Ohio Admin. Code 3344-77-01 - Access control

(A) Regulations

For purposes of section 3345.13 of the Revised Code, these are the regulations governing keys.

(B) Introduction

The objective of access control is to provide a reasonable level of security for Cleveland state university and, at the same time, allow as much freedom of access as possible to the campus community. This document applies to all university buildings and occupants within those buildings including partnerships and lease agreements.

(C) Definitions

(1) Automated access control system (AACS) is the computerized database used to track all access control authorization.

(2) Personally issued keys. Keys assigned to an individual on a permanent basis.

(3) Duty issued keys. Keys issued only while working and returned before leaving CSU property.

(4) Communication access. Communication access allows access to communication closets.

(5) Electrical access. Electrical access allows access to electrical vaults.

(6) Utility master access. Any key or access that includes communication closets, machine rooms, custodial areas, and electrical vaults.

(7) Prox card. Proximity card, a card, fob or other credential that held in the "proximity" of a reader will activate the access control device.

(8) Prox card access. Prox card access allows access to any authorized building or room having a reader and electronic lock release.

(9) Change key or latch key. A change key or latch key opens one door or lock.

(10) Master and submaster keys. Master and submaster keys open a series of locks.

(11) After hour access. Authorized occupancy in a building after closing hours.

(12) Construction core. A temporary interchangeable core used during building or rehabilitation of a building project.

(13) University calendar of events. The Cleveland state university (CSU) campus scheduling software used to create the CSU master calendar and the official database used to approve or deny access during off-hours.

(D) Single access control coordinator (SACC)

(1) The SACC is designated in writing by the senior faculty/staff committee or other official having direct control over the facility, department or area. The SACC has direct responsibility for coordinating access control, alarm protocols, and alarm and access control schedules.

(2) Requests for access shall be submitted to the SACC. No individuals may sign their own access request.

(3) Access to buildings, rooms, and closets is authorized by the SACC only when a completed access control request form is signed by the SACC. The SACC has an affiliated duty to properly inform individuals designated access of this rule and on the use and limitations of the SACC's approval.

(4) The access control, safety and security systems department (AC&SS) may overrule a grant of access control by the SACC. In such situations, individuals may appeal, in writing in accordance with paragraph (P) of this rule if the individual believes that access was unjustly denied.

(5) The access control activation limits:

Faculty	Active until departure
Staff	Active until separation
Student	Active until separation
Vendor	Not to exceed one calendar year

(E) Access to closed university buildings

(1) Access to closed buildings will not be provided for students, faculty, staff, or other designees unless the AACS indicates authorized access.

(2) Request for opening an exterior door(s) for an event, class, or any other exception to the posted building hours, must be scheduled through conference services and listed on the official university calendar of events at least five days in advance. Requests to open a closed building for an event not listed on the university calendar of events must also be submitted to AC&SS at least five days in advance of the event or the request will not be honored.

(F) Obtaining access

(1) The department requesting access for an employee, contractor, or vendor must submit a completed access request form (ARF), signed by the SACC or SACC designee, or a completed keybox access request form (KARF), signed by the project manager, to the access control office via email.

(2) AC&SS will determine if card access, key access, or both are required to fulfill the request.

(3) Access cards and keys cannot be obtained through the mail. Cards must be issued at the viking card office in the main classroom building, room 112.

(4) Keys are issued at the Campus Safety building reception window.

(5) CSU or governmentally issued photo identification will be required to pick up keys/access cards.

(6) Students shall not have master electronic access or any keys personally issued to them.

(7) Building hours of operation are posted and updated on the AC&SS page of the CSU website.

(G) Access transfers

Access cards must be obtained at the viking card office by the person to whom they are issued. All keys must be obtained at the campus safety building by the person to whom they are issued. To transfer keys directly from one person to another, a key transfer form must be completed and sent to the access control office via email.

