Effective November 9, 2020; revised December 11, 2023; revised March 8, 2024
I. Introduction
These Procedures implement University Policy 719, Access Control. All definitions set forth in Section III of University Policy 719 apply to these Procedures.
II. Responsibilities
A. All members of the University community are required to adhere to the applicable responsibilities outlined below.
- All key holders must keep University keys in a secure location and report to FM Lock Shop and UNC Charlotte Police and Public Safety Office (PPS) any lost or stolen keys. See Section III.E below.
- All members of the University community should report unauthorized persons who access University buildings or suspicious activities in or around University buildings to PPS in accordance with University Policy 803, Reporting and Investigation of Suspected Improper Activities and Whistleblower Protection.
- Any person who finds a lost University key or 49er ID Card should return it to Police and Public Safety, located in the Facilities Management and Police Building. See Section III.E below.
- 49er ID Cardholders or Key Holders:
- Cardholder shall not loan or transfer their 49er ID Cards or their keys to any other individual.
- Cardholder or key holder shall not unlock a building or room for another individual unless the individual is known by them to have authorization to enter.
- Cardholder or key holder shall not unlock a building or room for another individual after building hours.
- Keys must be returned immediately to the Department or Building Director when a key holder becomes a Separated Employee or Student. The key must then be turned in to the Campus Access Applications Coordinator (FM Lock Shop) for proper disposition.
B. Authorized Guest Card Holders or Key Holders: Authorized Guests who have been granted access to Restricted areas (as defined in Section III.M.4 of University Policy 719) through the approved access request process using ARCHIBUS will receive a key or Card. Cards shall expire and lose functionality upon the termination of their access by the appropriate Authorized Access Approver. Authorized Guests should return Cards or keys to their issuer upon the termination of the Authorized Guest’s access to University facilities. Authorized Guest key or Card access shall not exceed a one-year duration, unless otherwise extended by the Authorized Access Approver.
- Authorized Guests may not loan or transfer their Card or keys to any other individual.
- Authorized Guests (other than contractors/vendors/construction companies) are required to comply with University Policy 719 and these Procedures and are permitted access commensurate with that of students/faculty/staff.
- Contractors/vendors/construction companies are required to comply with University Policy 719 and these Procedures and will be granted access on an “as-needed” basis only.
- The management of each contractor/vendor/construction company will receive one set of necessary keys from the Department or Building Director that they are working with.
- Once an Authorized Guest’s access date expires, they will need to return their guest Card and key to the issuing Department/Building Director. The issuing Department/ Building Director is responsible for replacing any unreturned Card or key.
- Authorized Guests that are vendors or contractors requiring access to university property should arrange access through the appropriate Department, typically the Department or unit issuing the contract with the vendor.
- All Authorized Guest access by vendors or contractors that requires Master key usage must be issued using the GFMS key boxes, and keys must be returned at the end of each day. The issuing department is ultimately responsible for costs resulting from lost or stolen vendor keys, but may seek remuneration from the vendor.
C. Authorized Access Approvers (Assistant Vice Chancellors, Associate Deans, Department Chairs, and Directors) are responsible for:
- Ensuring full implementation of this Policy in areas within their purview.
- Approving key and Card access privileges to areas within their purview.
- Appointing a member in their group to be responsible for the duties of Access Coordinator as described in Section IV.D below.
- Reviewing and approving the completed annual key and Card audits in coordination with the Campus Access Administrator.
- Maintaining appropriate departmental records related to keys and Cards subject to an internal audit.
- Assisting Facilities Management and/or Risk Management (in cases of insurance claims, legal liability, or high risk) in determining whether rekeying is required for a particular building or office if the associated key(s) is lost or stolen.
D. Department/Building Access Coordinators: These Coordinators are responsible for assisting in processing access requests through ARCHIBUS, assisting with access support issues, and maintaining records and audits of personnel with current access authorization to areas within their purview. These responsibilities also include:
- Completing access control management software (ACMS) training offered by Facilities Information Systems relative to report generation and queries immediately upon hiring. Current Access Coordinators who have not completed the training must do so by January 15, 2021. If the Access Coordinator does not complete the training by January 15, 2021, their access to the ACMS will be suspended until training is completed. Training will provide thorough instruction on running the ACMS access lists by area, and generation of audit reports by area. ACMS training can be accessed on the University’s learning management system (Canvas).
- Creating access reports in th ACMS relative to their areas of responsibility; provided, however, that Department/Building Access Coordinators are not permitted to add, delete, or change access privileges.
