Building Access Policy

Policy Information
Policy TitleBuilding Access Policy
Responsible OfficeOffice of the Vice President for Operations
Policy TypeFacilities and Property
Policy Number416
Last Revision Date2/19/2024

Policy:

Binghamton University strives to maintain the security of its facilities through strict control of building access.  All staff, faculty, students, contractors, and other appropriate individuals (e.g., residential summer camp attendees), needing regular access to a University facility will be provided with the proper building access by following the processes documented in this management procedure.

Purpose:

The purpose of this management procedure is to maintain a safe and secure living and working environment, prevent thefts from buildings, control access to buildings, and ensure the accountability of individuals and departments requesting the use of University facilities.

Section 1: Overview of Management of Electronic Access Control Permissions and Key Assignments:

1.       Each building on campus has a Building Administrator who is responsible for many building management duties.  In buildings that house numerous departments, multiple Building Administrators may be designated.  One of the specific duties of Building Administrators is to oversee building access control and authorize the assignment of building keys.  This authority makes the Building Administrator the Access Manager for the entire building.  Building Administrators may authorize individual departments to designate an Access Manager at the department level.  In these cases, the department Access Manager will control authorization for access permissions and key assignments for areas under department-level control, but the Building Administrator has the ultimate responsibility for the entire building or facility.  This flexibility recognizes that the occupancy of each building on campus is unique in that some may house strictly administrative offices while others may house a diverse combination of offices such as academic departments, laboratories, food service facilities, recreation facilities, libraries, and other non-related areas, each of which may require an Access Manager.  Therefore, it may be necessary to delegate access authority in an even more decentralized manner to best accommodate the unique needs of each building.  All Building Administrators are considered Access Managers, but additional department-level Access Managers may be appointed as necessary for the efficient administration of this policy.  Access Managers will be officially authorized by the Dean, Director, Division Head, or Chair of a department and given the authority and responsibility to authorize key assignments and electronic access permissions for their department.   Throughout the rest of this document, the term “Access Manager” will be used to refer to both department-level Access Managers and Building Administrators.

2.       Keys and electronic access permissions are assigned based on need, not by position or job title.  That need is determined by the Department Chairs/Directors in coordination with the appropriate Vice President, Division Head, and/or Dean and based on the job function of the individual.  Keys and electronic access levels shall only be assigned to individuals as necessary for the performance of their job duties.  A higher-level key in the key hierarchy or a broader access level in the electronic access system may be authorized for an employee whose job requires access to multiple areas on campus in order to be effective in the performance of their assigned duties.  Convenience is not a reason for assignment of a high-level key or for electronic access beyond what the employee’s job function requires.  Any special requests for exceptions to the above, including requests for master keys, must be directed in writing, with a strong justification, to the Associate Vice President for Facilities Management and Chief of Police.

3.       Some departments and groups require a broader range of access to University spaces to carry out their departmental job duties, such as University Police, Environmental Health & Safety, Office of Emergency Management, Facilities Management, and Information Technology Services.  In these cases, an Access Manager may be designated to manage electronic access and authorize key assignments for their respective department personnel.  Although this type of Access Manager may not be directly responsible for the spaces themselves, the same responsibilities of an Access Manager apply in their management of electronic access and key assignments.

4.       Supervisors are responsible for requesting key assignments and electronic access permissions on behalf of their employees to the appropriate Access Manager.  Supervisors are also responsible to ensure keys are returned and electronic access permissions are removed or modified as required by Sections 2-B-4 and 3-B-3 of this policy.

5.       Upon assignment of keys or access permissions to authorized persons in a building or department, it is the responsibility of each department or Access Manager to educate and train the keyholder/cardholder about their responsibilities as a keyholder/cardholder.  This should include familiarizing the keyholder/cardholder with this policy, which can be found on the Division of Operations website under Policies and Procedures (https://www.binghamton.edu/operations/policies/).

6.       Individuals with keys or electronic access permissions shall be responsible to:

a.       Ensure doors are locked when leaving an area, or in accordance with departmental procedure.

b.       Report malfunctioning locking hardware to the Facilities Operations Center (mechanical hardware) or the Information Technology Services Help Desk (electro-mechanical hardware).

c.       Not allow access to secured areas/buildings to any unauthorized persons.  Keyholders/cardholders may not grant access to any individual who they do not specifically know are authorized to enter an area/building.

7.       Individuals with a need to access a space to which they don’t have electronic or key access, or if they are locked out, should follow their unit’s standard procedure.  University Police may also be contacted for access.  Facilities Management personnel do not provide access in these situations.

8.       Assignment of keys and electronic access for contractors and other non-employees shall be governed by this policy and the Non-University Employee Identification Card & Access Request Procedure, which can be found on the Facilities Management website (facilities.binghamton.edu).

