Prepare and Save: Reducing Consulting Costs through Proactive Key Control
In large industrial complexes, health care facilities or educational institutions, the actual implementation of a proactive key control program can be relatively inexpensive. However, the up-front costs for a consultant or system design expert can be extremely high. The more of the work you do internally, of course, the less the up-front cost will be.
The following is a suggested pre-consult, step-by-step process for gathering and compiling the information required to begin implementation of a proactive key control program. This method calls for the client to collect information — a task normally left to the consultant — thus saving on consulting time and expense.
Six Steps to Effective Key Control
1. Create color-coded floor plans.
Using highlighters or colored markers on your floor plans, designate areas to be keyed differently. This division should be done with facility operations in mind, not the people who occupy the space. At the same time, make sure that each door is assigned a number. This number may have been assigned by the architect and already be shown on the drawing.
2. Develop operational spreadsheets.
Using a separate spreadsheet for each color used on the floor plan, gather as much operational information as possible about each door. This should be done with the help of the supervisor in charge of the area. Information should include the number of keys that will be needed to operate this door at the lowest level of access (level 1) and at higher levels of access (levels 2, 3, and so on). It should also include a brief description of the location of the door. Notes about “ands” and “alsos” should be on this sheet, as well. These may be placed at the top of the sheet if they affect all doors on the sheet. Microsoft Excel works very well for this spreadsheet application. For example:
RED AREA — Door SP103 (corridor to secretarial pool): 10 keys for secretaries, 4 for supervisors, 2 for managers, 2 for security, 2 for housekeeping. Supervisors’ keys operate all Red Area doors, and managers’ keys operate all Red Area, Blue Area and Green Area doors. Security and housekeeping keys operate all locks in RED AREA except Door SP105 and SP110.
3. Identify multi-user group doors.
While working with your floor plan, you have essentially defined user groups and designated them by color on your floor plan and spread sheets. List these user groups and then, address the possibility of each group — and supervisors within it — requiring access to additional areas. Obvious groups are security personnel and janitorial or housekeeping staff. Not so obvious are IT and maintenance personnel, as well as others who may need access to one or several doors in order to reach the area to which they need access.
Communications is a typical example. A phone technician usually has switch gear or KSU equipment buried in some out-of-the-way closet within another department. This person can be given access to doors along a predetermined path to the actual work area. Mark these doors on the floor plan with the additional color. The result may be that some doors will have several colors.
4. Update spreadsheets.
Each door with multiple colors will need a note added to the spreadsheet. For example, a door in the Blue Area might have a note, “Operated by Red supervisor key.” A door in the Red Area might have a note, “Operated by Green level 1 key only and not by any Red key.”
5. Identify high-security and high-risk areas.
On your spreadsheets, identify those doors that may provide access to high-security or high-risk areas. Consider that these areas may be high-risk due to the normal operations and not because of the risk of loss of property. A good example of this would be an area containing liquid cell batteries connected to a UPS system. The risk here is one of life safety rather than loss of property. Consider scheduled re-keying of these areas. This can be done simply if planned now rather than after the new system is installed.
Mark all high-security/high-risk doors on your spreadsheets. You may want to designate more than one risk level and assign each door a risk level number or letter. On your spreadsheet, you can add a column that gives the designation for each door. An internal policy might then be developed so that risk level 1 doors are re-keyed for reason, risk level 2 doors are re-keyed annually and risk level 3 doors are re-keyed every 30 days.
6. Discuss decisions along the way.
As you go through each step, discuss with those involved the objectives and intentions behind your key control program. This will help “quell the uprising” that always seems to occur when changes are made. Detailed discussions can also greatly reduce the possibility of endless post-installation changes. Often enough, changes to key systems happen for good reason, but lack of communication definitely is not a good reason.