Building Security Policy

Main Page Content

Category Name: Administration & Operations
Responsible Unit: Facilities & Planning
Responsible Cabinet Member: VP for Administration & Finance
Adoption Date: 2022-02-23
Last Revision Date:
Last Review Date:

Policy Statement

University Police (UP), Facilities Maintenance and Operations (FMO), and Brockport Information Technology Services (BITS) seek to maintain a safe campus environment for students, faculty, staff, and visitors to the SUNY Brockport campus. These departments shall work collaboratively with members of the SUNY Brockport community to ensure the requirements for access control devices are met. Unauthorized use of access control devices to gain entry to College buildings, and/or failure of individuals to safeguard access control devices at all times, will be addressed promptly.  

Purpose/Scope

The purpose of this policy is to support SUNY Brockport’s efforts to maintain a safe and secure campus while providing students, faculty and staff the necessary access to College buildings. This policy applies to any person granted access to any College building by any access control device. This policy governs how all access control devices are issued and tracked, and distinguishes between access procedures relating to academic and non-academic buildings, access protocols for different members of the College community, and how access is granted to vendors and/or contractors. The objectives of this policy are: 

  1. To achieve maximum physical building security with minimum logistics. 
  2. To establish a system of control over all building access control devices, including device duplication and distribution. 
  3. To establish a recorded chain of accountability for all building access control devices issued. 
  4. To restore physical security in a timely manner whenever a building access control has been compromised.

Applicability

This policy applies to all SUNY Brockport students, faculty, staff, vendors and/or contractors at all SUNY Brockport buildings and locations.

Definitions

ABSL — Animal Biosafety Level (ABSL) is provided for work with vertebrate animals exposed to agents which may infect humans. ABSL 1 thru 4, provide for practices, equipment, and facilities that are comparable to the laboratory biosafety levels. ABSLs are designed to protect personnel from exposure to potentially infectious materials.

Access Control — Control of entry and/or exit to a building or area by any means (mechanical or electronic).

Access Control Device — Any device used to gain entry and/or exit to a controlled system — normally a mechanical key, access card, or fob.

Authorized Signatory — A SUNY Brockport employee empowered to authorize individual access, access control device issuance, and building lock/unlock schedules for buildings under their control. 

BSL — Biosafety level. A biosafety level (BSL), or pathogen/protection level, is a set of biocontainment precautions required to isolate dangerous biological agents in an enclosed laboratory facility. The levels of containment range from the lowest biosafety level 1 (BSL-1) to the highest at level 4 (BSL-4). In the United States, the Centers for Disease Control and Prevention (CDC) have specified these levels. 

Departmental Access Coordinator — A SUNY Brockport employee assigned by a unit administrator who coordinates access to buildings within their area of responsibility. 

Electronic Access Control — Access control using electronic or electro-mechanical devices to replace or supplement mechanical key access. Electronic access is administered through a computerized card access control system operated by various departments. 

Electronic Access Control Application Administrator — BITS is responsible for operation of the electronic card access system and support.

Electronic Access Software System Administrator — BITS is responsible for maintenance of the electronic card access software.

Policy Procedures

The College has two main types of access control device systems: Electronic Access (via SUNY Brockport ID Card/Badge swipe access) and Mechanical Keys and Locks. 

Electronic Access

Electronic access is a card access system consisting of an access control database and server, access control hardware installed in individual buildings, and the SUNY Brockport ID Cards that are held by individual users. The electronic access control system is centrally administered by BITS with system rights granted to appropriate departments for buildings/areas under their purview as well as to UP, who has access to lockout or lockdown buildings or the entire system. Electronic access is provided by obtaining a SUNY Brockport ID card which has been granted specific and appropriate access rights. Presently, electronic access is limited to certain buildings and data support locations on campus. 

Mechanical Keys and Locks

All buildings without electronic access are accessible by mechanical keys and locks, but are being transitioned to electronic access on an ongoing basis (this pertains only to select exterior building doors and limited interior room doors). The mechanical key and lock access system is managed by the FMO. Mechanical keys are requested by faculty and staff via completion of the Key Request Form, signed by their building coordinator and dean/chairperson or supervisor, which is then submitted to FMO Lock Shop. As electronic access to exterior building doors is phased-in across campus, mechanical key access to exterior building doors will be phased-out. However, the mechanical key request process for most interior building doors will remain in place.  

The following section describes the access systems’ functions:   

  1. General Overview of System

    The College’s electronic access control system consists of an access control database and server, access control hardware (card readers) installed in individual buildings, and the SUNY Brockport Identification (ID) Cards held by individual users (students and employees). The electronic access control system is centrally administered by BITS, with system rights granted to appropriate departments for buildings/areas under their purview. Departments may be granted administrator rights in the electronic access control system, when approved by the Departmental Access Coordinator. When granted, administrator rights in the electronic access system will be limited to only those buildings or areas for which a department has responsibility. New electronic access installations will utilize the College’s access control system; no other access control systems will be supported by BITS.

