Electronic Door Access and Key/Lock Services
Formerly Executive Memorandum 77-29
Initially approved April 5, 1977
Revised: November 13, 2003
Revised and Renamed: September 14, 2021
Policy Topic: University Facilities and State Owned Property
Administering office: Facilities Management and Auxiliary Services
I. Policy Statement
The purpose of this policy is to help protect students, faculty, staff, and visitors
as well as property at Western Carolina University. The integrity of any secure locking
system is directly related to the degree of control exercised over the issuance of
access and the control of keys.
This policy is in place to:
- Ensure that appropriate individuals requesting electronic and key access to university
facilities are authorized to receive it;
- Ensure a process of accountability for cancellation of access;
- Resolve problems resulting from a lack of access control;
- Ensure responsible stewardship of University resources by defining appropriate use
of the Access Control System;
- Control building key access procedures applying to the issuance, control, and duplication
of keys and the maintenance and replacement of door locks.
Individuals receiving access to University facilities shall be cognizant of the potential
safety and loss of property situations that might occur as a result of misuse or loss
of electronic access credentials and/or keyed access. Therefore, individuals and departments
are accountable for prompt reporting of access or key concerns.
The policy is applicable to all University facilities under the operational jurisdiction
of Western Carolina University Police Department and Facilities Management. University-operated
spaces that are not owned by the University, and University spaces not located on
the main Cullowhee campus, may have other operating requirements and should adhere
to this policy as practicable. The University's Facilities Management Department is
responsible for providing all key and lock maintenance and services for all University
facilities. Departments occupying University buildings shall be responsible for the
issuance and control of keys provided for their use.
- Access Card (University ID Card) – The official University ID credential (the CatCard)
as provided by the ID Card Office.
- Access Control System - A high-capacity computerized access control system that provides
entry/exit to a controlled area using a credential (Access Card, etc.). The system
provides automatic locking and unlocking of specific doors or groups of doors at prearranged
times during the day.
- Building Master Key – Keys used to open all doors within a specific facility.
- Controlled Locations – Locations eligible for electronic access control. Controlled
- Any exterior door responsible for securing a building’s perimeter access
- Doors where audit trails are required by law or regulation (EX. IT Closets, HIPPA)
- Doors that serve a large, broad group of the University community (EX. Study space
that is available to all students 24/7)
- Doors with sensitive equipment and/or access needs, where unauthorized access may
hamper educational/research goals or pose a significant liability risk (EX. Scientific
- Other locations evaluated on a case-by-case basis by electronic access control management
- Departmental Access Coordinator – One or multiple designated full-time staff person(s),
appointed by a Facility Coordinator (See University Policy 65), to be responsible
for the adherence and implementation of this policy.
- Department Master Key – Keys used to open doors associated with a specific department
or occupant of a facility.
- Electronic Access Control - Control of entry/exit to an area by the Access Control
- Electronic Access Control Management - Control of the Access Control System; the management
of electronic access assignment, rights, and schedules.
- Master Keys – Keys used to open all doors within a facility or a group of facilities.
- Building Hours – As set out in University Policy 48.
IV. Detailed Implementation Procedures
The University provides access to University facilities during Building Hours to students,
faculty, staff, and the general public. Access to campus facilities during non-Building
Hours, and to other Controlled Locations, is provided to individuals based on the
requirements of their role and responsibilities on the campus.
Electronic and key access privileges to campus facilities may be assigned to faculty
and staff when deemed appropriate by an employee’s Departmental Access Coordinator.
Student access privileges may be assigned based on the student’s role on campus (on-campus
resident, specific major, class schedule, etc.).
Termination of employment or affiliation with the University shall cease all access
rights based on the affiliated person’s status as managed by Information Technology
processes, and any issued keys must be returned promptly upon termination.
A. Key Procedures:
Widespread and indiscriminate use of master keys poses a significant threat to University
access security. The procedures outlined below shall govern the issuance and control
of all Master Keys:
- Building Master Key – These keys will be issued only to Facility Coordinators (one
per Facility Coordinator) designated by the Chancellor, Facilities Management maintenance
supervisors, housekeepers assigned to clean the building, the University Police Department,
and others approved by Facilities Management for critical infrastructure and maintenance
- Department Master Key – Where departmental master key locking is available, these
master keys may be issued to Department Heads (two per department head unless otherwise
approved) only. The appropriate Dean or Vice Chancellor must approve requests for
- Key Records – Persons authorized to possess master keys or department master keys
must personally sign for such keys in the Facilities Management Customer Service office
where the master key control list is maintained.
- Issuance and Control of Department Keys – Upon acceptance of a new building, the re-keying
of an existing building, or reallocation of space to a department, Facilities Management
will make a one-time issue of individual door keys based on the key requirements identified
by the occupying Department Heads. This initial issuance of keys will be made to the
Department Heads who shall assume responsibility for future control of the keys.
- Additional keys which may be required after the initial issuance must be requested
on a work request form. Departments will be charged a standard cost for each key requested.
The standard cost will be based on the average costs of key blanks, locksmith labor,
and a minimum handling charge.
- Under no circumstance are departments or individuals allowed to reproduce or duplicate
any keys for University locks.
- Upon the reallocation of building space, it shall be the outgoing department's responsibility
to account for and transfer all keys to Facilities Management.
