1.0 - INTRODUCTION
1.1 - General
The University of Texas at El Paso is committed to ensuring a safe and secure campus. This Standard Operating Procedure (SOP) describes the procedure and responsibilities for all parties involved in the requesting and granting Keyed or Electronic Access to facilities.
1.2 - Objectives
The purpose of this policy is to provide adequate physical building security for persons and property through the use of access control devices and the control of keys issued, to assure appropriate access to work areas by employees in buildings on the UTEP campus, and to allow unrestricted access by University Police and maintenance personnel to all campus areas for reasons of security, safety, and health.
1.3 – Overview
Facilities are responsible for the management of the University Keying and Electronic Access Control Systems. That responsibility includes controlling the production, storage, and issuance of keys; the replacement or rekeying of lock cylinders; the acquisition of new keying systems; the maintenance of accurate records; and the cataloging of and adherence to key system authorizations. All locks and keys must be approved by Facilities Key Shop before installation. Facilities is also responsible for the purchase, installation, and maintenance of campus-wide electronic access control systems. The Facilities Key Shop is responsible for stand-alone access locks.
The UTEP Campus Police Department is responsible for overall campus security. Any deviation from established security policies and practices must be submitted to the UTEP Campus Police Department in writing for approval.
1.4 – Definitions
|Term ||Definition |
|Access Control ||Control of entry/exit to an area by any means (mechanical or electronic means) |
Mechanical Key System - Any mechanical device used to operate a mechanically controlled mechanism for entry/exit to a controlled area.
Lockbox Systems - An access control system designed for building access, used by service departments or police/fire personnel.
Card Access Control Systems - A computerized card access control system. An electronic or electro-mechanical device replaces or supplements mechanical key access and the Miner Card is used to unlock doors. The system provides entry access to various doors and enables automatic locking and unlocking of specific doors or groups of doors at prearranged times during the day.
|Access Control Director ||The Vice President for Business Affairs has been designated as the overall authority and delegated the responsibility for administration of this policy, procedures, approvals and issuance of all University access keys and is accountable for access and security of all campus facilities and property. |
|Access Control Administrator ||The Associate Vice President Business Affairs, Facilities Services has been designated as the overall authority to implement this policy and procedures. |
|Access Control File ||Critical records maintained by the Facilities Services - Access Control Shop, such items as key codes, key copy numbers, and Access Control database as well as departmental control access data. |
| Miner Gold Card (MGO) ||This is a multi-use identification card given to every student, faculty, staff and may be issued to authorized visitors. This card is distributed by the Miner Gold Card Office. |
|Access Control Supervisor ||Designated individual within the Facilities Services - Access Control Shop who manages the keying system and access service delivery. |
|Access Control Grantor ||This person reports to or has been appointed by the Access Control Supervisor. This person is in charge of granting access via the electronic Access Control System or cuts and delivers the appropriate key based on authorized requests. |
|Department Head ||Person in a department responsible for appointing a Department Access Coordinator and Authorizing individual key requests within their specific department. This is reserved to Executive offices, Deans, Directors, Chairperson. This person may delegate their authority to a person within their department. |
|Trainer ||Person responsible for training the Key Holder of aspects related to certain building access requests. Trainers include HS&E Lab Safety Trainers, Level III protocol trainers, etc. The requirements for training are outlined in each Task Instruction related to Level II and Level III access requests. |
|Department Access Coordinator ||Person delegated by the Department Head to coordinate and/or approve access requests based on delegated authority, adherence and implementation of this policy. |
|Key Holder ||Any University employee, student, volunteer, alumnus, or authorized visitor/vendor in possession of an access device (key/card). |
2.0 - DOCUMENT SYSTEM
2.1 - Process:
2.1.1 - Tier I Documentation (Policies)
The purpose at this level of documentation is to state, in a concise and brief format, the overall policies, beliefs, and objectives of management on the operation and maintenance of the Facilities Access Control System.
These are traditionally internally driven documents that are written to conform and parallel other departmental or functional policies and procedures. They can include regulator or guidelines compliance documents, Quality Policies.
2.1.2 - Tier 2 Documentation (Facility Operations and Maintenance Procedures)
The second level of documentation is more detailed and addresses the procedure(s) for an activity or process, and identifies who is involved, what happens, and the critical control points. These procedures are organized on a functional basis and are further defined in Section XX and Appendix A.