(H) Access dispersals

All requests for personally issued master and submaster keys will be denied. All rights to hold personally issued master keys and submaster keys issued prior to the approval of this document are hereby rescinded. Master keys and submaster keys will be available for authorized personnel in the electronic keybox system only. Requests for keybox access to master and submaster keys may also require a background check.

(I) Broken/worn out keys or access cards

The holder of a worn or broken key may schedule an appointment with the locksmiths to have the key replaced. The holder of a worn or broken access card may have the card replaced at the viking card office. The broken or worn out keys or access cards must be turned in before new ones will be issued. There will be no charge for broken or worn out keys or access cards.

(J) Temporary access

(1) Urgent access. Individuals, who require immediate access, including emergency repairs during off normal hours, may call the campus police to open a door. Upon presentation of a CSU or valid governmentally issued photo identification the officer shall query the AACS. If the system indicates approved access, the door may be opened. There shall be a charge of fifty dollars for the service. If the duty officer or the facilities director authorize emergency access there shall be no charge.

(2) Student owned padlocks. Upon presentation of a CSU or valid governmentally issued photo identification and proof of ownership, the key shop staff or the campus police may, at the responding person's sole discretion, remove a padlock on a student locker. A police officer shall always be present for this process. CSU will not be responsible for damage to the lock.

(3) Temporary construction cores. Departments requesting temporary access for contractors or vendors may have their request fulfilled by the use of temporary construction cores. The cost of the cores, keys and installation shall be paid by the requesting department.

(K) Duplicating access and changing locks

(1) Pursuant to section 3345.13 of the Revised Code, the duplication of keys is prohibited except as otherwise provided in this rule.

(2) This rule prohibits the removal/installation of locking mechanisms by anyone other than the access control office. AC&SS reserves the right to periodically contract a certified, bonded professional locksmith to assist with lock installation and any other associated project.

(3) The CSU lock shop is the only agent authorized to purchase and issue locks. Door locks may only be removed or changed by the university locksmiths.

(4) Departments will be responsible for any cost incurred to resolve unauthorized changes.

(5) No CSU official, other than the AC&SS manager and locksmiths, shall sign any contract that allows the use of the CSU core(s) or key code(s). No core(s) or lock(s) shall be installed that is not of the CSU master key system without the written authorization of the manager of AC&SS.

(L) Returning keys/access cards

(1) Before separating from the university or transferring to another department, all students, faculty, and staff must return their university keys to the key shop or complete the key transfer form and submit it to the access control office.

(2) Each college/department is responsible for advising all exiting or transferring employees of their obligation to return university keys prior to leaving campus.

(3) Lost or stolen keys must be the subject of a police report, and lost key fees will apply.

(M) Lost / stolen keys or access cards/fees

(1) All lost or stolen keys or access cards must be reported to the concerned college/department, and to the university police. The campus police will complete an official, documented police report. Replacement of keys will not be made until the police report is completed.

(2) To replace lost or stolen keys or access cards, individuals must complete an access request form.

(3) A graduated monetary charge is hereby established to cover lost and/or stolen keys:

Operating (office, desk, file, lab)	$ 20.00 each
Submaster	$ 500.00
Building Master	$ 750.00
Grand Master	$ 1000.00
Viking Prox Card	Fee established by the Viking Card office
Construction Cores and Keys	Cost established at time of request

(4) The loss or theft of a submaster, building master, or grand master key jeopardizes the security and protection of an area (dormitory, laboratory, office complex, or building), and the entire area may need to be re-cored and re-keyed. The department from which the key was lost or stolen will be charged for the total replacement costs.

(N) Access control records/inventory

(1) Key shop

(a) It is the responsibility of the key shop supervisor to keep all records related to key control filed in the Keystone® database current and accurate.

(b) This includes but is not limited to:

(i) Key issuance

(ii) Core issuance by location

(iii) Lock installation

(c) It is the responsibility of the supervisor of the key shop to insure all keys and all cores issued are stamped with a unique identifier and the information entered into the keystone® database current and accurate.