- Overseeing, in conjunction with their associated Department/Building Directors, key and Card access to and within facilities within their purview.
- Processing access requests through ARCHIBUS, assist with access support issues, and maintain records and audits of personnel with current access authorization to areas within their purview.
- Removing access, via ARCHIBUS, for students, faculty, and staff who no longer need access to their associated building(s).
- Returning access Cards and keys from students, faculty, and staff who no longer need access to the Campus Access Applications Coordinator.
- Continuously checking to see if any students, faculty, staff, and guests have been separated from the University in order to terminate their access. If a guest’s access has expired but continued access is needed, the guest would need to re-submit an access form to become an Authorized Guest.
- Conducting, in conjunction with their associated Department/Building Directors and the Campus Access Applications Administrator, a comprehensive yearly audit of all personnel who have access to areas within their purview.
- Immediately reporting lost or stolen access Cards or keys to the Office of Safety and Security at 704-687-2200, or via email at police@uncc.edu. See Section III.E below.
E. Campus Access Security Administrator (Office of Safety and Security): The University employee responsible for making authorized access-related additions, deletions, and changes in the ACMS; routing access requests to the Access Administrator through ARCHIBUS; auditing all colleges, departments, and units related to the enforcement of this Policy; and reviewing and recommending any appropriate revisions to this Policy. The Campus Access Security Administrator shall have one designee to carry out these responsibilities when authorized in their absence. The responsibilities of the Campus Access Security Administrator or designee also include:
- Completing ACMS training, and being fully versed in all aspects of the ACMS, including entering, deleting and changing access authorizations for Cardholders, managing time zones/holiday changes, report generation and all required configuration parameters.
- Receiving and acting on High Security and Restricted ARCHIBUS requests for Card access.
- Ensuring that emergency response and service personnel have proper access to facilities and spaces.
- Auditing all campus colleges, departments, and personnel related to the enforcement of this Policy.
- Assessing and approving requests for panic buttons. Panic button requests are installed in unique and limited circumstances. If there is a high risk or impact to the University, or in an instance of high risk to an individual employee on campus, a panic button for either a silent alarm ability or to initiate a lockdown of an area may be installed. The panic button request must first be assessed and approved by the Campus Access Security Administrator. Each request is reviewed case-by-case, which may be denied if not deemed necessary.
F. Campus Access Applications Coordinator (FM Lock Shop): The University employee in the Facilities Management (FM) Lock Shop responsible for implementing all relevant provisions of this Policy; creating keys; issuing, receiving, and maintaining key assignments, key inventories, forms, and records; and maintaining the University’s lock and key system. These responsibilities also include:
- Acting on all Card and key access requests once approved by the proper Authorized Access Approver. All fully authorized access-related additions, deletions, and changes will be automatically routed to the Applications Coordinator through ARCHIBUS. The Applications Coordinator will have the primary responsibility of making all routine access changes in the ACMS. The Applications Coordinator will coordinate with the Campus Design/Capital Projects group to design, construct, and maintain the Campus access systems.
- Completing ACMS training and being fully versed in all aspects of the ACMS software, including entering, deleting, and changing access authorizations for Cardholders, managing time zones/holiday changes, report generation, and all required configuration parameters.
- Receiving and acting on approved ARCHIBUS requests for key and Card access.
- Being in charge of making all routine access control adds, deletes, and changes of fully authorized requests in the ACMS.
- Coordinating with Facilities Management and all Access Coordinators to ensure GFMS boxes are fully populated with required building and area master keys, and all assigned keys are properly documented.
G. Housing and Residence Life Access Applications Coordinator (HRL Lock Shop): The University employee in Housing and Residence Life (HRL) Lock Shop responsible for implementing applicable provisions of this Policy; creating keys; issuing, receiving and maintaining key assignments; maintaining key inventories, forms, and records; and maintaining HRL’s lock and key system. These responsibilities include:
- Acting on all access requests once approved by the Authorized Access Approver.
- Coordinating with the Campus Design/Capital Projects group to design, construct and maintain the internal HRL access systems.
- Receiving and acting on approved HRL Building Access and key requests.
- Ensuring emergency response and service personnel have proper access to HRL facilities and spaces.
- Making all (HRL only) access control adds, deletes, and changes of fully authorized requests in the ACMS.
H. Departments:
- Departments may apply additional restrictions and access requirements of 49er ID Cardholders at their discretion. Any additional restrictions and requirements of Cardholders must be documented and explained to Cardholders in writing.