2.1.3 - Tier 3 Documentation (Task Instructions)
This level of documentation is very detailed on “how”: to accomplish one specific job, task or assignment. These may be references to existing documents, checklists or forms, or incorporated within a computerized maintenance management system. This entails work/job instructions which may stand alone or are part of a larger manual or policy.
2.1.4 - Tier 4 Documentation (Records)
The last level of documentation can include forms, records, reports and other documents used to summarize the results of the processes and provide evidence of conformance to requirements, goals and objectives.
3.0 – TIER 1 POLICY MANUAL
3.1 Policy Introduction
This standard operating procedure (SOP) describes procedures to request, grant, track and remove building/office/lab access to help ensure the security of our staff, faculty, students and facilities. This SOP shall be followed by all staff, students, faculty and visitors to the campus.
3.2 UTEP Security Access Levels UTEP has three (3) access security levels.
3.2.1 Level I Description:
This is the basic access level that all students, staff and faculty have based on their enrollment or employment status. This access is typically associated with granting access to main entrance doors to Education in General facilities during regular operating hours.
3.2.2 Level II Description:
This is higher access level associated to basic security laboratories or office spaces. This access request is generic as shown in Appendix A, but requires authorization from the University Department or Office requesting facility access for the requestor. This authorization is intended for those that have legitimate business reasons for accessing the space.
3.2.3 Level III Description:
This is the highest access level associated to specific high-security laboratories or office spaces. Security approval at this level for a specific high-security space does not constitute automatic access to any other building doors within or throughout the campus. The available access (doors) is explicitly defined for each level III space and access to other facilities requires additional Level II or Level III approval.
Each of these spaces shall have its own access request form, a detailed access request procedure listing proper training, protocol and a Department Head’s Contact information. The University Vice President responsible for the Level III area shall submit a memo to the Access Control Administrator defining the delegate of authority for granting access to the space. This access request requires the designated Delegate of Authority’s signature requesting facility access for the Key Holder. These forms and procedures are contained within this SOP as a Task Instruction in the Appendix. Those who do not follow the access protocol for these spaces will face immediate disciplinary action up to and including dismissal and prosecution.
3.3 Granting Access
Routine access to locked University facilities or areas within University facilities required for the performance of an employee’s assigned duties will be provided through the granting of electronic or keyed access.
Access to buildings, offices, and other facilities may only be granted to a University employee upon proper authorization by a Department.
Access may not be granted to a student unless the student has a University appointment as an Assistant Instructor, Teaching Assistant or Research Assistant, or the University Department or Office requesting the facility access for a student requests an exception.
3.4.1 Access Control Director - Vice President for Business Affairs
Designated as the overall Access Control Director and is responsible for or may delegate the following items:
- Approves all new access control systems and modifications to existing systems.
- Ensures appropriate authorization of all key fabrication and electronic access requests.
- Directs Access Control Manager to conduct a key control record audit as needed.
- Ensures the involvement of Facilities Services and Campus Police in the design and planning of new and modified access control systems.
- Requests designated Internal Auditing Group, Access Control Shop and/or Campus Police employees to conduct reviews of campus departments and units to determine the adherence to and implementation of the access control-policy.
- Reports the results of key control reviews of campus departments to the Executive Administration at regular intervals.
- Directs designated Facilities Services employees to establish service programs for administering, maintaining and repairing the mechanical and electronic access control systems.
3.4.2 Access Control Administrator - Associate Vice President Business Affairs, Facilities Services
Oversees the service program for access systems and is responsible for or may delegate the following items:
- Maintaining access control files.
- Directing the fabrication of all keys for campus spaces, mechanical access control, and specialized security keys.
- Managing a service program for all maintenance and repair work regarding mechanical and electronic access systems.
- Consulting with University Chief of Police (or designee) concerning records of keys lost or stolen. Decisions to re-key or to duplicate keys are based on consultation between the Chief of Police, the Access Control Administrator, and the respective Dean or Department Head. All re-keying will be administered through the Facilities Service Access Control Shop. The cost of routine re-keying and key-cutting is borne by the affected Department.
3.4.3 Department Access Coordinator
The Department Access Coordinator is responsible for the management of the keys and Electronic Access for that particular department. The Department Coordinator is assigned the role by the Department Head and is required to read and sign the Department Access Coordinator Service Level Agreement with Facilities Services.
The Department Access Coordinator’s function includes the following:
- Coordinates the issue of keys and Electronic Access Control with the Key Holder, Department Head and the assigned Access Control Grantor.
