XAVIER UNIVERSITY Building Access Control Policy

Similar documents
University Facilities Management (UFM) Access Control Procedure (non-residence areas)

Administrative Procedure

PHYSICAL PLANT OPERATIONAL & MAINTENANCE ADMINISTRATIVE PROCEDURE. Purpose

Policies & Procedures Effective Date: January 24, Key Control

Mills College Key Policy

Virginia Commonwealth University School of Medicine Information Security Standard

Facility Security Policy

University of Wyoming Mobile Communication Device Policy Effective January 1, 2013

Data Centers and Mission Critical Facilities Access and Physical Security Procedures

Access to University Data Policy

MOTT COMMUNITY COLLEGE. Procedure for Cellular Telephones

PURPOSE The purpose is to establish policy regarding university computers. The goals of the policy are to:

POLICIES AND PROCEDURES

Wireless Services Allowance Procedure

Centeris Data Centers - Security Procedure. Revision Date: 2/28/2018 Effective Date: 2/28/2018. Site Information

The University of British Columbia Board of Governors

Keys and Electronic Access (KEAS) User Manual

Identity Theft Prevention Policy

ISSP Network Security Plan

Privacy Breach Policy

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Information Technology Standards

IDENTITY THEFT PREVENTION Policy Statement

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Employee Security Awareness Training Program

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280

Subject: University Information Technology Resource Security Policy: OUTDATED

Data Center Access Policies and Procedures

POLICY 8200 NETWORK SECURITY

Red Flags Program. Purpose

Number: USF System Emergency Management Responsible Office: Administrative Services

I. Policy Statement. University Provided Mobile Device Eligibility Policy Effective Date: October 12, 2018

Policies & Regulations

PA TURNPIKE COMMISSION POLICY

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

Red Flags/Identity Theft Prevention Policy: Purpose

Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015

Cell and PDAs Policy

Information Security Incident Response and Reporting

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Security Surveillance Camera and Video Policy

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

Name of Policy: Computer Use Policy

Ulster University Policy Cover Sheet

Constitution Towson University Sport Clubs Organization Campus Recreation Services. Article I Name. Article II Membership

Wireless Communication Stipend Effective Date: 9/1/2008

Policies and Procedures Date: February 28, 2012

Responsible Officer Approved by

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Wireless Communication Device Use Policy

Cellphone Provision Policy

Marshall University Information Technology Council. Procedure ITP-16 IT INFRASTRUCTURE AUTHORIZATION PROCEDURE

Select Agents and Toxins Security Plan Template

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

B. To ensure compliance with federal and state laws, rules, and regulations, including, but not limited to:

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

Table of Contents. PCI Information Security Policy

University Policies and Procedures ELECTRONIC MAIL POLICY

PTLGateway Data Breach Policy

CELLULAR TELEPHONE EQUIPMENT AND SERVICES POLICY

This regulation outlines the policy and procedures for the implementation of wireless networking for the University Campus.

UCLA AUDIT & ADVISORY SERVICES

INFORMATION SECURITY- DISASTER RECOVERY

WELLSBORO AREA SCHOOL DISTRICT

UTAH VALLEY UNIVERSITY Policies and Procedures

Cyber Security Program

SECTION 15 KEY AND ACCESS CONTROLS

State of Colorado Cyber Security Policies

DATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS. Audit Report June 15, 2012

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Freedom of Information and Protection of Privacy (FOIPOP)

LOYOLA UNIVERSITY MARYLAND. Policy and Guidelines for Messaging to Groups

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Prevention of Identity Theft in Student Financial Transactions AP 5800

Standard for Security of Information Technology Resources

Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

UNC Campus Security Initiatives Update. Business Affairs Committee May 9, 2017

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017

UITS Data Center Access Policies and Procedures

Herkimer County Community College. Department of Information Services Computer Use Policy and Guidelines

Opportunity Lives Here

!IlflimTIII~III~III~l~I~IIII!