(d) It is the responsibility of the AC&SS manager to insure that the Keystone® server is protected by a firewall and backed-up weekly.

(e) The manager of AC&SS shall maintain, update, and enforce the standard operating procedures for the guidance of the CSU lock shop.

(2) Access control

(a) Each college/department SACC or their designees should maintain a list that identifies all respective employees and students who have access rights issued to them. This list should be updated each semester for reconciliation and security purposes. SACCs and their designees are responsible to verify that the report is accurate.

(b) SACCs, and their designees if applicable, should maintain a complete and current list that indicates the following: name of the access holder, authorized areas, and date issued. The college/department's access list will help when reconciling the employee separation form sent from human resources. Discrepancies should be reported to the access control office within thirty (30) days. An amended document will be printed and sent back to the department to ensure that changes have been accurately entered in the AACS. Since each person or college/department is financially responsible for all keys or access cards issued, accurate information is essential.

(c) All access control inventory lists reconciliations shall be reviewed and approved by the appointing authority.

(O) Prohibited conduct

(1) Disabling any university security device.

(2) Propping open any locked doors.

(3) Allowing any other person the use of a key, card access, or electronic keybox PIN.

(4) Duplicating any key or card access device.

(5) Leaving a CSU key unattended.

(6) Leaving a key code book unsecured.

(7) Failing to report a missing key to the campus police

(8) Failing to retrieve a key(s) when a person is transferred, is away for a prolonged period of time (i.e. medical leave), or is in any other way separated from CSU.

(P) Appeal Process

(1) In the event that access has been denied when it should have been granted under this rule, a faculty member, staff member or student who has been adversely affected may request a review of the decision to the manager of AC&SS.

(2) The request must be made in writing and particularly state the nature of complaint and the proposed remedy. The complaint must also contain an address to where the response is to be directed.

(3) The manager of AC&SS shall cause an investigation of the complaint and render a decision in writing within thirty days receipt of the request for review.

(4) Decisions of the manager of AC&SS may be appealed to the chief of police within five days of receipt of the manager's decision. The appeal must be in writing and include an explanation of why access should have been granted. The vice president for business affairs and finance will review the record on appeal and issue a decision.

(Q) After hour building unlocking

(1) Changes in building hours. Changes in building hours, weekend changes or any special event requiring a change of lock or unlocking of exterior doors can be accomplished by authorization of the vice president for business affairs & and finance, SACC or conference services with notice to the department of AC&SS.

(2) All requests for facilities, other than academic classes, must be approved by the department of conference services. Events scheduled will appear on the university calendar to provide support and coordination so every event will become a successful, positive reflection of the university. Events not listed on the university calendar of events will not be provided support services. Questions may be directed to conference services at 216-523-7203 or through the conference services page of the CSU website.

(3) Failure to notify AC&SS of a change that results in a campus police intervention to lock or unlock a building will result in a fifty dollar assessment.

(4) Changes occurring less than twenty-four hours prior to the event must be directed to the campus safety communications center at 216-687-2020.

(R) Audits and usage

(1) Requests for historical reviews of either door access or personal history can be made to the manager of AC&SS. Such requests should be made in writing, including by email, and shall describe the door, person and the dates of usage required. Such requests should be placed through the building SACC, but may be made directly if the situation requires it.

(2) Emergency audits can be made through the campus police department at 216-687-2020.

(S) Past practice

This regulation supersedes and replaces any current policy, procedure, custom or usage as it relates to access on the CSU campus. It specifically ends:

(1) The practice of opening buildings without fee for faculty, staff or others on off-hours without change or authorization

(2) All rights to hold personally issued master keys and submaster keys

(3) All issuance of CSU keys to students.

Replaces: 3344-77-01

Notes

Ohio Admin. Code 3344-77-01

Effective: 6/4/2016
Promulgated Under: 111.15
Statutory Authority: 111.15
Rule Amplifies: 3344
Prior Effective Dates: 11/4/1977