The Catholic University of America

Access Control Policy

Approved by:
-- March 26, 2015
Related Policies:
Additional References:
Department of Public Safety (
Responsible Official:
I.          Introduction  
The University is committed to the safety and security of the University community and protecting the University’s physical space and assets.  To meet this commitment, access to University space is managed centrally by the Department of Public Safety, which maintains sole authority for issuing keys and electronic access devices.  This policy outlines the method for obtaining access to University space and the security requirements for those granted such access. Violations of this policy may result in disciplinary action up to and including separation from the University.   
II.         Definitions 
A.         Access Holder means an individual who is authorized to be issued one key, or one electronic access device, in order to gain entry to a University space. 
B.         Building Administrator means the individual designated to approve requests for keys, electronic access devices, or access changes for a specific academic or administrative building. 
C.         Electronic Access Device means a computerized alternative to mechanical locks and keys that is based on the presentation of a credential in order to obtain entry. When access is granted, the door is unlocked for a predetermined time and the transaction is recorded. Electronic access devices include, but not limited to, fobs, access cards, or coded Cardinal Cards. 
D.         Issuing Authority means the Director of the Department of Public Safety or his/her designee, who authorizes the installation of electronic access control, re-coring of locks, and issuance of individual keys and electronic access devices. 
E.         Key Access means that a metal key provides access to a designated University space.   
F.          Locksmith Office means the office located within The Department of Public Safety responsible for making keys and key cores, installing electronic access methods, issuing keys and electronic access devices, and maintaining records of access holders.
G.        University Space means campus buildings, rooms, offices, facilities or other spaces controlled by the University.  For the purposes of this policy, residence halls are excluded from this definition. 
III.         Approval Requirements 
Access to a University space is provided only to University employees upon a showing of demonstrated need. Employees will be granted only that access necessary to perform their specific job functions.  Access for non-University personnel is granted only in special circumstances.   
To obtain access to a University space, an Access Request Form must be completed and forwarded to the Department of Public Safety.  The Access Request Form must be signed by the relevant department head.  If exterior access to a building is requested, the Access Request Form also must be signed by the relevant building administrator.  The completed form can be hand delivered or faxed to the Department of Public Safety in Leahy Hall 120.  The Access Request Form can be found on the Public Safety website at 
Once access to a University space is approved, the Locksmith Office will notify the approved access holder, who must retrieve the key or electronic access device in person from the Department of Public Safety in Leahy Hall.  In instances where a department is occupying new facilities or a large area has been re-keyed, the Locksmith Office will make arrangements to deliver and issue all new keys or electronic access devices.  Each access holder will be issued only one key or electronic access device per University space.  Multiple keys or electronic access devices will not be issued.  
IV.        Security Requirements 
Access holders are responsible for maintaining security of all keys and electronic access devices issued to them.  Keys are not to be duplicated, loaned or reassigned. When separating from the University or transferring to another department all keys and electronic access devices must be returned to the Locksmith Office. Keys and electronic access devices may not be turned over to the department head.  
Access holders must report immediately any lost keys or electronic access devices to their department head to prevent compromise of the affected area. The department head must notify The Department of Public Safety immediately of the loss so that a determination whether to re-key or re-core the affected University space(s) can be made. 
Departments are responsible for independently maintaining control of keys for their equipment (e.g. file cabinets, desks, etc.)  
V.         Installation of Card Readers 
The Department of Public Safety has the sole authority to install, remove, disable, and/or restrict card readers or other electronic access control methods to University spaces.  Department heads and Project Managers interested in having a card reader installed in a University space must submit a request in writing to the Director of the Department of Public Safety.  The request must state the purpose and need for the card reader along with the location.  The Department of Public Safety will evaluate the request and determine if a card reader is necessary or if another access method should be considered.   
VI.        Access Control Violations 
The following are examples of violations of this policy, and may result in disciplinary action:
1.     Loaning keys or electronic access devices
2.     Transfer of keys or electronic access devices without authorization
3.     Unauthorized duplication of keys
4.     Altering keys, locks or mechanisms
5.     Installing padlocks on University spaces
6.     Damaging, tampering or vandalizing any University lock, hardware or security mechanism
7.     Propping doors open
8.     Admitting unauthorized person(s) into any building
9.     Failure to return a key or electronic security device when requested by the Locksmith Office, Department of Public Safety, the Building Administrator, or upon the separation or transfer of employment at the University
10.  Failure to report missing keys or electronic access devices
11.  Persons with Ccure 800 access administrative privileges are prohibited from programming access to areas outside of their respective department.
VII.       Access Control Levels 
A.         General Access 
1.         Level 1- Most basic level of approval. Single office door access.  Approvals required:
i.          Department head approval required 
2.          Level 2 – Multiple doors within a department (interior doors only), building access within normal business hours.  Approvals required:
i.          Department head
ii.          Building administrator  
3.          Level 3 – Building access with card readers (exterior doors) outside of normal business hours
i.          Department head
ii.          Building administrator 
4.         Level 4 – Issuing of Master Keys
i.          Department head
ii.          Building administrator
iii.         Director of Public Safety approval required 
B.         Special Access (e.g. vendors/contractors, visitors, etc.)  Approvals required:
1.         Department head
2.         Building administrator
3.         Director of Public Safety
4.         Provost or cognizant Vice President