physical security lock

Key Control

William F. Booth, CPP Security Assessment, Security Master Planning, Security Program Development


gold key in a gold lock

So often in our modern technical world, we overlook the basic means of securing most assets: the lock and key. Good key control is imperative for excellent security.

At this point, many of you may be saying to yourselves, “I cannot possibly get control of my facility’s keys when no one has had control of them for years.” This is not true – control can be re-established. It may have to be done gradually, not in one grand gesture, but it can be done. You may choose to do it one building per quarter or some similar method to reduce the impact of cost. Or your management may consider it so important that they authorize the program to be undertaken in one fell swoop.

The questions are “How can I establish control?” and “What is the standard?”

First, you establish control with the issuance and enforcement of a key control policy. Second, the standard is that you must be able to account for every key that has ever been issued for a specific lock. Decide what doors you desire to be secure. This does not have to be all of the doors in a facility, but it should include outside doors and any other doors that you wish to be “secure”.

An effective key control policy should be implemented just prior to the re-keying. It should include:

  • Any lock to any outside door or any other secure door should be re-keyed unless every key that has ever been issued for that lock can be accounted for.
  • A written key control procedure should be distributed to all affected employees that outlines the key control policy and identifies a Key Control Coordinator.
  • The Key Control Coordinator should administer the issue and retrieval of all keys and should maintain a record of who has access to each respective department and/or room.
  • The Key Control Coordinator should establish a record keeping system to track the issue and retrieval of keys. This can be either a computer-based system or a manual ledger. The system must be maintained in a secure area away from any keys. Accountability receipts should be retained on file for all personnel who have been issued keys.
  • A department manager or supervisor should be the responsible person for authorizing the issue of keys within their department.
  • Duplication of keys should be only accomplished by a “company” locksmith, unless approved by the Key Control Coordinator.
  • Lost keys should be reported to the Key Control Coordinator immediately. The Coordinator will approve replacement of lost keys.
  • Locks should be changed when a key is lost.
  • If possible, the key system should be a restricted key-blank type system (The key blank is restricted-issue and cannot be easily obtained by unauthorized individuals.). Stamping “Do Not Duplicate” on standard-blank keys does not prevent them from being duplicated. If keys are duplicated outside of the company procedures, key control will have been lost and you may not even know it.

Plan. Protect. Prosper.

Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.

919-834-8584 or 800-775-8584