Some HOW are still able to get away with not locking up - and I say great it sounds like a community I want to live in. Everyone else, however sad it may be, realizes the need to lock their sanctuary to prevent criminal damage.
But who has a key? The best lock is worthless if everyone has a key!!! In the world of security this is called - prepare for the creativity of the name - Key Control. It sounds so simple - and many consultants will act like it is - but let's face it... Houses of Worship - churches, synagogues, mosques, and sanctuaries of all sorts - must provide access to lots of people for just as many reasons. So where then does one begin and how does it happen and what if it won't work for us and what if and what if and what if and what if... We haven't gotten that far yet. Save the "what ifs" for the right time - which is after you hear how the basic process works. Think of it in these phases: Sourcing access, granting access, managing access devices.
Sourcing access comes when you know who changed the locks (or rekeyed them) and how many keys were made for them. Typically this is done when they are rekeyed (we'll call it changing locks going forward rather than worrying about the technicalities between changing or rekeying locks) and the locksmith is right there. Once the work is done and all the keys are received there should be some documentation that indicates that, preferably, two responsible people acknowledge that the correct number of keys were received. Then the process of granting access starts. Who needs access and why. These individuals should be required to sign for their key - which is property of your organization - to acknowledge receipt. They should also have to sign an acknowledgement that they have received a copy of your organization's Access Control Policy (which we will discuss another time) that describes how and why the facility should be accessed and egressed, or occupied and vacated. This police will evolve so new ones can be distributed on a somewhat routine basis - maybe every six months to a year. Now people have access to the facility. The policy should include obligations not to reproduce the keys (access devices) or to share them with others, and to return them immediately upon request. Why would they have to return them? Well that should be in the policy as well, but don't be afraid to revoke access every so often if warnings and other agreements cannot be abided. This is part of managing access devices - revoking access - along with inventorying spare devices regularly and securing them appropriately so that those without access to the facility cannot conveniently get access.
Alright I think I'm done with this topic for now. I'd be glad to discuss it with anyone looking for help - so drop me a line.
Rob
/
No comments:
Post a Comment