Instructions for Reserving Davage Auditorium and Thomas Cole Science Research Center Rooms and Auditorium

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

University of North Texas System Administration Identity Theft Prevention Program

Access Control Executive

University Network Policies

Virginia Commonwealth University School of Medicine Information Security Standard

General Information Technology Controls Follow-up Review

SDBOR Technology Control Plan (TCP) Project Title:

Enterprise Income Verification (EIV) System User Access Authorization Form

Section 3: Requesting a space for an event

RULES GOVERNING CERTIFICATION FOR Water Treatment Operators & Associates

Office Name: Enterprise Risk Management Questions

ASP Professional Standards and Certification Program for Strategic Planning and Strategic Management ASP CERTIFICATION

Red Flag Policy and Identity Theft Prevention Program

Acceptable Use Policy

Wireless Communication Device Policy Policy No September 2, Standard. Practice

Transcription:

Effective: March 25, 2019 Last Updated: March 20, 2019 XAVIER UNIVERSITY Building Access Control Policy Responsible University Office: Auxiliary Services, Physical Plant Responsible Executive: Vice President, Financial Administration and Chief Business Officer Scope: Students, Faculty, Staff, and Contractors A. REASON FOR POLICY This policy provides procedures and guidelines for facilities access that supports the mission and life of the University while maintaining a high level of personal safety, building security and energy conservation. This is accomplished by implementing a combination of open building times coupled with key/card access for those who need access during times when buildings are not open. B. POLICY The policy covers the following: Procedures for gaining access to University owned and leased facilities by key and/or ALL Card The process of requesting, returning and reporting lost or stolen keys and/or ALL Cards The framework for granting access to authorized individuals Accountability for tracking key and ALL Card requests for access C. GENERAL PROVISIONS It is the joint responsibility of Auxiliary Services and Physical Plant, working under the direction of the Vice President, Financial Administration and Chief Business Officer (VPFA/CBO) to implement this policy. Key or ALL Card access should only be granted to individuals who have a legitimate and official need for the access, and have acquired the appropriate approvals for such access. Key and/or ALL Card access will be granted at the appropriate level in system hierarchy commensurate with providing the access required by the individual s position and responsibilities. Key and/or ALL Card access shall only be granted when no other reasonable means of access is available. All keys and ALL Cards issued shall remain the property of the University, not the individual. All requests for installation and expansion of electronic access control will be vetted to and, if deemed appropriate, approved by both the Office of Physical Plant and the Office of Auxiliary Services. This approval does not include funding of projects, funding must be secured by the requesting department.

Any requests for special access privileges, which are based on physical handicap or other issues covered under the Americans with Disabilities Act (ADA), must be approved by the Office of Human Resources. D. DEPARTMENTAL RESPONSIBILITES Physical Plant - The issuance of keys, as well as the installation and maintenance of manual and electronic lock and door hardware will reside with Physical Plant. This department will be the first point of contact to troubleshoot electro-mechanical issues with secured doors. They may engage outside technical support with local service integrators when necessary. Physical Plant is responsible for maintaining records of all key holders and key requests. Auxiliary Services - The issuance of ALL Cards and assigned access as well as the day-to-day management of the PERSONA access control application, including coordination of open support tickets, will reside with the Office of Auxiliary Services. Auxiliary Services is responsible for maintaining records of all cardholders and card access requests. Responsible for conducting bi-annual audits of manually assigned access levels (with exception of those related to Residential facilities) Xavier Police - Security of campus buildings, including alarm monitoring and response as well as processing electronic or manual lockdowns in the event of an emergency, also handling special requests occurring outside of normal operating hours, and investigating the unauthorized use of lost and/or stolen ALL Cards or keys will reside with Xavier Police. Residence Life Issuance and management of key and ALL Card access to students and staff for oncampus housing facilities will reside with the Office of Residence Life. Residence Life is responsible for maintaining records of all key holders and key requests. More details can be found in Section 11, Definitions of Responsibility for Residential Facilities Access. Information Technologies Maintenance of PERSONA server and application software, including interfaces to Banner and Housing software systems. Will work with software provider directly when necessary to troubleshoot any issues with system performance. E. KEY AND ALL CARD HOLDER RESPONSIBILITIES Take appropriate measures to safeguard any University keys or access cards issued to you. Never loan your keys or access cards to anyone. Never use your keys or access cards to grant access to secured areas to non-authorized individuals. Never prop open or otherwise disable any normally secured doors. Never store keys or access cards in any unsecure fashion. Keys and/or access cards should be kept in a locked drawer or cabinet when not carried or in use. F. ACCESS REQUESTOR RESPONSIBILITIES The access requestor of key or card access is the individual requiring the access privilege. The access requestor must obtain the appropriate level of approval for the request using the Authorization Matrix (Section 13) as a guide. The access requestor must submit a signed Request for Key form to Physical Plant and/or submit a Request for Access form to Auxiliary Services or Residence Life for processing. The access requestor shall work with authorized approvers on the semi-annual access control audit report, to verify the ongoing need for access privileges previously granted to them. The access requestor shall immediately report lost or stolen keys and/or ALL Cards to Physical Plant and Auxiliary Services, respectively, as well as to Xavier Police. Xavier Police must be notified and may investigate lost and/or stolen ALL Cards or keys.