- Departments, in conjunction with their associated Access Coordinators, must oversee access to and within their own Department.
- Departments, in conjunction with their associated Access Coordinators, will be responsible for keys that open doors within their department and for approving authorized key requests within their department. A department should not have access to keys that are not within their Department.
- The organization of keys for the Department will be held at the discretion of the Department. If the Department has access to the GFMS key box, keys for High Security areas must be placed and organized within the GFMS key box.
- Departments are not permitted to distribute keys to persons who do not have authorized access under this Policy.
- Distribution and collection of keys must be documented.
- If the Department learns that a key or Card is lost or stolen, the Department must report the lost key or Card to the Office of Safety and Security. See Section III.E below.
I. Building Directors:
- Building Directors may apply additional restrictions and access requirements to 49er ID Cardholders who have been approved access at their discretion. These restrictions must be documented and explained to the Cardholder.
- Building Directors, in conjunction with their associated Access Coordinator, must oversee access to and within their own buildings.
- Building directors cannot give access to someone who has not been approved via this Policy.
- Keys within the building directors’ buildings are their responsibility.
- The structure of the building key system will be at the direction of the Building Director, pending review and approval of the Campus Access Security Administrator, in consultation with the Campus Access Applications Coordinator. If a building has access to the GFMS key box, High Security area keys must be placed and organized within the GFMS key box.
- Building Directors must maintain documentation of all persons who have submitted an access request and been denied access to their buildings.
- If the Building Director learns that a key or Card is lost or stolen, it is the Building Director’s responsibility to report the lost key or Card to the Office of Safety and Security. See Section III.E below.
J. Facilities Management (FM):
- Facilities Management (in consultation with Campus Access Security Administrator) will determine how to handle stolen or lost keys for all non-housing buildings. Facilities Management will determine whether or not the key that is lost or stolen should be recut, or if the entire area the key could open should be rekeyed. Facilities Management will also determine the implications or financial impacts for cutting a new key or rekeying the affected area.
- Facilities Management must maintain documentation for all lost or stolen keys.
K. Housing and Residence Life (HRL): HRL will take the following steps in any situation where an HRL key is lost or stolen:
- If the affected door is a residential unit, it will be rekeyed immediately.
- If the lost key opens multiple spaces, they will all be rekeyed.
- Most housing spaces utilize an electronic key/lock system; for these spaces the lock shall be reprogrammed so that the old key does not work.
L. Key Shop:
- If there is an Authorized Guest whose on-campus purpose requires access keys to multiple buildings (master keys/sub-master keys) the Key Shop will be responsible for granting and retrieving all keys from Authorized Guests using the GFMS key boxes. Master keys/s-master keys shall be provided to Authorized Guests only with the written approval of the Campus Access Security Administrator.
- Facilities Management (in consultation with Campus Access Security Administrator) approves the creation of new keys to replace those that are lost or stolen.
- The Key Shop must maintain a complete inventory of all keys and shall audit Card access in the ACMS.
- The Key Shop cannot approve access to a person who has not submitted an access form to an Authorized Access Approver and received access approval.
- The Key Shop must maintain documentation for lost or stolen keys.
- The Key Shop will fabricate and duplicate physical keys for all campus facilities.
- The Key Shop must maintain an inventory of and secure un-issued mechanical key stock.
- The Key Shop will coordinate after hours and emergency hardware/key change outs.
- The Key Shop must ensure relevant emergency access control devices are provided to emergency responders.
- The Key Shop will perform and/or coordinate all door hardware work on campus facilities to include work performed by contractors.
III. Procedures
A. Access Request, Approval, and Implementation Process
- Non-HRL buildings: When an Authorized Guest, student, faculty, or staff requests access to a building or room in non-HRL areas, the access procedure steps are as follows:
- For all requests, the Associate Vice Chancellor of Safety and Security or designee will have the right of final approval or denial.
- All access requests, including key and Card access, must be made through ARCHIBUS.
- Every access door (key and Card) will be pre-assigned with designated Authorized Access Approver authorities in ARCHIBUS.
- ARCHIBUS will automatically route each request to the appropriate Authorized Access Approver for authorization.
- Approved routine key and Card access requests will be automatically routed to the Campus Access Applications Coordinator for implementation. In special or designated circumstances, the request will be routed to the Campus Access Security Administrator.
- Access requesters will be notified via email when their access request has been approved in the ACMS or when their key is ready for pickup.
- If the access request has been denied for any reason during the process, access requesters will be notified via email.
