Welcome to the third blog from our Basic Security Guide series. This blog is all about key control and follows our access control blog. If you missed it, you can read it here.
With all the ‘high tech’ threats and the ‘up to date’ technological solutions, the humble key is often over looked. But take a second and think, how many doors are there in your business that have a mechanical lock? Or how your server rooms or filing cabinets are secured? It is easy to forget that those keys really are important, not looking after them correctly can leave you very vulnerable.
If you are still not convinced, answer these three simple questions about your keys:
- How many keys has your company issued?
- Can you list all those who currently hold those keys?
- Can you control who duplicates those keys?
If you can’t accurately answer any of those questions, then there are holes in your security program that you need to fill!
To help, we have put together a bit of practical advice to improve your key control and plug those holes! We have created advice that firstly looks at how you should set up your key system around your business, and secondly, a list of advice and guidance around setting up and keeping a good key control policy.
Use a patented key system
Most keys can be reproduced easily, so the first thing you should do is choose a key system that cannot be copied without your permission. There are several options to choose from and a search on the internet will highlight several choices. Choose one that needs a serial number and meets current British Standards. Currently (2018), the Ultion lock is by far and away the best on the market.
Choose a Master Key System
Once you have a key system chosen, you should know consider a Master Key system. It may be worth involving a security professional or lock smith at this stage, but you should decide which keys will work in which doors. For example, you may wish a key holder to be able to unlock the front door, while the Managing Director and ‘IT guy’ will have access to the server room as well.
Involve your Staff
I have often said that you should involve your staff in security decisions as early as possible, and this is no different. Your staff are your front line of defence. If you create a policy that is too difficult or complicated to follow, they will find a way around it. Ask your staff and check that it is working correctly on regular occasions. If it is not working, look to change it.
Re-Key the Facility
Once you have a plan, you can now re key your business. This is a job for a professional locksmith and will most probably involve installing new cores in your existing locks.
Once you have set up your business with the right kind of keys and key system, it is imperative that you get your key control policy set up right, otherwise, all your effort so far will have been a complete waste of time and money.
Keys should be stored in a locked, fireproof cabinet. The best place to store the key cabinet is in the security office, but this is not always possible. When considering where to sight your key cabinet, ensure it is in a secure room with some form of detection that informs you if there is an intruder.
Establish a key register either in hard copy format or computer file format. There are several programs that also offer this function, keytracker is a good example. Your key register should have details of which keys are on the rings, which doors they open and authorised persons allowed to sign for the keys.
Keys should be named by a numbered tag only, it is not good practice to attach a label showing what doors each key can open. Instead, have the information on the key register.
Number of Keys
You should keep three (3) copies of each key. There should be two keys in the key cabinet that are correctly numbered. A third, file key, should be stored in a correctly labelled envelop in a secured safe.
Temporarily Retaining Keys
It may be necessary that during the working day, members of staff will need to keep hold of a set of keys. This can be a significant weakness in your security plan and should be kept to a minimum whenever possible.
Permanently Retaining Keys
Some members of staff may be issued keys on a permanent basis as part of their job role. This should be reduced to essential roles only and a robust procedure should be in place for members of staff leaving the business. It is recommended that only patented keys be issued in this way and that you check them on a regular basis.
Loss of Keys
Your staff should be encouraged to report any lost keys and a robust procedure should be in place to identify when keys go missing. In any event of a key going missing, an investigation should be conducted. The investigation will figure out if the lock needs to be changed, or simply a replacement issued.
Combination locks should be changed on a regular basis, as a rule of thumb every 6 months. It is also worth changing them if you suspect they have been compromised or if a member of staff leaves, resigns or is fired.
Key Control Officer
It is a good practice to appoint a key control officer. Someone who will take responsibility of the keys, administer the control system and investigate any losses. The key control officer will also handle checking the keys and locks on a regular basis, ensuring all keys and locks are serviceable and responding to any key related concerns.
If you have not appointed a key holder, then know is the time to consider it. Read all about what key holding is here.
Good key control is an essential element of your security program and should augment your access control program. Remember to use a key system that cannot be reproduce without your permission and install a robust key control policy that minimise the opportunity of the keys being used nefariously.
I hope you found the information in this blog useful. If you have any further questions, or you need help with your key security, please get in touch. We are here to help.
Our next blog is all about protecting your high value items, or business critical assets, you can take a sneak peak here.