Audits & Best Practices

Audit Sign

Routine Access Control Audit (Keys & ACD):

  • It does not need to be reported to the Physical Security Office.
  • It may be completed when convenient. A suggested timeframe is at the end of each semester. 
  • Ensure that the lowest level access is assigned that is necessary. 

Local Access Coordinators (LAC) must be able to demonstrate that all keys and access credential devices (ADCs) assigned to the department are accounted for on a Facility Authorization Request (FAAR) form at all times. These audits, while optional, are to ensure all key/ACD holders remain affiliated with the department/work unit. 

Annual Access Control Audits:

  • Required to be reported to the Physical Security Office by the Master Access Coordinator (University Park) or Director of Business Services (Campuses).
  • Audits should be reported no later than the deadline provided by Physical Security. 
  • Generally, audits will be provided by Physical Security to be completed during the following timeframes (communication will come from our office with instructions):
    • Access Control - Spring Semester
    • Physical Keys - Fall Semester

Key Control Best Practices:

Please review and follow the key policies outlined in SY2001

Maintaining a key inventory at the local department or unit level is crucial. 

Issuing Keys:
  • The lowest level keys to grant the access required should be issued.
  • You should never issue a key to override or avoid the use of a card access reader on a door in CCure.
  • Be sure keys are properly signed out and noted in the local inventory.
  • It is good practice to not take keys off campus, other than those designed to be Take Home (needed when there is no external card access to a building) and individual office keys.
Key Ordering:
  • Requests for keys should be placed through EZ-Request on the OPP website. This will generate a work order in Maximo for the OPP Lock Shop.
  • Requestors must be approved to order keys.
  • A signed FAAR form must be attached to the work order when requesting new keys.
  • The correct charge cost object number needs to be on the work order.
  • After the keys are received, signed paperwork needs to be uploaded to the Physical Security website by using the Upload my Received Key Receipt form. 
Lost or Unaccounted for Keys:
  • Report lost or unaccounted for keys to Physical Security immediately by using the Report a Lost Key form. 
  • A Security and Risk Assessment will be completed by Physical Security.
  • Physical Security will issue a Lost Key Report and any corrective action, if needed, will be discussed.
  • Keys found that do not belong in your inventory should be reported to Physical Security by using the Report a Found Key form. 

*Note: Never throw out or recycle a key. Any keys that are no longer needed, obsolete, or damaged should be sent to Physical Security via campus mail (University Support Building I (USBI), Suite 104, University Park, PA 16802). Make sure the envelope/package is sealed and place with the keys a brief note stating what unit is sending them and why they are to be destroyed.