G. GUIDELINES FOR REQUESTING ACCESS Requests for key or card access to the exterior of a building for after-hours should be limited to those with an office in the respective building or having an otherwise demonstrated academic or administrative need that cannot be satisfied during normal building hours of operation. Section 13, Authorization Matrix, should be used as the guide for acquiring appropriate signature approval for your request. Request for Keys Request is found online at: https://www.xavier.edu/plant/key-requests ALL Card request for Access Form is found online at: https://www.xavier.edu/auxiliary-services/all-card-center/request-for-access MyXU / Business Tab / Xavier Forms / Request for Building Access, OR Special Access Requests Requests for ongoing access outside of the normal building hours for specific groups must be submitted in writing to the Provost and Chief Academic Officer and the Vice President, Risk Management for consideration. H. BUILDING HOURS Administrative, classroom, residential and special purpose buildings will be unlocked, locked or have restricted access as indicated in Attachment A. Building Coordinators who feel that these hours are not sufficient to serve their building s needs, can submit a written request and rationale to change hours to the Provost and Chief Academic Officer and Vice President, Risk Management for consideration. Public use buildings including Bellarmine Chapel, Cintas Center, Conaton Learning Commons, Gallagher Student Center, McDonald Library, McGrath Health Center, and O Connor Sports Center will have their operating hours provided by the respective Building Coordinators. University Holidays Academic and Administrative buildings will be locked on days that the University is officially CLOSED for Holiday or weather related reasons. Pre-authorized card access for employees will remain unchanged on these days. Departmental requests for unlocking a building for a special event must be submitted in writing by the requesting department head to the respective Building Coordinator. The Building Coordinator will then work with Xavier Police and Auxiliary Services to schedule the required action. Building Coordinator will be responsible for communicating this additional access to other building constituents for the purpose of raising awareness of the event. I. KEY ACCESS POLICY Issuance, Control and Responsibility for Keys Door keys shall be issued and controlled by the Physical Plant Shop. Persons to whom keys are issued shall use the keys only in accordance with this policy. Duplication of keys, other than by the Xavier, is prohibited. Physical Plant is responsible for managing the records of all key holders and key requests. Responsibility for Residential Facilities Access Privileges Residence Life will be responsible for initial authorization and the issuance of keys to students living in residence halls and other housing units. Students living in residence halls are authorized one room key. Residence Life is responsible for managing the records of all key holders and key requests. Request Protocol / Authorization All requests for keys must be submitted using the Physical Plant Key Request Form found online at: https://www.xavier.edu/plant/key-requests. Requests will only be processed if received in this manner and approved by the appropriate level administrator. A matrix outlining Authorized Approvers can be found in Section 13.

Key Return When an individual's need for a key no longer exists, whether as a result of termination of employment or other reasons, it is the responsibility of the employee's home department to collect the unneeded key(s) from the employee and return it/them to the Xavier Key Shop. For reasons of security and data control, it is prohibited for any department to reassign any key from one individual to another without routing the appropriate key request through the Physical Plant Key Shop. Access by Non-University Personnel In certain cases there may be a need for non-university personnel to be issued key access to University facilities or rooms. In such cases, the department head or chair that has contracted for the services must submit a Key Request form to Physical Plant. The key will have a return due date at which time the key must be surrendered or its issuance renewed. J. CARD ACCESS POLICY Issuance, Control and Responsibility for Cards The Office of Auxiliary Services is responsible for the production and distribution of ALL Cards and temporary access cards. Issuance of new and replacement cards will be handled during the course of normal office hours. Auxiliary Services is responsible for managing records of all cardholders and card access requests. After Hours Temporary Cards After hours temporary card issuance and deactivation will be performed by Xavier Police and/or the Office of Residence Life. After hours deactivation of ALL Cards can be performed by individual students, faculty and staff using the Online Card Services website available on the Student Services and Employees Services tabs on MyXU. Request Protocol / Authorization All requests for card access must be submitted using the Request for Access form found online at MyXU / Business Tab / Xavier Forms / Request for Building Access, OR https://www.xavier.edu/auxiliary-services/all-card-center/request-for-access Requests will only be processed if received in this manner and approved by the appropriate level administrator. A matrix outlining Authorized Approvers can be found in Section 13. Authorized Approvers will receive an e-mail communication that includes the link to this request form. Authorized Approvers are responsible for tracking and reporting to the Office of Auxiliary Services, in a timely manner, when access needs to be removed from an individual s ALL Card. Physical Plant and Xavier Police Access Requirements Due to job responsibilities for work relating to building maintenance, security and life safety issues, select staff members of both the Offices of Physical Plant and Xavier Police are able to access all electronically controlled doors at all times. These lists of master level access are to be determined by the Vice President, Facilities and the Chief of Xavier Police respectively. Memberships of these groups are managed by these offices respectively and are audited by the Office of Auxiliary Services semi-annually. Access by Non-University Personnel In certain cases, there is an ongoing need for non-university personnel (i.e. Contractors, volunteers, etc..) to access University facilities. In such cases, the head of the unit that has contracted for the services must submit a Request for Access form to be kept on file. If the access request involves entry into a Xavier housing facility, the Residential Systems Manager for Residence Life and Chief of Xavier Police will be notified of the request. Request for this access is set to expire on the date indicated on the form but does not extend more than thirty-one (31) calendar days past the current fiscal year end (June 30, 2xxx) and must be renewed if necessary. Membership in these user groups is audited by the Office of Auxiliary Services semi-annually.

