universities that have more than 400 buildings on campus. There are many facets to starting and maintaining security at a campus of that size, particularly if you have masterkey systems in buildings, as we do.
Masterkey systems ensure that people enter only the spaces they’re authorized to be in. Masterkey systems are necessary when you have a high volume of building occupants who access multiple rooms in a large building. You can imagine the chaos if every door in a 600-room building had different keys. You’d have to have a large ring of keys to help you to go through the building.
The masterkey system is the how: How do building occupants travel through buildings? The electronic access control (EAC) systems supply the who: Who travels through a building? The combination of the how and the who is what’s of interest to security pros. Most metal keys for mechanical locks don’t have an audit trail. The EAC supplies the audit trail, which gives building and security managers and law enforcement a record of who went through what door when. This is most helpful if there has been a security issue.
All of our EAC locking solutions are required to have a keyed bypass in case of a system failure during an emergency. Only security personnel have access to the key-bypass cylinders. This allows the audit trail to be maintained.
Having strong key-control policies in place is important. This helps to maintain the integrity of your masterkey system. The foundation of creating a good key-control policy is a well-organized “key consultation.”
It’s crucial to get your key-control policy right from the beginning. Some of the following issues can apply to commercial masterkey systems, but our focus is on masterkey systems and concerns of higher education.
Setting the Rules
“Empowerment theory” is a term used in social work to guide people toward a sense of control. This concept can be applied to an end user of a space in a building. As security pros, we’re responsible to apply the empowerment theory to buildings.
Building occupants on a university campus covet and fight over square footage. It’s important for the end users of a space in an educational facility to occupy only the space the registrar’s office says they’re supposed to.
There are reasons why everyone in the building shouldn’t have access to everything in the building. Some areas have to be out of bounds for building occupants because of safety issues.
Mechanical rooms are a great example of that. Another reason for mechanical rooms to be off-limits is that they have been used by building occupants as storage areas. This is in violation of fire safety codes. High-voltage vaults also should be entered only by authorized personnel. Touching the wrong things in that room could cause electrocution. Elevator machine rooms are off-limits not only for the protection of the person entering, but also for the people riding in the elevator car. The roof is dangerous and should be accessed only by maintenance personnel.
Protocol and policies regarding key control should help to direct who should be where in a building. The development helps everyone to know the expectations for each person who enters the building. Spelling out protocol and policies is necessary, particularly with staff who look at a key they’ve been issued as a status symbol.
With respect to masterkeys, the fewer issued, the better. Too many buildings have been rekeyed because of lost masters. Also, it’s important to have the person who issues the keys be responsible for the level of key issued. Key managers know the staff in their departments and can act as the gatekeeper. The job of a departmental key manager is thankless but necessary. Key managers also should be held responsible for the keys they approved. However, the key manager shouldn’t have keys they approved in their name, because key managers change frequently. The burden and responsibility of the key should be on the keyholder.
Often a keyholder has lost a key and doesn’t report the key missing. There should be regular audits of individuals. Key audits are a tedious, time-consuming task, but the masterkey system’s integrity is at stake.
My institution requires a police report to replace a lost or stolen key. Doing this gives the powers that be the opportunity to mitigate and rekey.
The key-issuance policy should set expectations. There must be clarity in key issuance that allows the administration to enforce penalties for missing keys. If the administration doesn’t support the policies, there will be no traction. After all, the key is property of the institution.
Each key should have a unique identifier, such as a serial number, imprinted on the key. This unique identifier then is associated to the keyholder’s record. Upon separation, a receipt for the return of a key would be part of the exit checklist. Failure to comply should be met with appropriate punishment that can increase over time, like library fees or parking tickets. Without such punishment in place, this also can degrade the security of the masterkey system.
The same policies regarding returned keys can be applied to key rings as well. Records for each key ring number might show all keys by serial number on the ring. The key ring should prevent the keyholder from removing keys from the ring.
There are a few ways to achieve a secure key ring. One would be to buy a lockable key ring. Another would be to purchase rings that can be peened together by using a fixture during the peening process. These rings have serial numbers stamped on them for easy identification. By far the most inexpensive way that I have seen requires a torch, silver solder and soldering paste.