  2. Electronic Access to Buildings/Areas

    The electronic system is operated and maintained by BITS. All requests for repairs of card access hardware, or to add access control to a door or building, are to be made via the Information Technology Service Desk.

    SUNY Brockport ID Cards

    The SUNY Brockport ID card is used as the access card for the electronic access system. Students and members of the College are encouraged to visibly wear their IDs. ID cards and replacements are issued by BITS during normal business hours. The Director of Residential Life or their designee is responsible for authorization and assignment of access to residence halls at the request of the appropriate Authorized Signatory. Card activations are typically performed within three days, but emergency activations can be performed when required.

    Cardholder Responsibility: Reporting Lost or Stolen Access Cards

    Cardholders are responsible for immediately reporting the loss of their access card to BITS or by using the Get App, which will immediately designate the individual’s card as lost in the access control system and it will be deactivated. Faculty and staff should also notify their supervisor or Departmental Access Coordinator as soon as possible. If the card was stolen, the Cardholder is responsible for filing a report with UP as soon as possible, and no later than the next working day after the discovery of the loss.

  3. Administrative Authority and Responsibility

    The Vice President for Administration and Finance is authorized to establish and administer regulations and procedures for the physical security of SUNY Brockport buildings and their occupants, and to provide administration and control of access control devices. The administration and control of mechanical keys shall be handled by the Lock Shop in Facilities Maintenance and Operations.

    All members of the College community are responsible for the access control devices assigned to them and shall not loan out their devices. Access control device holders shall not unlock or share access to buildings/areas with another person unless the other person has authorization to access said buildings/areas.

    Employees

    Upon termination of employment or upon the request of the department head or Vice President for Administration and Finance, employees will surrender all access control devices, including mechanical keys and electronic access ID cards, to their immediate supervisor or the Office of Human Resources. In the event of transferring to another department, employees will surrender all appropriate mechanical keys, while the electronic access card’s rights will be appropriately updated. Final paychecks may be withheld by the Office of Human Resources or Payroll until documentation is presented confirming all access control devices have been returned.

    Students

    Each student is responsible for the access control device(s) for their assigned room/suite/townhome, mailbox, and exterior door(s) of their assigned Residence Hall or Student Townhome. Replacement of lost access control device(s), or failure to surrender all appropriate access control devices when vacating on-campus housing, will result in a charge to the student’s account. Unauthorized possession of any access control device by any student which admits entrance to an area other than that student’s assigned room or suite, may result in disciplinary action. Any student licensee allowing an unauthorized person to take possession of their assigned access control device(s) will be subject to disciplinary action. Duplication of access control devices, altering or replacing existing locks, and installing additional unauthorized locks are all strictly prohibited.

    Design of Card Access Systems

    The Office of Facilities Planning and Construction manages the physical design of card access systems. The design will ensure security and reasonable convenience to the personnel occupying the buildings/areas.

    Audit of Electronic Access Control Devices

    BITS will send an annual report by the end of August each year to department/unit heads, listing all active electronic access control device users, authorized by the department, with access to areas under the department’s control, for the department/unit heads’ review and affirmation. BITS can also choose to implement and manage automatic expiration of user access, if they determine this level of management is required. There may be security and risk levels that warrant audit reports being provided more frequently. Accommodations will be made to comply with those requirements. Each of the active users will need to be re-authorized by the department/unit for the users to have continued access to the areas under control of the department. The department/unit will review this listing within 10 business days to confirm individuals listed are still active with the department and the access is appropriate for each person’s position.

    Audit of Mechanical Keys

    An annual inventory audit of active mechanical keys will be conducted by the Lock Shop by the end of August each year. Department/Unit heads will be provided a list of individuals and their assigned mechanical keys which they are required to certify by performing a physical audit, and explain any discrepancies for inventory adjustment.

  4. Granting Building Access / Campus Protocols

    Special Security or Potentially Hazardous Areas

    Access control devices for areas with special security or potentially hazardous areas, such as electrical transformer vaults, network closets, biological labs with BSL-3 designation, and labs designated by Environmental Health and Safety (EHS) as having other specific hazards, will not normally be issued without prior notification to the responsible party occupying the space, and EHS or BITS. If urgent access is needed and the responsible party cannot be reached, BITS (for access cards) or the Lock Shop (for mechanical keys) will utilize resources such as UP, EHS, the Director of BITS, and/or the Director of Facilities Maintenance and Operations in order to evaluate the potential benefits and hazards of providing access. Certain areas (i.e. BSL-3, ABSL-3, and select agent areas) will require a Federal Bureau of Investigation (FBI) and EHS security clearance prior to providing access, unless other arrangements have been made to secure access to these materials prior to entry.

    Network Closets

    All BITS areas throughout campus shall have electronic card-swipe access. Individuals with permission to access those areas include BITS staff, University Police, and select Facilities staff (electricians, etc.).

    Office of the President

    Only the President, their immediate clerical support staff, and the Chief of University Police will have electronic card-swipe access to the Office of the President.

    Office of Human Resources (HR)

    Only HR staff, the Vice President for Administration and Finance, the President, University Police, and select Facilities Maintenance staff will have electronic card-swipe access to the Office of Human Resources. 