- Can approve access if formally delegated by the appropriate Director.
- Retrieves and returns keys to Facilities Services in a timely manner.
- Administers/coordinates keys for desks, cabinets, display cases, etc. in the Faculty, department or operating unit. As a matter of operational policy, undertakes an annual audit of keys/cards controlled by the Faculty, department or operating unit.
- On an annual basis, the Access Control Shop will send out a list of people with access to the department and Department Access Coordinator must ensure that the access is still appropriate. The Department Access Coordinator shall notify the Access Control Shop of any discrepancies and work with them to resolve the issue.
- Report Lost or stolen keys or access cards with Campus Police. Lost or stolen keys or access cards will not be replaced until a report has been filed with the Campus Police Department and Campus Police have notified the Access Control Administrator of this fact and made a recommendation regarding re-keying a facility.
3.4.4 Department Head
The Department Head is defined as an Executive Officer, Dean, Director or Chairperson that has been assigned those spaces through the University’s formal process of space planning and allocation. The Department Head is responsible for fully implementing this policy within their respective areas. All records are subject to review by the Vice President for Business Affairs or their delegate. Further, Internal Auditing shall perform periodic inspections of records as determined by that department.
The Department Head’s functions include the following:
- Appointing a member of his/her department to be the Department Access Coordinator and advise, in writing, of the assigned responsibilities. The agreement is shown in Appendix 5.1 – Department Access Coordinator Agreement.
- Responsible and accountable for the control of interior building spaces and providing access to those spaces. Therefore the Department Head or designee must sign off on all access requests.
- Shall exercise control of their buildings in compliance with standards and procedures established by the University.4 Individual departments are responsible for all re-keying costs resulting from violations of this policy by their employees.
3.4.5 Campus Police
Campus Police has overarching custodial responsibility for monitoring security and responding to emergency or non-compliance of the policy for the University plant, including interior building spaces. Campus Police has the authority to access all Level I and Level II interior areas for the purposes of fulfilling this overarching responsibility and to the extent necessary to do so, liaises with occupant units. Level III access shall be coordinated with the Department Access Coordinator and entry is only permitted once all the protocols as per the space specific Task Instructions have been fulfilled by Key Holder.
Police will also assist in coordinating emergency or security events by contacting the Department Access Coordinator or Access Control Grantor from the Facilities Services Access Control Shop to remove access as required.
3.4.6 Facilities Services Access Control Shop
The Department of Facilities Services has overarching custodial responsibility for the operations and maintenance of the University plant, including interior building spaces. Facilities Services has the authority to access all Level I and Level II interior areas for the purposes of fulfilling this overarching responsibility and to the extent necessary to do so, liaises with occupant units and Campus Police. Level III access shall be coordinated with the Department Access Coordinator and entry is only permitted once all the protocols as per the space specific Task Instructions have been fulfilled by Key Holder.
The Department of Facilities Services shall be responsible for all physical installations in University buildings that restrict access to locked space. This includes, but is not limited to doors, frames, locks, keys, door and frame hardware, electrical and fiber optic cabling, and access control hardware and devices (e.g., proximity reader, electronic strike, door contacts/magnets, electronic latches, power transfer hinge, motion sensor, etc.).
The Access Control Shop within Facilities Services shall be responsible for central key production, issue, control of master keys, and distribution of regular/change keys to University Faculties, departments and operating units.
The Access Control Shop shall:
- Have in-staff and delegate Key Coordinators with fiduciary responsibility for the proper implementation of this SOP and management of the Access Control Systems.
- Keep up-to-date records of an electronic key inventory
- Keep up-to-date records on card access agreements4. Ensure that the access policy is being followed prior to granting access to anyone
- Ensure that all required signatures for access are obtained prior to granting access to any building.
- In conjunction with Access Granting Authorities, limit access to those individuals who have documented a need to work in the facility
- Supply audit access reports to departments as requested.
- Ensure Campus Police receives access as authorized, with in the same business day of the change.
3.4.7 Environmental Health and Safety (EH&S)
EH&S has overarching custodial responsibility for the safety and environmental regulatory and operational processes for the University plant, including interior building spaces. EH&S has the authority to access all Level I and Level II interior areas for the purposes of fulfilling this overarching responsibility and to the extent necessary to do so, liaises with occupant units and Campus Police. Level III access shall be coordinated with the Department Access Coordinator and entry is only permitted once all the protocols as per the space specific Task Instructions have been fulfilled by Key Holder.