Section 2: Keys

1.       The Facilities Management Lock Shop manages the University’s keying system, maintains the key inventory, and handles all key issuing and returns (via the Facilities Operations Center).

a.       Exception: The Office of Residential Life maintains the key inventory and handles key issuing and returns for operating keys to resident rooms.

2.       It is the Access Manager’s responsibility to authorize the assignment of exterior door keys to only those individuals who have a continuous need to access the building after normal building hours.  Exterior door keys will not be issued for buildings that have one or more exterior doors outfitted with electronic access control.

3.       The department will be held accountable for any individual for whom it has authorized a key.  If the authorized individual loses a key or does not return a key as required by this policy, the department will be charged costs associated with the need to rekey any and all spaces accessible by the key.  This is absolutely essential to maintain the safety and security of the university facilities.

a.       Some operating keys can open a large number of keyed-alike doors, and any category of master or submaster key can open a large number of doors.  A department or building master key could control over 500 doors.  A loss of a building master key controlling this number of doors, requiring the changing of locks, could cost a department in excess of $25,000.  Assignment of department and building masters shall be kept to a minimum.  Departments requesting master keys for personnel assume a higher liability in the event of a lost key.  This must be considered during the authorization process.

b.       Where electronic key cabinets are deployed, keys stored in a cabinet must be secured in the cabinet when not in use, must be returned to the cabinet immediately after use and must never leave the building or assigned area.

c.       Requests for any level of master key require additional approval at levels above the Access Manager and Building Administrator.

4.       University locks (including padlocks) shall not be replaced or supplemented with non-university issued locks.  Any such lock installations will be removed and replaced with a University lock.  Additionally, key lock boxes (combination or otherwise) are not permitted.  The responsible department will be responsible for all charges associated with the removal of unapproved devices.

5.       Keyholders will be issued only one copy of any given key.

A.      Key Assignment Procedure

1.       Upon request of an employee’s supervisor, the Access Manager submits a Service Request for keys to the Facilities Operations Center (FOC).  Each request must include:

·         Keyholder’s Name, B#, BU Email, & BU Phone #

·         Name & BU Email of Keyholder’s Supervisor

·         The specific key(s) or door(s) requested

·         Identification of whether the key is a permanent assignment or a temporary assignment, and if temporary, the due date

·         Account # to charge

2.       The Facilities Management Lock Shop prepares the key(s), and an email is generated to the keyholder (copy to the keyholder’s supervisor).

3.       The keyholder picks up the key(s) at the Facilities Operations Center (photo ID required), and signs the Binghamton University Key Agreement:

1.        The duplication of any University issued key is strictly prohibited.

2.        Any individual issued a key to any University facility is responsible for the safekeeping of the key and its authorized use. It must never be loaned, given, or transferred to any other individual, and must be kept under the personal control of the keyholder at all times.

3.        Damaged keys must be reported and returned immediately to the Facilities Management Lock Shop.  Replacement charges will be waived if the damage is a result of normal wear and tear.  If a damaged key is reported but not returned, it will be treated as a lost key.

4.        Lost keys must be reported immediately to the Facilities Management Lock Shop and to University Police and the appropriate Incident Report filed.

5.        Personnel whose employment with the University is ending or those being placed in a status where access to University facilities has not been authorized must return all keys to the Facilities Operations Center by their last day of work.

6.        Personnel transferring from one department to another or one building to another must return their keys to the Facilities Operations Center and a new Service Request must be submitted by their new Access Manager.

7.        Keys must be surrendered by an individual at any time at the request of University Police, Facilities Management, the authorizing department, or upon separation from the University.  A receipt will be issued upon return of all keys.  A key is not considered officially surrendered until an individual is issued a receipt for the return.

I agree to the above and to abide by all stipulations of the University Building Access Policy (Policy #416).  I further understand and agree that any violation of this agreement, lost key, or failure to return a key may render me or my department liable for the expenses of a rekey for the affected area(s).
 

4.       A pickup confirmation email is generated to the keyholder (copy to the keyholder’s supervisor).

5.       Facilities Management, in its discretion, instead of issuing keys directly to an individual, may grant the individual access to keys in an electronic key cabinet.

B.      Key Return Procedure

1.       Keys must be returned in person by the keyholder to the Facilities Operations Center.

2.       A key return receipt is generated to the keyholder via email (copy to the keyholder’s supervisor).

3.       Keys may not be transferred from one keyholder to another.  Keys must be returned by the keyholder to the Facilities Operations Center, and the “Key Assignment Procedure” must be followed to reassign the keys.

4.       It is the combined responsibility of the keyholder’s supervisor and the Access Manager to ensure keyholders return keys when:

a.       Their employment with the University is ending or they are being placed in a status where access to University facilities has not been authorized.  In certain cases, the Office of Human Resources may collect the employee’s keys and then turn them over to the Facilities Management Lock Shop.

b.       Their job duties have changed which require a different level of access.

c.       They move to a different department, office, or building.

d.       A temporary key assignment’s due date has arrived.  Due dates may be extended with Access Manager authorization (via request to the Facilities Operations Center).

