Policy AD68 UNIVERSITY ACCESS POLICY (Formerly SY19)

Policy Steward: Vice President for Administration

Contents:

  • Purpose
  • Scope
  • Definitions
  • Policy
  • Storage of Keys and Access Credential Devices (ACDs)
  • Accountability
  • Audits
  • Further Information
  • Cross References

  • PURPOSE:

    To protect the safety, security, privacy and property of the University, and the individuals assigned to use University facilities, by controlling access to such facilities.

    SCOPE:  

    This policy applies to all facilities owned, leased by, and/or under the control of The Pennsylvania State University, excluding Hershey Medical Center, the College of Medicine, and the Pennsylvania College of Technology. Likewise, this policy applies to all individuals using these facilities. This includes both employees and non-employees. Protocol for residence and food service facilities access, including student rooms and apartments in University residence facilities, will be governed by the "Housing and Food Services Policies and Procedures for Key/Card Access," and as stated in the Terms, Conditions and Regulations of the Housing and Food Service Contract or Lease.

    DEFINITIONS / RESPONSIBILITIES:

    Access Control System- An electronic security system that can be activated by an access credential. The system electronically controls locking and unlocking of doors, identifies and records cardholder information, and logs system events.

    Access Controls and Electronic Security Programs (A.C.E.S.): A program within the Physical Security unit of the University Police and Public Safety. A.C.E.S.' mission is "to provide professional security services to The Pennsylvania State University community, consistent with the University’s mission, culture, and resources in order to facilitate a safe and secure campus environment.”

    Access Coordinator- This individual ensures that clearances, keys, and access credential devices are issued to individuals only for the areas to which they are authorized to enter. Access Coordinators will be authorized and assigned as detailed in procedure SY2001.

    Access Credential Device (ACD)- A University-approved device which identifies an individual to an access control system. Devices may include, but are not limited to, a card, fob, tag, biometric identifier, and any other approved device.

    Clearance- A person's approved rights to access a facility.

    Key- A traditional metal key or similar device that is used to unlock or lock specific mechanical door locks. For definitions of different key types, refer to Procedure SY2001.

    Key Management System (KMS)- A system used to process key requests, maintain a record of each key created, and associate that key to the key holder.

    University Access Controller(s)- Representatives from the University Police and Public Safety, jointly responsible for overseeing, advising and enforcing the parameters of this policy and Procedure SY2001.

    University Approved Locksmith:

    POLICY:

    It is the policy of The Pennsylvania State University to preserve an open access environment while properly authorizing building and room access to faculty, staff, students and representatives of organizations having contractual agreements with the University. A key or clearance will only be granted when access to facilities cannot be achieved via established locking and unlocking schedules. Requests for access must follow established authorization protocol, as specified within this policy and related documents. The issuance of a clearance, or possession of a key, does not extend permission of access beyond the assigned area or outside the authorized times of access.

    All keys and ACDs referred to in this policy are the property of The Pennsylvania State University and are not to be duplicated by any faculty, staff or student. Duplication of keys and/or ACDs, or the possession of duplicate keys and/or ACDs, will result in referral to the Office of Student Conduct (students) or the Office of Human Resources (all others) for the appropriate sanctions. When appropriate, criminal sanctions under fraud and counterfeiting statutes may also result.

    In the event that an individual’s access requirements change, the individual will be required to notify their area Access Coordinator and make the appropriate changes, including the return of their keys/ACDs, and/or changes to their access credential clearances, as applicable.  These circumstances can include, but are not limited to: (1) access changes in their current area of employment (2) leaving the University, or (3) accepting employment in a different area of the University. Lost keys/ACDs will be reported to the University Access Controller as defined in Procedure SY2001. Recovery costs will be charged to an individual's department for each lost or unreturned key (including keys to leased properties) and/or access credential devices issued by the University. In addition, recoring costs may also be charged as defined in Procedure SY2001. The Access Coordinator, University Access Controller and responsible budget executive will assess the vulnerability of the area(s) compromised by the lost key/ACD, and determine whether the area(s) need new cores/access devices installed.

    Likewise, all non-University personnel that are assigned keys/ACDs are also subject to the recovery costs specified in the preceding paragraph.

    NOTE: Replacement of PSU ID and PSUid+ cards are governed by University Policy AD24, "Identification Cards for Faculty/Staff, Students and Affiliates."

    All keys subject to this policy shall be labeled with a unique identifier stamped onto the key. The University Key Management System (or equivalent key management system at non-University Park locations) will be used to maintain a record of each key created and identified to its key holder by this unique identifier. No additional key labeling or tagging of any kind is permitted, unless authorized by the University Access Controller.

    All clearance requests for keys and ACDs must be approved in accordance with procedure SY2001.

    Any core changes, core moves, key cutting or duplications shall be performed only by a University-approved locksmith, and in accordance with Procedure SY2001.

    Procedure SY2001, "University Access: Clearances, Keys and Access Devices; Authorization, Issuance and Fees," provides the appropriate detailed information required for complying with the mandates of this policy. SY2001 specifies the fundamental responsibilities and necessary controls required to administer all aspects of University access.

    Adherence to this policy is the responsibility of all employees, students and representatives of organizations having contractual agreements with the University.  Enforcement of this policy is the responsibility of the University Police and Public Safety.

    Building access will be granted by electronic means if available. Keys will only be issued if access through electronic means is not possible.

    Requests/authorization to access University facilities will be accomplished by the completion of a Facility Access Authorization Request, per instructions in GURU.  If there are subsequent changes to an individual's access requirements, a new, updated form must be completed.

    STORAGE OF KEYS AND ACDs:

    The storage of keys and ACDs will be maintained per Procedure SY2001.

    ACCOUNTABILITY:

    Access to University facilities is a responsibility that each individual must take seriously. Access privileges may be revoked at the discretion of the University Access Controller, in consultation with the facility Access Coordinator, if the guidelines of this policy are not followed. Faculty, staff, students, and non-University personnel will be subject to additional sanctions and fees, as well.

    AUDITS:

    Annually, each Access Coordinator shall conduct a "self-audit" by taking inventory of all keys, ACDs, and clearance "issuance records," along with those items physically "on hand,"and comparing those counts to the central database records maintained for these items. A written report of the results of this self-audit shall be created, affirming the accuracy of the inventory taken as well as documentation of any discrepancies between the physical count and central database records. This report shall be provided to the University Access Controller.

    A random audit of a department’s key/ACD inventory records may be held at any time by the University Access Controller or a Physical Security representative to insure that both inventory and the security of keys and ACDs are being properly maintained.

    If there is a change in an area's Access Coordinator, an audit will be performed by the University Access Controller(s) and the in-coming Access Coordinator.

    FURTHER INFORMATION:

    For questions, additional detail, or to request changes to this policy, please contact University Police & Public Safety.

    CROSS REFERENCES:

    AD24 - Identification Cards for Faculty/Staff, Students, and Affiliates

    AD53 - Privacy Statement

    AD65 - Electronic Security and Access Systems

    AD73 - Accessing Athletic and Recreational Facilities

    HR55 - Things to Know When Leaving University Employment

    HR102 - Separation and Transfer Protocol

    SY2001 - University Access: Clearance, Keys, and Access Devices; Authorization, Issuance, and Fees


    Effective Date: March 31, 2014
    Date Approved: January 13, 2014
    Date Published: March 31, 2014

    Most recent changes:

    Revision History (and effective dates):

    | top of this policy | GURU policy menu | GURU policy search | GURU home | GURU Tech Support | Penn State website |