    BITS Areas

    All BITS office, staff, and meeting areas throughout campus shall have electronic card-swipe access. Those with permission to access those areas include BITS staff, the Vice President for Administration and Finance, the President, University Police, and select Facilities staff (housekeeping).

    Students

    A student is not separated from the institution in good standing until all access control devices issued to them have been returned.

    Faculty/Staff

    Faculty and staff or their affiliates, who require students to have specific additional access control devices, must request those devices on their behalf, and are responsible for their return.

    Vendors/Contractors

    Access Control Devices — Access control devices needed by contractors or other non-College users must be authorized by the responsible department via the Facilities Service Center, and the request must include the authorized individual’s name, firm name, and specific pick-up and return date for the device. All costs of access control device recovery or re-keying related to unreturned access control devices will be the responsibility of the firm to which the devices were issued, and final payment to that vendor or contractor will not be made until all devices are returned and/or the College is appropriately reimbursed.

    Key Deposit — The current deposit rates for Vendors/Contractors can be found in the Lock Shop Guidelines on the Facilities Maintenance and Operations web page. Deposits will only be accepted in the form of a check, and at the Facilities Service Center. All checks will be held in the Facilities Service Center until the date the key(s) is/are due to be returned (maximum 90 days), at which time the check will either be deposited by SUNY Brockport (if keys were not returned), or returned to the Vendor/Contractor (if keys were returned).

  5. Lost or Stolen Access Control Device

    The loss or suspected loss of any access control device (access card or mechanical key) is to be reported to UP immediately and, if an access card, cardholders are also responsible for notifying BITS or by using the Get App, which will immediately designate the individual’s card as lost in the access control system and it will be deactivated.

    UP shall investigate each incident of a lost or stolen access control device and may authorize lock changes due to a breach of security.

    The charge to replace a lost or stolen access control device (access card or mechanical key) or to re-key a lock varies by type and location – please refer to Lock Shop Guidelines & Practices.

    Charges for replacement devices, new locks, and/or hardware may be appealed to the Vice President for Administration and Finance, who will consider the circumstances of each incident. Refunds or waivers will not be granted or issued until after the review process has been completed.

  6. Mechanical Keys – Additional Information

    Duplication of mechanical keys is not permitted.

    The Lock Shop will provide additional mechanical keys and lock changes for Contractors and Consultants, upon the request and approval of the project manager, utilizing the Key Request Form.

    If any rooms need to be re-keyed “off master,” a written explanation must accompany the Key Request Form, along with an access plan should emergencies occur (i.e., fire or flood). The Lock Shop should also provide University Police with a copy of the mechanical key(s) to locks that have been re-keyed.

    Requesting Mechanical Keys

    1. Employee fills out the Mechanical Key Request Form.
      (Mechanical keys may be requested for full- and part-time College employees for the duration of employment.)
    2. Employee obtains appropriate approval signatures, in accordance with Lock Shop Guidelines.
    3. Employee submits completed Key Request Form to the Lock Shop.
    4. When notified, employee visits the Facilities Service Center to receive and sign for the authorized keys.

  7. Depending on the level of access being provided, the following approvals are required for mechanical keys to be issued:

    Access Level Approvals Needed
    Individual Door Key Employee’s supervisor, department chair, dean, director, or vice president
    Suite Master Key Employee’s supervisor, department chair, dean, director, or vice president
    Dept. Sub-Master Key Employee’s supervisor, department chair, dean, director, or vice president
    Department Master Key Employee’s department chair, dean, director, or vice president
    Building Master Key Employee’s dean, director, or vice president
    Great Grand Master Key Employee’s vice president (c: UP Chief of Police)

    Returning Mechanical Keys

    At termination of employment, employees must return all mechanical keys. The Lock Shop requires a copy of the HR Employee Separation Form (see Miscellaneous section, Separation Checklist) to accompany the returned keys, in order to log them appropriately.

    Unauthorized Locks

    Unauthorized locks on doors are prohibited and, if found, will be removed and discarded. Any damage or repair necessitated by the removal of unauthorized locks will be the responsibility of the department found in violation of this policy.

    Control/Balance

    Deans, Directors, Department Heads, or their specific designates shall be the only personnel authorized to request mechanical keys or lock changes within their respective departments. Departmental designates shall have their authority delegated in writing by their respective Department Head. In no case shall the issuance of mechanical keys be authorized by the same person to whom the mechanical keys are to be issued.

Links to Related Procedures and Information

Get App
HR Employee Separation Form (see Miscellaneous section, Separation Checklist)
Information Technology Service Desk
Key Request Form
Lock Shop Guidelines & Practices

Contact Information

Director of Facilities Maintenance and Operations

History (in descending order)

Item Date Explanation
Next Review Date 2025-02-23 Three year review
Adoption Date 2022-02-23 Policy Adopted
Draft Review Date 2022-01-24 Draft Policy under 30-day Campus Review

Approval

This policy is approved by:

President’s Cabinet

2022-02-23

Last Updated 4/19/22