C.      Lost Key Procedure

1.       Any lost, stolen, misplaced, or otherwise unaccounted for key(s) shall be immediately reported by the keyholder to University Police and to the Facilities Operations Center.  The keyholder should also notify their supervisor and Access Manager.

2.       The Facilities Management Lock Shop will produce a list of all doors operated by the key(s).  Facilities Management will initiate the rekeying process, working with the the Access Manager and Building Administrator.  The department will be held responsible for the costs associated with the rekeying.

3.       Any key(s) not returned by the due date or as otherwise required by Section 2-B-4 of this policy shall be considered lost, and the rekeying process will be initiated.

4.       Any found key(s) shall be immediately turned over to the Facilities Operations Center or to University Police (who will then turn them over to the Facilities Management Lock Shop).

D.      Key Audits

1.       Facilities Management may perform audits of assigned keys at any time.

2.       Any keys that are unaccounted for will be considered lost, and the Lost Key Procedure (including rekeying) will be initiated.

 
Section 3:  Electronic Access Control
 

The Security Infrastructure & Support (SIS) group within Information Technology Services (ITS) administers the University’s electronic access control system.  This system consists of an access control database that is centrally administered by SIS and locally managed by Access Managers, access control hardware that is installed in individual buildings, and Binghamton University ID cards that are held by individual cardholders which are used as the access credentials.  ID cards are issued by the Office of Human Resources (employees) and Undergraduate Admissions (students).

The granting of electronic access permissions is a decentralized process.  The Security Infrastructure & Support group may manage some areas or facilities, but in general, managing access is the responsibility of the Access Managers, who have the ability to grant and restrict access within their areas of responsibility.  Access Levels are determined by Access Managers with technical guidance and support from Security Infrastructure & Support.  Access levels include:

·         Affiliation (student, faculty, staff, external)

·         Space (where access should be granted)

·         Time (when access should be granted)

·         Dates (activation/deactivation)

A.      Requests for Electronic Access Control Installations & Repair

1.       Requests for repair or installation of electronic access must be made by submitting a TeamDynamix ticket to the ITS Helpdesk.

a.       Cost estimates for installations can be provided upon request.

b.       Security Infrastructure and Support can provide guidance for electronic access for project planning, design, and construction.

2.       All electronic access installations will meet the Binghamton University Design & Construction Standards for Security and Access Control Systems defined by the ITS Security Infrastructure & Support group.

B.      Responsibilities of Access Managers

1.       Provision requests for electronic access control permissions.

2.       Can approve access if formally delegated by the appropriate authority.

3.       It is the responsibility of the cardholder’s supervisor to notify the Access Manager to disable or modify a cardholder’s access when:

a.       Their employment with the University is ending or they are being placed in a status where access to University facilities has not been authorized.

b.       Their job duties have changed which require a different level of access.

c.       They move to a different department, office, or building.

d.       Temporary access is no longer required.

4.       Work with SIS to establish access levels, access schedules, and temporary access.

5.       Work with SIS to establish door unlocking/locking schedules.  Building Administrators have the responsibility to establish schedules for exterior doors.

6.       The department will be held accountable for any individual for whom it has authorized electronic door access.  

7.       It is the Access Manager’s responsibility to authorize exterior door access to only those individuals who have a continuous need to access the building(s) after normal building hours.

8.       Access Managers shall conduct an annual audit of cardholders with access to the spaces under their control.

C.      Responsibilities of Cardholders

1.       Any individual issued ID card access for use at any University facility is responsible for its authorized use.  It must never be loaned, given, or transferred to any other individual.

2.       Damaged ID cards must be reported and returned immediately to Human Resources (employees) or Undergraduate Admissions (students), where a replacement card can be issued.

3.       Lost, stolen, misplaced, or otherwise unaccounted for electronic access credentials must be reported immediately to the Access Manager during normal business hours and to University Police after normal business hours.

4.       Personnel whose employment with the University is ending or those being placed in a status where access to the University facilities has not been authorized must return all electronic access credentials to their supervisor for return to Human Resources by their last day of work.  The Office of Human Resources will coordinate with the Access Manager and/or the Security Infrastructure and Support group when an employee is placed in a temporary status that requires their access to facilities be suspended.

5.       Electronic access credentials must be surrendered by a cardholder at any time upon the request of University Police, the authorizing department, or upon separation from the University.

D.      Electronic Access Permissions Assignment Procedure

1.       Upon request of an employee’s supervisor, the Access Manager provisions the appropriate level of access.

2.       To request access to a facility with electronic access, a request to the corresponding Access Manager shall be made.

