Introduction
Key and lock control is an important element to an activity’s crime prevention. Poor key and lock control gives the impression that no one cares and invites theft. All keys and locks MUST be controlled, inventoried, and issued to the user if they are to be an effective device for protecting property and controlling access to work areas.
Key control is the most basic of internal control, and implementing electronic key control systems can help with compliance.
Electronic key stroge cabinet
The most difficult task in managing keys and locks is identifying all locks, locking devices and keys. You must know how many keys and locking devices are active, where they are located, and how many keys or key combinations are in the system. A key control system is now required to establish accountability which should:
- All keys are protected by a lockable solid steel safe. It is equipped with a mechanical locking mechanism and is permanently fixed to the wall. The smart key cabinet will be located in a 24-hour monitored room or a room that is locked when no one is around.
- Access to electronic key lockers must be strictly controlled. The fewer people who have access to the key locker system, the better the security.
- Only registered and authorized personnel may access the key cabinet to remove assigned keys.
The administrator of key storage systems
Each smart key cabinet must have one and only one system administrator. Proxy management is not mandatory but recommended and should be considered. Its main management tasks shall:
- (1) always be responsible for maintaining key registration and updating to ensure continuous accountability for lock keys.
- (2) always be responsible for maintaining or authorizing others to maintain the registration, change and cancellation of users.
- (3) always be granting and distribution of key access rights.
- (4) always be designing and monitoring the compliance process of key access, according to the policy of key control.
- (5) always be responsible for auditing the key log.
Key numbering and RFID tags
In the key management system, an orderly and reliable key number is established for all keys to make the keys “smart”.
- Each key or set of keys is associated with an electronic tag
- The electronic label has a unique code
- 100% maintenance-free
- RFID key tags do not require batteries or ultra-low power consumption
Stricting the available time of users
For a secure key control strategy, the key control system is not available to the user at all times, and it usually coincides with the employee shift schedule, preventing any employees from accessing and possessing physical keys during their non-working hours.
- Employee shift schedules that repeat daily, weekly, and monthly
- It is prohibited to log in to the system outside of the shift schedule
Key curfew
The key curfew policy specifies when removed keys must be returned to prevent loss of keys and keep items and assets valid. The key control system shall have these two types of key curfew:
- range of hours
Some customers use this feature to tie it to a shift schedule, such as 8:00 am to 5:00 pm, to help ensure employees don’t accidentally take keys home.
- length of time
The length of the curfew can prevent the rapid loss of medicines. We helped a pharmaceutical manufacturer solve a challenge using a key curfew. They have large lockable freezers filled with bags of temperature-sensitive medications worth millions of dollars each. If the refrigerator is left on all the time, the drug will degrade. So we helped them deploy a key curfew system with a 20-minute timer. Staff members assigned to inspect freezers are required to use and return keys in a timely manner, otherwise supervisors will be alerted to the person and freezer in question.
Multi-factor authentication
Multi-factor authentication (MFA) is a security method that requires users to provide at least two authentication factors (i.e. login credentials) to prove their identity and gain access to a facility.
MFA uses two or more separate forms of authentication, including:
- what the user knows (password and passcode)
- what the user has (access card, passcode and mobile device)
- what is the user (biometrics fingerprint, finger vein, palm vein, facial recognition, etc)
Permanently issued keys
The next task in the key and lock control is to decide who needs to keep the keys on a permanently signed-out basis. Managers would obviously need a key to the front door, but they should seriously consider who else would personally need to retain a key to the front door or supply area, kitchens, etc. For good physical security, personally retained keys should be kept to the minimum necessary for operational efficiency
Key audit and inventory
Several different types of audits are performed on a regular basis to ensure full compliance. The key management system should have custom software that enables the user to set up all these and many other types of reports. A robust reporting system will greatly assist the business to track and improve processes, ensure employee honesty and minimize security risks.