3.4.8 All Key Holders
All Key Holders are required to:
- Sign an approved form documenting record of the issuance of the key.
- Maintain, secure and be responsible for any access control key(s) issued,
- Report loss or theft of access control keys to the Department Access Coordinator, Facilities Services Access Control Grantor and the University Police Department within 24 hours of discovery of theft or loss, and
- Return to the Department access or Facilities Access Control Grantor upon terminating from the department, all keys issued.
- All Key Holders have a fiduciary duty to ensure they safeguard their access control key or card. Cards shall not be shared with any individual. Key Holders and Card Holders shall not allow piggy-backing of unauthorized persons into any space.
- Keys shall be returned to:
- Department Access Coordinator
- Key Coordinator at the Facilities Access Control Shop
- Human Resources
- Students, faculty and staff are required to maintain and have in their immediate possession the appropriate access device (key and/or Miner Gold Card) that provides authorized access. It is each person’ responsibility to maintain their Miner Gold Card on active status.
- Visiting Scholars, Grant Appointees, Contractors, Vendors, Guests and Volunteers must apply for a Miner Gold Card and apply for access through the sponsoring Department Access Coordinator.
- The propping of electronically controlled or monitored doors is not permitted except with prior notification and approval of the UTEP Campus Police.
- Tampering with or attempting to bypass security on an electronically controlled or monitored door in any way, including but not limited to key bypass, propping, taping and/or dogging, is prohibited.
- Those who do not follow the access protocol for these spaces will face immediate disciplinary action up to and including dismissal and prosecution.
3.5 - KEY LEVELS/REQUIRED AUTHORIZATIONS
3.5.1- Great Grand Master:
Great Grand Master provides total access to all buildings on campus using a designated key and with the electronic card access. This is not an assignable key and maintained only by the Access Control Shop.
3.5.2 - Grand Master Key:
Grand Master operates two or more separate groups of locks, which are each operated by a different master key and all card readers installed. Authorization for Grand Master is granted by the Access Control Director (or delegate), and the Campus Police Department Chief, and the Level III Delegate of Authority (if required). This key is restricted to security and maintenance personnel only.
3.5.3 - Building Master Key:
Building Master provides access to all Master keyed and doors with card readers in spaces to a specific building. The issuance of this key is restricted to persons authorized by the Access Control Administrator.
3.5.4 - Building Sub-Master Key:
Building Sub-Master provides access to a group of rooms within a department or building. Authorization for this level of access will be determined by the Department Head.
3.5.5 - Individual Room Key:
All individual keys are given to access a room/office within a specific building on campus. Authorization is granted by the Department Head.
3.6 CHARGEABLE/NON-CHARGEABLE KEY ISSUES
3.6.1 Original Keys or Access Card:
Original keys issued to an employee are not chargeable.
3.6.2 Worn Keys or Worn Access Card:
Worn keys will be replaced without charge. Original keys must be returned to the Facilities Access Control Shop.
3.6.3 Lost or Stolen Key Replacement:
Replacement of lost/stolen keys or failure to return assigned keys will result in charges to the Department employing the person identified as the key holder. Facilities have set the following replacement costs for the various key levels:
| Type of Key ||Replacement Cost |
| Miner Gold Card ||Refer to the Current Miner Gold Card Policy |
| Room or Outside Door Key ||$25.00 |
| Building Sub-Mater Key ||Dependent on mitigation cost |
| Building Master Key ||Dependent on mitigation cost |
| Grand Master Key ||Dependent on mitigation cost |
3.6.4 Lock Changes Following Lost or Stolen Key Incidents
Lock changes required to maintain building security following lost or stolen key incidents are chargeable work orders. The Building Supervisor, Dean, Director, Department Chair or Key Manager will notify the Facilities Service Center to have their locks rekeyed and security reestablished.
In cases where re-key is recommended by the Facilities Access Control Shop and/or Campus Police, the affected department(s) shall be charged the cost of re-key and any additional security measures necessary, to include but not limited to equipment and staff resources as approved by the Chief of Police or designate to ensure security of the facility during the period of time the facility is vulnerable to unauthorized entry.
3.6.5. Students Who Fail To Return Keys:
Students who fail to return keys will be subject to the same restrictions and penalties as students who fail to honor their financial obligations to the University.
