Frank Best’s universal core was interchangeable between mortise, cylindrical, cabinet and padlock housings. Early I-Core users soon discovered two additional benefits beyond interchangeability. First, most things can be done better and faster and more cost-effective in the shop than in the field. The second benefit was that the quick-change I-Core allowed a business or organization to keep up with personnel and facility changes. This turned out to be a really big deal.
Operational cost savings drove rapid I-Core adoption in industry, transportation, government agencies and educational markets from the 1940s on. It didn’t take long for all North American lock suppliers to develop their own interchangeable cores, following two tracks.
Leading lock manufacturers introduced their own Large Format Interchangeable Cores (LFIC) to accommodate existing pin segment sizes. Several smaller players also entered the market with Best-compatible Small Format Interchangeable Core (SFIC) cores, keys, and pin segments. We’ll not differentiate between various LFIC and SFIC systems, as the issue here is how we help the customer maximize his I-Core investment. Although the hundred million I-Cores are not being replaced, they are seeing profound technology changes. The issue here is how do they save money?
Pinning cores in the shop can easily produce 10 cores per hour, including calculating pin segments, cutting keys, lubrication, testing, and packaging. More nimble fingers often pin up to 14 cores per hour, and even 16.
Field installation usually runs 30 seconds each, and can even be done by the customer. Compare this with removing and re-installing a cylinder or lever handle and then pinning, lubricating, and testing on a cart in the field, and then reinstalling, and cutting keys.
Pinning in the shop is always faster. Clearly, the I-Core is far less expensive to maintain. Low labor cost and fast turnaround allow the customer to keep up with organizational changes. There are indeed some cases where very high tamper resistance is more important than cost, flexibility, and speed.
How does the I-Core make more money for your lock shop? Think big picture! When you save the customer money, you earn the right to be a trusted business partner. But, do users themselves actually reap the I-Core speed and cost benefits? Often not.
Internal Key Control
The most important key control action happens once a key is in the hands of the user. Keys are lost, loaned, stolen and not returned. Employees are hired, transferred, and discharged. Rooms are added, repurposed, or eliminated. Problems explode exponentially as an organization grows, leading to a 20% annual loss of key control.
Managing internal key control is pretty much the same process as an electronic access control system. You assign and record a given credential to a user based on his access need, then recover, change, or delete access privilege when the user is no longer authorized. The main difference is that control is achieved by recovering the key or repinning the core. Electronic I-Core options like Cliq and Switch Core can now be integrated with existing systems.
Internal control is not rocket science, but the customer needs to know how and why. Here’s what the customer needs to know.
Internal key control requires four things.
- Signed agreement when keys are issued.
- Record who has each key (serialized if possible).
- Recover keys no longer required.
- Replace or re-pin compromised cores.
In many cases, you’ll provide valuable code and pinning service for the customer – while building your own profitable relationship. In other cases, larger customers may want their own pinning kit for small jobs, and you’ll be the trusted backup when multiple cores are needed. Here’s the problem. New management teams seldom understand how their I-Core systems work. Keys are issued without documentation, and not recovered when employees depart. Master keys are issued when supervisors don’t know what key operates which doors. Teach them how to do their part, and they’ll gladly partner with you. Here are the simple steps.
Key Control Policies
The customer can use the following two basic elements that provide effective internal key control. The first element is a simple Key Control Policy. All your customer needs to do is cover these five simple issues.
1. Authority: Only the person responsible and accountable for a given area may authorize keys, codes or credentials for that area.
2. Key, Code and Credential Issue: All keys, codes or Access credentials are issued by the Key Control Office, with the express written approval of the manager responsible for the area to be accessed. No other person or authority may issue or distribute keys or credentials. All personnel are expressly prohibited from going to outside sources for key or credential duplication. Keys, codes or credentials may not be loaned, transferred, or given to any other person, except by the Key Control Office.
3. Security Audits: From time to time, managers or security staff may perform unannounced key or credential audits. Keys and/or Access Control Credentials that operate doors, locks, or portals in this facility will be documented, to update records.
4. Key, Code and Credential Return: Upon completion of tenure, transfer, or requirement for access to a given area, the keys and/or credentials must be promptly returned to the Key Control Office, and the office advised of code, key or credential discontinuation.
5. Penalties: Personnel transferring, or departing the organization, will not be issued final clearance until the Key Control Office is notified and keys, or credentials are returned. Duplication or possession of an unauthorized key, code or credential, is a security violation.
Typical verbage: “By accepting this key, access code or credential, I promise that I will not loan, duplicate or allow it to be duplicated. If the key, code or credential is lost or compromised, I agree to notify the key control office immediately. Upon completion of my tenure in this position, I agree to return the key or credential to the key control office or notify them of code discontinuation before my final pay or clearance is issued.”
Download the blank key control policy in pdf format.
After signing, the employee gets one copy and the second goes in the Key Control record file. Quick, easy, simple.
If an employee has departed the organization and the Key Agreement is still in the file, the customer immediately knows which keys and cores are compromised. This simple process is where the customer gets maximum value from his I-Core system. One or two chambers can be quickly re-pinned in the field, or a fresh core can be installed.
This key or credential agreement can be easily customized for your customer’s specific situation. The important issue is that the employee agrees to not loan, duplicate, or compromise his or her access control credentials. The employee also agrees to return or advise the Key Control Office (or authority) when authorized access is no longer needed.
When the key or credential is returned, the Key Control Office pulls the original from the file and signs off as returned, with date and signature. The employee gets a copy and the original goes into a “Returned Key” file. This process meets the KISS test. You don’t even need to spend money on software.
An Excel spread sheet can easily document the following.
- What core is installed in each door.
- What keys operate each core.
- When and to whom each key is issued (serialized if possible).
- Date each key is returned.
We’ve found that very successful internal Key Control processes are run by a small business owner’s wife who keeps track of the checkbook. In medium to larger facilities or many family real estate operations, we’ve often found a trusted secretary, clerk, or office employee who provides continuity. It is important that anyone taking over the Key Control role understand the process.
In large facilities, the internal lock shop may not handle key distribution or recovery, but are deeply involved with the process. These large facilities may now also have Key Control software connected to personnel records so any status changes are also promptly flagged. Or the locksmith servicing the facility may use more sophisticated key control and masterkeying apps and programs.
Since the vast majority of security compromises come from within, internal Key Control remains a critical component. Some managers fall prey to the deadly assumption that their electronic access control or patented keys eliminate the need for internal key control.
Electronic and mechanical access control are both important layers of the customer’s security system. If you help him or her understand this layered concept, you will provide a valuable service as you build trust.
I once asked a prospective customer if he had any key control problems. He said no. I asked if he had any lock issues. Another no. Access control problems? No. He then exclaimed that he didn’t know who had master keys.
With just a little help, his I-Core system allowed him to quickly obsolete existing masters and install the simple internal Key Control process. Offsite duplication and losses stopped, and his system stayed solid for several more years. Thus, another large corporation became a very good customer.
Patented keys have effectively blunted unauthorized duplication. You can also help the customer extend this protection to his more serious internal key control threat. The simple steps contained herein allow you to help the customer get maximum value from his I-Core investment.
Simply stated: Your customer knows he has key control when he knows who has keys.
Cameron Sharpe, CPP, worked 30-years in the commercial lock and PACS industry. Contact him at [email protected]