Skip to main content

University Policy 13

Electronic Door Access and Key/Lock Services

Formerly Executive Memorandum 77-29
Initially approved April 5, 1977
Revised: November 13, 2003
Revised and Renamed: September 14, 2021

Policy Topic: University Facilities and State Owned Property
Administering office: Facilities Management and Auxiliary Services

I. Policy Statement

The purpose of this policy is to help protect students, faculty, staff, and visitors as well as property at Western Carolina University. The integrity of any secure locking system is directly related to the degree of control exercised over the issuance of access and the control of keys.

This policy is in place to:

  1. Ensure that appropriate individuals requesting electronic and key access to university facilities are authorized to receive it; 
  2. Ensure a process of accountability for cancellation of access; 
  3. Resolve problems resulting from a lack of access control;
  4. Ensure responsible stewardship of University resources by defining appropriate use of the Access Control System;
  5. Control building key access procedures applying to the issuance, control, and duplication of keys and the maintenance and replacement of door locks.

Individuals receiving access to University facilities shall be cognizant of the potential safety and loss of property situations that might occur as a result of misuse or loss of electronic access credentials and/or keyed access. Therefore, individuals and departments are accountable for prompt reporting of access or key concerns.

II. Scope

The policy is applicable to all University facilities under the operational jurisdiction of Western Carolina University Police Department and Facilities Management. University-operated spaces that are not owned by the University, and University spaces not located on the main Cullowhee campus, may have other operating requirements and should adhere to this policy as practicable. The University's Facilities Management Department is responsible for providing all key and lock maintenance and services for all University facilities. Departments occupying University buildings shall be responsible for the issuance and control of keys provided for their use.

III. Definitions

  1. Access Card (University ID Card) – The official University ID credential (the CatCard) as provided by the ID Card Office.
  2. Access Control System - A high-capacity computerized access control system that provides entry/exit to a controlled area using a credential (Access Card, etc.). The system provides automatic locking and unlocking of specific doors or groups of doors at prearranged times during the day.
  3. Building Master Key – Keys used to open all doors within a specific facility.
  4. Controlled Locations – Locations eligible for electronic access control. Controlled locations include:
    1. Any exterior door responsible for securing a building’s perimeter access
    2. Doors where audit trails are required by law or regulation (EX. IT Closets, HIPPA)
    3. Doors that serve a large, broad group of the University community (EX. Study space that is available to all students 24/7)
    4. Doors with sensitive equipment and/or access needs, where unauthorized access may hamper educational/research goals or pose a significant liability risk (EX. Scientific Labs)
    5. Other locations evaluated on a case-by-case basis by electronic access control management
  5. Departmental Access Coordinator – One or multiple designated full-time staff person(s), appointed by a Facility Coordinator (See University Policy 65), to be responsible for the adherence and implementation of this policy.
  6. Department Master Key – Keys used to open doors associated with a specific department or occupant of a facility.
  7. Electronic Access Control - Control of entry/exit to an area by the Access Control System.
  8. Electronic Access Control Management - Control of the Access Control System; the management of electronic access assignment, rights, and schedules.
  9. Master Keys – Keys used to open all doors within a facility or a group of facilities.
  10. Building Hours – As set out in University Policy 48.

IV. Detailed Implementation Procedures

The University provides access to University facilities during Building Hours to students, faculty, staff, and the general public. Access to campus facilities during non-Building Hours, and to other Controlled Locations, is provided to individuals based on the requirements of their role and responsibilities on the campus.

Electronic and key access privileges to campus facilities may be assigned to faculty and staff when deemed appropriate by an employee’s Departmental Access Coordinator. Student access privileges may be assigned based on the student’s role on campus (on-campus resident, specific major, class schedule, etc.).

Termination of employment or affiliation with the University shall cease all access rights based on the affiliated person’s status as managed by Information Technology processes, and any issued keys must be returned promptly upon termination.

A. Key Procedures:

Widespread and indiscriminate use of master keys poses a significant threat to University access security. The procedures outlined below shall govern the issuance and control of all Master Keys:

  1. Building Master Key – These keys will be issued only to Facility Coordinators (one per Facility Coordinator) designated by the Chancellor, Facilities Management maintenance supervisors, housekeepers assigned to clean the building, the University Police Department, and others approved by Facilities Management for critical infrastructure and maintenance needs.
  2. Department Master Key – Where departmental master key locking is available, these master keys may be issued to Department Heads (two per department head unless otherwise approved) only. The appropriate Dean or Vice Chancellor must approve requests for such keys.
  3. Key Records – Persons authorized to possess master keys or department master keys must personally sign for such keys in the Facilities Management Customer Service office where the master key control list is maintained.
  4. Issuance and Control of Department Keys – Upon acceptance of a new building, the re-keying of an existing building, or reallocation of space to a department, Facilities Management will make a one-time issue of individual door keys based on the key requirements identified by the occupying Department Heads. This initial issuance of keys will be made to the Department Heads who shall assume responsibility for future control of the keys.
  5. Additional keys which may be required after the initial issuance must be requested on a work request form. Departments will be charged a standard cost for each key requested. The standard cost will be based on the average costs of key blanks, locksmith labor, and a minimum handling charge.
  6. Under no circumstance are departments or individuals allowed to reproduce or duplicate any keys for University locks.
  7. Upon the reallocation of building space, it shall be the outgoing department's responsibility to account for and transfer all keys to Facilities Management.
  8. For all departmental requests for lock/key modifications, for reasons other than mechanical failure, must be requested through the work order system. Departments may be charged for the actual cost of changing the lock or keys plus the standard charge for each new key.
  9. Defective, inoperable, or broken locks will be repaired or replaced by licensed Facilities Management Locksmiths without charge to the occupying activity. When such locks are replaced, they will be set up for operation on the existing key.
  10. All lost or stolen keys must be reported immediately to the Facilities Management Lock Shop and will be handled on a case-by-case basis.