3.6.6 Department Heads:
Deans, Directors or Department Chairs acknowledge keys issued by their key manager and lost or not returned could result in a charge to their department to restore security.
3.6.7 Forgotten Keys
Key holders who require the Campus Police Department and/or the Access Control Shop to open a door because they forgot or lost a key will be charged for the service. The charge may be waived for first time incidents. The cost for an open-door request because of a forgotten or lost key is $10 per incident.
3.7 KEY ISSUANCE
3.7.1 UTEP Employees:
All unclassified and classified employees will be issued keys needed to access office and/or work areas.
3.7.2 Key Request:
All key requests must be submitted by a Department Access Coordinator by email to the Facilities Key Shop. Key requests will be filled the next business day. All key requests must be before 3:00 p.m. Monday through Friday to ensure next day pickup.
3.7.3 Record Management:
Facilities will maintain employee key records in its Key Shop database. The Key Shop will provide Department Access Coordinators with reports of key records grouped by department as requested, and will work with the Department Key Coordinators to maintain the accuracy of these records as changes occur.
3.7.4 Short Term or Temporary Building Access:
For short term or temporary building access, Departments may retain duplicate check-out keys in a secured area (lockable box or cabinet). Responsibility for the security of these keys, as well as establishing a sign-out procedure to track the location of the keys, remains with the department. These temporary key storage areas will be subject to audit by the Facilities Key Shop personnel. These keys must be issued to a person who will be responsible for their use and safekeeping.
3.7.5 Master Key Pick Up:
The person being assigned a Master key must pick up the key in person. Only under extreme circumstances will there be exceptions to this rule.
3.7.6 30-Day Request Period:
All keys must be picked up from the Facilities Key Shop within thirty (30) days or the request is void and a new request will need to be submitted before a key can be issued.
3.7.7 Key or Access Card Replacement Requests:
Replacement requests for lost or stolen keys are submitted to the Department Access Coordinator. Keys will be replaced when a copy of a University Police report has been mailed/faxed/emailed to Facilities Access Control Shop. The department will be charged for replacement keys.
3.7.8 Cipher Lock Management
Cipher Locks (local pin-based security systems) will be installed by Facilities Services, but the management responsibility of these systems lie solely on the Department Access Coordinator. Pass code dissemination and recordkeeping of these systems will not be maintained by Facilities Services. The Department Access Coordinator is also responsible for assigning and notifying the Campus Police Department of the code to the device.
In the next phase of single door implementation, it will be the University policy to not install local pin-based security systems. A card access lock set that integrates with the University card access system will be utilized.
3.8 RECORD KEEPING:
Facilities will keep the official records of keys issued for all University employees. Department Access Coordinators will maintain key records for their buildings and/or departments. Facilities will maintain a security software system which will record building key data and employee key records. Reports will be generated by the Facilities Key Shop as requested by Department Access Coordinators.
- Each Department is responsible for periodically performing physical inventories of keys, including department lock boxes.
- The Access Control Shop will send out a list of key ID and key holders to the Department Access Coordinator on an annual basis.
- Each Department is responsible for performing, at a minimum, annual audits of individuals who have Electronic Access to the Department space. Any changes shall be coordinated with the Department Access Coordinator and Facilities’ Access Control Grantor.
- Keys found missing at that time will be subject to charges as listed in 3.6 CHARGEABLE/NON-CHARGEABLE KEY ISSUES.
3.10 NON-UNIVERSITY LOCKS
No lock may be installed on a University building or property without prior approval of the Facilities Access Control Shop. Locks installed without prior approval will be removed at the Department's expense. The cost of the unauthorized lock will not be reimbursed.
4.1 Granting Access for Level I Areas
4.2 Granting Access to Level II Areas
4.3 Granting Access to Level III Areas
4.4 Removing Access
5.0 AGREEMENT FORMS
5.1 – Department Access Coordinator Agreement
5.2 – Access Control Grantor Agreement
6.0 – Task Instructions
Level II Access Request Task Instruction
Level III Vivarium/BSL3 Access Request Task Instruction
Vivarium Electronic Access Request Form – The University of Texas at El Paso
Level III Administration 5th Floor Access Request Task Instruction
Level III Human Resources Access Request Task Instruction
Level III Chemistry Bldg: Chemical-Storage RM XXX Access Request Task Instruction
Level III Engineering Rm XXX: Govt US Citizen only lab
Last Updated: July 1, 2013
Back to Business Process Guidelines