Setting the Goals
My most recent opportunity to empower end users and manage space was a key consultation that took place at the end of 2021. The meeting was in a construction trailer next to the half-built Student Union. This was no easy task: Numerous working groups had to be involved and their requirements addressed. Most of the groups have existing systems. Student services had to have a new system. It always is complicated when you have multiple systems in one building. That also means it’s more difficult for the maintenance staff because of the numerous keys they require to do their work.
Please note that institutional buildings that have rooms that contain money, pharmaceuticals, employee records or alcohol should have special consideration when being secured. Also, it’s worth noting that entrances and exits that require key bypass should be keyed with nonissuable keys that are for first responders and locksmiths only. This also applies to any access control that maintains the audit trail. This best practice also helps to control false alarms and hold-opens.
The key-consultation meeting is meant to be educational. It’s necessary that you and the building manager leave the meeting with new knowledge and attainable goals.
The locksmith’s responsibilities to managers include:
- Make sure they know how their space will be used.
- Have them understand that access control doors have nonissuable keys. Restricted key issuance also applies to mechanical, telecom and custodial areas, excluding special circumstances.
- Explain the basics of a masterkey system, whether it’s a three-, four- or even five-level system. Share how masters, submasters and change keys differ and why it’s crucial to match the correct level of key to the keyholder.
- Explain the difference among various terms, such as keyed alike, keyed different, single keyed, single keyed different not on the master and master only.
- Explain how key nomenclatures work, so when the manager orders keys, they get the correct level of access desired. For example, C28D-21 is a change key. The numbers and letters have significance. If you saw C28 only, this would indicate a building master. Adding a letter behind the masterkey indicates a submaster, C28D.
- Direct the manager to have meetings with their staff to discuss how the rooms will be keyed, using the key plan provided. Have them list each room on the spreadsheet with the room number and how it should be keyed using the nomenclature you taught them. Don’t be afraid to let them list the rooms that way. It can lead to a buy-in by participants that adds value to the project.
- Explain the differences among privacy, office-entry, storeroom and classroom functions on locks and when they should use each. The project manager and end users can make changes as necessary.
- Encourage managers and end users to protect the system. Reporting lost and stolen keys quickly and requesting mitigation of the affected door will keep the system strong.
- Make it clear that after the spreadsheet has been submitted, change requests in the key system will be a chargeable item.
- Have managers designate two people to serve as key managers, and then only those two people can authorize key requests. It’s good to have primary and secondary approval.
- Give everyone a deadline for the spreadsheets and stress the timely manner in which the spreadsheets should be completed.
- Communicate how you’re there to help with every aspect of the masterkey system. Provide the manager with your contact information.
Locksmiths should take away the following:
- Get contact information from the go-to people regarding key issuance and key changes.
- Keep precise records, storing information on a digital database if possible.
- Follow up midway through the spreadsheet-creation process and ask whether assistance is necessary.
Prolonging System Longevity
Adding electronics to a key-control system is my preferred deterrent to lost and stolen keys.
Accountability can be added to a metal key. As soon as the newly minted key system is in place, you’ll put keys in an electronic key-management box. Every key has an audit trail, and you’ll know where every key is. Key users check out keys when necessary.
Medeco partnered with Traka, both owned by ASSA ABLOY, to develop a fixture to electronically store and charge Medeco XT electronic keys. This solution resolves multiple issues. It gives accountability to the stakeholder and limits the number of keys that must be purchased.
I’ve found electronic key-management boxes to be particularly helpful when lending to vendors or contractors. The box is available 24/7, and the keys are on a blind system, with the vendor or contractor being given the location of the key before borrowing, with the understanding that the key will be returned before the end of business that same day. If you have a walk-up window for key issuance, this is particularly nice, because you don’t have to deal with the vendor or contractor. The box does it all. You even can have emails sent to supervisors when keys aren’t returned when they were supposed to be.
Before the electronic key boxes, we used a chit system that had keys hanging on a peg board. Slips of paper were signed by the lender when keys were borrowed. It was a time-consuming and inefficient process.
The processes and details in this article have come to exist through trial and error, a sharing of my experience. Other ways can get positive results when dealing with masterkey systems. Information shared is always helpful.
Steve Fryman, CRL, CAI, CISM, is the key compliance manager at Florida State University. He can be emailed at [email protected].