B.      Electronic Card Access Procedures:

Anyone granted access is responsible for:

  1. Reporting loss or theft of Access Cards to their Department Access Coordinator, the CatCard Office, and to the University Police Department immediately upon discovery of theft or loss. 
  2. Reporting lost or stolen keys to their Department Access Coordinator immediately. 
  3. Reporting any damage of campus facilities that may impede the correct functionality of the Access Control System. 
  4. Maintaining accurate location and contact data in the University’s system of record.

Any person who uses credentials (access cards, keys and all other forms of access control) to enter University premises without issuance and authorization from the credential’s managing body, is in violation of this policy and may be punishable under North Carolina law (G.S. § 14 54).

V. Enforcement

Executive Council members are responsible for the full implementation of this policy within their respective areas. All records are subject to audit by the University’s Internal Auditor, Electronic Access Manager, Facilities Management Locksmith Shop, and University Police Department.

Individual Departments are financially responsible for the consequences of violations of this policy by their employees.

Anyone violating this policy is also subject to administrative disciplinary actions from the University, as administered by the individual department.

VI. Responsibilities

  1. Auxiliary Services shall be responsible for Electronic Access Control Management and the Access Control System, and will:
    1. Issue all credentials that can grant access through that Access Control System
    2. Maintain a database of students, faculty, staff, and third-party users as credentials are issued
    3. Create and maintain users and user groups for the Access Control System
    4. Train Department Access Coordinators to use the Access Control System when appropriate
    5. Coordinate efforts to keep the Access Control System up-to-date and integrated with other campus systems
    6. Implement standard operating procedures that allow for non-university individuals to gain access to buildings as needed (fire, contractors, etc.), as well as individuals within WCU to gain building access for specific needs
    7. Grant access to WCU Facilities where delegated authority has been established. EX. Campus access for University Police, multi-building access for applicable campus roles, etc.
    8. Perform door scheduling and overrides for Controlled Locations where software access has not been issued to a department or organization
  2. Information Technology shall be responsible for IT Controlled Locations, including IT closets and data centers, and will:
    1. Provide data integrations that enable status indicators in the Access Control System (IE. active student, employee, affiliated statuses)
    2. Deactivate unaffiliated patron records (“access accounts”) in the Access Control System based on status indicators
    3. Implement and maintain integrations that serve the campus community by working with Access Control Management
  3. Residential Living shall be responsible for University Residence Halls and Residential Living Conference spaces, and will:
    1. Maintain accurate records of housing assignments in the University’s housing management platform
    2. Coordinate with Access Control Management to determine housing terms and data integrations
    3. Schedule and grant access for all conference services in residential living facilities
  4. Facilities Management shall be responsible for maintaining electronic and non-electronic door hardware that is not covered by the maintenance agreement of third-party, and will:
    1. Assist with the physical infrastructure related to electronic door access
    2. Ensure that doors within new construction and retrofits meet the intent of this Policy (see: Controlled Locations) during planning and development, and uses the Access Control System specified by Electronic Access Control Management
    3. Through the management of the Facilities Management Lock Shop, approve or perform all mechanical and electronic hardware repairs. All mechanical and electronic hardware repairs must be completed by a licensed locksmith
  5. Emergency Services and University Police shall be responsible for:
    1. Performing Campus Lockdowns when appropriate
    2. Acting as a back-up for temporarily or permanently ending access after regular business hours for lost cards
  6. Departmental Access Coordinators shall be responsible for:
    1. Granting or denying access control requests at a departmental level, either via delegated authority to Electronic Access Control Management, or via the Access Control System software
    2. Scheduling delegated doors and devices for special events when granted access to the Access Control System software
    3. Reporting maintenance issues to the Facilities Management or Electronic Access Control Management for evaluation and resolution
    4. Recertifying access that has been manually granted on an annual basis
    5. Notifying Facilities Management of any and all damaged keys and/or locking devices upon discovery

VII. Data Security and Access

Electronic door access records are confidential and shall only be released using defined University processes. Personnel matters are handled by a request from Human Resources, legal matters are handled by a request from University Legal Counsel, criminal matters are handled by a request from University Police, and matters involving student conduct are governed by WCU policies for FERPA information.

VIII. Other Access Control Systems

The Access Control System maintained by Electronic Access Control Management shall be the only Access Control System permitted on the main Cullowhee campus.

Other Access Control Systems are not supported under this policy. Systems previously implemented and in-use on the main Cullowhee campus must be replaced or removed no later than 12/31/2021.

Other auxiliary locks or devices may not be used on any exterior or interior building door unless approved and installed by Facilities Management. Departments may use auxiliary locks only on storage cabinets, personal equipment lockers, and other departmental equipment items or storage room doors designed for auxiliary lock use. Auxiliary locks for departmental use must be purchased from departmental funds.

IX. Policy Review

This policy shall be reviewed and revised as necessary every two (2) years.

X. Related Resources

University Policy 48

Office of Web Services