Introduction
This manual, provided by ASSA ABLOY, offers best practices for developing and managing key control policies and procedures. It emphasizes the importance of a robust key management system for enhancing facility security and extending the life of key systems. This guide is intended for use as a model or reference.
Comprehensive Key Control Policy
Purpose
To protect life, property, and security by establishing a framework for managing keys and access credentials through a Key Control Authority (KCA).
Specification
Details essential elements for a key control system, including appointing a KCA, methods for issuing/collecting keys, secure storage, and utilizing a key management program like Key Wizard®.
Enforcement
- Keys remain facility property.
- Unauthorized possession or alteration is prohibited.
- Procedures for lost/stolen keys and keyholder responsibilities are outlined.
- Violations may result in disciplinary action.
Elements of a Key Control Policy
Key Control Authority (KCA)
Defines the KCA's role in developing, implementing, and enforcing policies, including appointing a Key Control Manager.
Storage
Specifies secure storage for keys, credentials, and records, including locked cabinets and tamper-resistant designs.
Key Management Formats
Describes manual and computerized formats for managing keyholder, key, location, and hardware data, emphasizing searchable cross-references.
Policies and Procedures
- Identifying Keys: Use blind codes, avoid marking levels.
- Issuing Keys: Requires authorization, issued by need, with agreements and photo ID.
- Returning Keys: Procedures for authorized return, found keys, and consequences for non-return.
- Non-returned key policy: Fees for lost/stolen keys, potential re-keying costs.
- Master Key System Administration: Updating schedules, minimizing cross-keying.
- Audits: Annual keyholder checks and periodic key system evaluations.
- Transfer/Temporary Use: Requires authorization and record keeping.
Forms
Recommends standardized forms for key transactions, including requests, returns, lost/stolen reports, and service requests, detailing essential information for each.
Servicing
Outlines procedures for cutting keys, pinning/recombinating cylinders, installing locks, and preventative maintenance, emphasizing the use of facility-approved locksmiths and factory-approved code cutting machines.
Condensed Model Key Control Policy
Provides a simplified template for developing a key control policy, covering purpose, specification, general guidelines, and key control procedures for facilities.
Specific Applications
Educational K-12
Highlights unique considerations for schools, such as protecting vulnerable populations, lockdown procedures, and managing keys during academic breaks.
Healthcare Facilities
Addresses the specific needs of healthcare settings, including HIPAA compliance, diverse department security requirements, and managing access for staff and visitors.
Colleges and Universities
Details key control considerations for higher education, including protecting large populations, varied department needs, and managing keys for students, staff, and contractors.
Office Buildings
Focuses on key control in office environments, considering tenant vs. core space administration, tenant-specific systems, and high turnover.
Glossary of Terms and Definitions
Defines key terms related to key control, such as Bitting, Blind Code Number, Change Key, Key Control Authority (KCA), Master Key, and others, referencing industry standards.