3.       Unless otherwise authorized, all student access is terminated at the end of the semester.  New requests for access must be submitted each semester.  Faculty and staff retain given access unless otherwise indicated.

Section 4: Electronic Key Cabinets

1.       In order to reduce the number of keys carried by individuals on campus, reduce the risk of lost keys, and improve after-hours secure access to facilities, Binghamton University has implemented electronic key cabinets in several buildings.  These cabinets contain building keys that are secured in the cabinet with a “SmartKey”.  Users use their Binghamton University ID card as the credential to release keys for which they are authorized from the cabinet.  These electronic key cabinets greatly increase safety, security, and efficiency while standardizing key control methods across campus.  Specific benefits include:

·         Ensure only authorized users have access to specific keys

·         Audit trail including when a key is removed and returned, and by whom

·         Identify keys that have not been returned

·         Determine frequency and duration of use of a particular key

·         Enforce time limits on key usage

·         Notify a manager via email or text an alert situation

2.       Installation and management of electronic key cabinets is a joint effort between the Information Technology Services Security Infrastructure & Support group and Facilities Management.  Provisioning of access to electronic key cabinets is typically handled by the Facilities Management Lock Shop, although in certain cases, department Access Managers may provision access.

3.       All procedural and policy provisions of this policy apply to the request, approval, provisioning, and removal of access to keys in electronic key cabinets.  Additionally, the following applies to users of electronic key cabinets:

a.       Users who remove key(s) from an electronic key cabinet shall not loan the key(s) or otherwise allow any other individual to use the key(s).  The user who removed the key(s) will be held responsible            for all use of the key(s), and the user’s department will be held responsible in the case of lost key(s).

b.       Keys must be secured in the cabinet when not in use and must be returned to the cabinet immediately after use.  Keys must never leave the building or complex to which they are assigned.

c.       Keys not returned to the key cabinet and past the overdue limit shall be considered lost, and the Lost Key Procedure (including rekeying) shall be initiated.

Section 5: Building Passes

A.    University Police and Maintenance staff will continue to open and close all academic buildings (all buildings other than dormitories).

B.   In the interest of personal safety and security, student access to academic buildings, i.e., after closing is prohibited: Only those with an authorized building pass will be allowed after closing hours.

C.   The use of academic buildings by students will be permitted under the following procedures:

1.     Permission for each student (graduate or undergraduate) must be granted first by the faculty member responsible for the facility (room or area) being used. This permission must then be        approved by the building administrator.

2.      The faculty member who has granted the request will initiate a 4-part building pass (available at University Police). This pass, signed by the faculty member, will be submitted to the building  administrator's office by the student requesting the special privilege.

3.     The building administrator's signature is needed for approval. The 4-part building pass will be distributed as follows: white copy (original) University Police; yellow (1st copy to be carried by the  student; pink (2nd copy) for the department chairman; and gold (final copy) to the building administrator. This pass should be requested and approved well in advance of the scheduled activity.

4. The pass must contain the following information:

a.   Student name and ID card number;

b.   Building and specific room or rooms to be used;

c.  Date(s) and time(s) of use;

d.   The serial numbers of any keys used by this student or by a person designated to supervise the activity;

e.   Original signatures of faculty member and building administrator;

f.   The name of the faculty member, teaching assistant or student who will be responsible for supervising the activity and insuring the security and safety of the facility.

5.  While it is obvious that the intent of these policies and procedures is to maintain safe and secure facilities, please consider the safety factor involved in opening or providing access to academic facilities between 11 p.m. and 7 a.m. The intent of the policies and procedures to provide a measure of safety by providing appropriate supervision to students who may wish to work late in  laboratories or in operating equipment where potential accidents may occur, e.g.; chemistry labs, shops, etc. or where improper use of equipment may cause costly damage loss, e.g., computer labs, etc.

D.   In addition to University identification, the student may be asked by University Police personnel to produce his/her copy of the building pass.

E. Students requiring keys must acquire them at the discretion and request of the building administrator.

F.  University Police personnel may recheck the buildings after closing. Anyone found in them without the above authorized building pass will be identified and asked to leave. Any persistent student          violators may be referred to the Vice President for Student Affairs who will review the matter for possible disciplinary action. Any non-university affiliated violator may be subject to arrest.

G.   University Police will no longer unlock any facility for activities without written authorization, i.e., reservation form. University Police officers will require identification from anyone in the building after  closing and will confiscate any unauthorized keys.

H.  It should be understood by faculty, staff, and students who are working in academic buildings limited and/or controlled after closing hours that the building security procedures have been adopted not only as a measure to curb theft and vandalism, but also to provide safe working conditions. It is hoped that all concerned, through responsibility and cooperation, will join University Police in the strict administration of this policy in order to ensure the safety and security of our people in their person and property as well as assure the security and safety of our University and its facilities.