- HRL buildings: When an Authorized Guest, student, faculty, or staff requests access to an HRL controlled building, room, or restricted area, the access procedure steps are as follows:
- All student residents are granted building Card access to their residence hall automatically after their housing assignment beginning the first day of their occupancy within that building. Access ends at the end of their contract period.
- Student residents receive their key, and sign for it, upon check-in to their residence hall and must return the key promptly when checking out.
- All camp/conference Authorized Guests and other residential Authorized Guests are granted access for the duration of their stay on campus. Upon arrival/check-in they will receive their key and must return the key promptly when checking out.
- All access requests, both key and Card, for any staff or Authorized Guests must be made via the HRL Building Access Request Form.
- These requests will go to the Director of HRL Facilities and Planning.
- Approved access requests will be automatically routed to the HRL Lock Shop for implementation.
B. Emergency and Global Access
All building exterior doors, rooms reserved for general instructional purposes, and labs will be controlled by use of an access control reader and will be automatically locked by the Office of Safety and Security in case of a lockdown.
- Emergency Access System Override: Designated personnel, as determined by the Office of Safety and Security, have the authority to make decisions that override the access control systems in the event of an emergency. Overrides may include lockdown of all buildings, unlocking buildings or groups of buildings, or other actions related to mitigating emergency situations on campus. Overrides will be executed through coordination with the Campus Access Security Administrator (or designee), or through direct entry in the access control management software (ACMS). A limited number of personnel should be authorized by the Office of Safety and Security to make overrides directly in the ACMS systems, and all such personnel must be properly trained by the Campus Access Security Administrator. The number of personnel with Access Override privilege should be limited, but sufficient to cover the entire campus at all times. Access Override staffing should account for anticipated absences due to illness and leave.The specific authority of personnel having system Access Override privileges must be defined and documented within the Office of Safety and Security.
- Global Key/Card Access: The Office of Safety and Security, in conjunction with Facilities Management, is responsible for ensuring that emergency response and service personnel have access to all facilities and spaces when required. This should include Card and key access. Select personnel shall be designated by the Office of Safety and Security with “Global Access” to ensure all buildings and spaces can be accessed in the event of an emergency. This may include subdivision and assignment of personnel to specific areas of the campus. Only personnel trained and authorized can provide access to High Security areas. The number of personnel with Global Access privileges should be limited, but sufficient to cover the entire campus at all times. Global Access staffing should account for anticipated absences due to illness, leave, and employee turnover.
- The specific authority of personnel having Global Access privileges must be defined and documented within the Office of Safety and Security. All key and Card access privileges granted must go through the official access approval policy process (ARCHIBUS).
C. Remote Key Distribution Points
Compartmented or specialty groups or departments may be designated Remote Key Distribution Points and may be allowed to check out a block of access Cards and/or keys that are specifically assigned to buildings and rooms within their direct purview. This would include groups that have outside tenants that utilize their spaces. All key and Card access privileges associated with these Cards, keys, and areas must go through an access approval policy process (ARCHIBUS). Each group is responsible for maintaining a secure key cabinet and is responsible for completing an inventory of who is in possession of all keys and Cards at all times, and of all securely stored Cards and keys that are not being used. These groups will be subject to spot checks and audits by the Campus Access Security Administrator to ensure that access accountability is being maintained.
D. Access for After Hours Events
For University events that take place after hours in facilities that are locked, the Campus Access Security Administrator is responsible for regulating and controlling access to these facilities through the use of ARCHIBUS. The Campus Access Security Administrator may authorize event planning staff to coordinate access, including contacting the Office of Safety and Security to coordinate location, date, and time of the event. Building hours may be temporarily changed on a case-by-case basis, which will require the event planning staff to submit a request through ARCHIBUS to the Campus Access Security Administrator for implementation. The Office of Safety and Security must approve, implement, and administer temporary building hours changes.
E. If Key or Card is lost/stolen
Lost or stolen keys or Cards must be reported immediately through ARCHIBUS (access at archibus.charlotte.edu, when logged into NinerNET). If a key is lost or stolen, Facilities Management will determine the proper course of action and any associated costs, in coordination with the Vice Chancellor for Safety and Security. If a physical Card is lost or stolen, it must be deactivated online immediately by the 49er Card Office. The 49er Card Office will determine the proper course of action and any associated cost to be charged to the user.
- Click here (when logged into NinerNET) to report a lost or stolen key.
- Click here for information on reporting a lost or stolen 49er Card.