- For all departmental requests for lock/key modifications, for reasons other than mechanical
failure, must be requested through the work order system. Departments may be charged
for the actual cost of changing the lock or keys plus the standard charge for each
- Defective, inoperable, or broken locks will be repaired or replaced by licensed Facilities
Management Locksmiths without charge to the occupying activity. When such locks are
replaced, they will be set up for operation on the existing key.
- All lost or stolen keys must be reported immediately to the Facilities Management
Lock Shop and will be handled on a case-by-case basis.
B. Electronic Card Access Procedures:
Anyone granted access is responsible for:
- Reporting loss or theft of Access Cards to their Department Access Coordinator, the
CatCard Office, and to the University Police Department immediately upon discovery
of theft or loss.
- Reporting lost or stolen keys to their Department Access Coordinator immediately.
- Reporting any damage of campus facilities that may impede the correct functionality
of the Access Control System.
- Maintaining accurate location and contact data in the University’s system of record.
Any person who uses credentials (access cards, keys and all other forms of access
control) to enter University premises without issuance and authorization from the
credential’s managing body, is in violation of this policy and may be punishable under
North Carolina law (G.S. § 14 54).
Executive Council members are responsible for the full implementation of this policy
within their respective areas. All records are subject to audit by the University’s
Internal Auditor, Electronic Access Manager, Facilities Management Locksmith Shop,
and University Police Department.
Individual Departments are financially responsible for the consequences of violations
of this policy by their employees.
Anyone violating this policy is also subject to administrative disciplinary actions
from the University, as administered by the individual department.
- Auxiliary Services shall be responsible for Electronic Access Control Management and the Access Control
System, and will:
- Issue all credentials that can grant access through that Access Control System
- Maintain a database of students, faculty, staff, and third-party users as credentials
- Create and maintain users and user groups for the Access Control System
- Train Department Access Coordinators to use the Access Control System when appropriate
- Coordinate efforts to keep the Access Control System up-to-date and integrated with
other campus systems
- Implement standard operating procedures that allow for non-university individuals
to gain access to buildings as needed (fire, contractors, etc.), as well as individuals
within WCU to gain building access for specific needs
- Grant access to WCU Facilities where delegated authority has been established. EX.
Campus access for University Police, multi-building access for applicable campus roles,
- Perform door scheduling and overrides for Controlled Locations where software access
has not been issued to a department or organization
- Information Technology shall be responsible for IT Controlled Locations, including IT closets and data centers,
- Provide data integrations that enable status indicators in the Access Control System
(IE. active student, employee, affiliated statuses)
- Deactivate unaffiliated patron records (“access accounts”) in the Access Control System
based on status indicators
- Implement and maintain integrations that serve the campus community by working with
Access Control Management
- Residential Living shall be responsible for University Residence Halls and Residential Living Conference
spaces, and will:
- Maintain accurate records of housing assignments in the University’s housing management
- Coordinate with Access Control Management to determine housing terms and data integrations
- Schedule and grant access for all conference services in residential living facilities
- Facilities Management shall be responsible for maintaining electronic and non-electronic door hardware
that is not covered by the maintenance agreement of third-party, and will:
- Assist with the physical infrastructure related to electronic door access
- Ensure that doors within new construction and retrofits meet the intent of this Policy
(see: Controlled Locations) during planning and development, and uses the Access Control
System specified by Electronic Access Control Management
- Through the management of the Facilities Management Lock Shop, approve or perform
all mechanical and electronic hardware repairs. All mechanical and electronic hardware
repairs must be completed by a licensed locksmith
- Emergency Services and University Police shall be responsible for:
- Performing Campus Lockdowns when appropriate
- Acting as a back-up for temporarily or permanently ending access after regular business
hours for lost cards
- Departmental Access Coordinators shall be responsible for:
- Granting or denying access control requests at a departmental level, either via delegated
authority to Electronic Access Control Management, or via the Access Control System
- Scheduling delegated doors and devices for special events when granted access to the
Access Control System software
- Reporting maintenance issues to the Facilities Management or Electronic Access Control
Management for evaluation and resolution
- Recertifying access that has been manually granted on an annual basis
- Notifying Facilities Management of any and all damaged keys and/or locking devices
VII. Data Security and Access
Electronic door access records are confidential and shall only be released using defined
University processes. Personnel matters are handled by a request from Human Resources,
legal matters are handled by a request from University Legal Counsel, criminal matters
are handled by a request from University Police, and matters involving student conduct
are governed by WCU policies for FERPA information.
VIII. Other Access Control Systems
The Access Control System maintained by Electronic Access Control Management shall
be the only Access Control System permitted on the main Cullowhee campus.
Other Access Control Systems are not supported under this policy. Systems previously
implemented and in-use on the main Cullowhee campus must be replaced or removed no
later than 12/31/2021.
Other auxiliary locks or devices may not be used on any exterior or interior building
door unless approved and installed by Facilities Management. Departments may use auxiliary
locks only on storage cabinets, personal equipment lockers, and other departmental
equipment items or storage room doors designed for auxiliary lock use. Auxiliary locks
for departmental use must be purchased from departmental funds.
IX. Policy Review
This policy shall be reviewed and revised as necessary every two (2) years.
X. Related Resources
University Policy 48