It is the responsibility of the contract agency to immediately inform Xavier University when an approved employee s access should be removed. The contract agency is responsible for their employee s actions up to the time the notification is received. Card Return When an individual's need for an ALL Card no longer exists, whether as a result of termination of employment or other reasons, it is the responsibility of the employee's home department to collect the unneeded card from the employee and return it to the ALL Card Center. K. DEFINITIONS OF RESPONSIBILITY FOR RESIDENTIAL FACILITIES ACCESS The Office of Residence Life is responsible for defining levels of access privileges for all residential students and the following group of non-student users: Jesuit-in-Residence, Faculty-in-Residence, Residence Life professional staff, and other University employees as deemed necessary by Residence Life. Student access to the Residence Halls and Apartments is limited to students living in that building, with the exception of predefined visiting hours. Residents of a hall or apartment community will be provided with 24 hour access to their own residential facility. Changes of residence or residential status that necessitate a corresponding change of resident access privileges will be administered by Residence Life professional staff. Designated administrators, staff, and faculty may receive access to all Residence Halls or Apartments on a 24/7 basis as determined by Residence Life professional staff. Individuals requesting access or additional access to a residential facility or space must submit a request to Residence Life professional staff at least 48 hours in advance. The requestor may need to submit appropriate paperwork if applicable. Residence Life staff will perform audits each semester to reassess user access to Residential facilities. L. KEY/CARD POLICY VIOLATIONS The following acts are examples of violations of the Access Control Policy: Loaning keys and/or ALL Cards to others Transfer of keys and/or ALL Cards to others without authorization Unauthorized use of key and/or ALL Cards with the purpose or intent to commit a theft offense Unauthorized duplication of keys Attempting to secure any campus area with an unauthorized locking device Damaging or tampering with any University lock, access control or door hardware, or any other attempt to defeat or disable any access control systems Propping open secure doors Admitting unauthorized persons into a secure building Failure to return a key and/or ALL Card when leaving the University, or when otherwise requested by authorizing department Failure to report a missing key and/or ALL Card Persons in violation of this policy may be subject to University discipline policies and/or prosecution.

M. AUTHORIZATION MATRIX The following matrix will be used to establish the necessary authorizing person for an Access Requestor: Key/Card Level Eligible Key/Card Holders Authorization Level (one signature required) Grand Master Key Xavier Police, Physical Plant VP, Facilities Building Master Key Xavier Police, Physical Plant VP, Facilities Department Sub Master Key Building Entrance Key/Card Individual Room/Door (Office/Storage) Key/Card Provost/VP/Dean/Dept. Director/Chair Xavier Police, Physical Plant, Authorized Employees and Students Authorized Employees VP, Facilities or Executive Director Physical Plant Provost/VP/Dean or Dept. Director or Academic Chair Same as Building Entrance Residential Facilities Keys or Access Cards Temporary Access Cards Xavier Police, Physical Plant, Res Life Pro Staff, Building Residents Xavier Police, Physical Plant, Res Life Pro Staff, Building Residents Authorized Employees and Contractors Residence Life Professional Staff All Card Office during normal business hours Xavier Police after hours NOTE: The requestor cannot authorize their own request, as it must be authorized at a level above them. CONTACTING XAVIER Please contact the Office of Auxiliary Services with any questions regarding All Cards. Please contact Physical Plant with any questions regarding keys. Contractors should contact their respective contracted department.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback