BEST PRACTICES FOR KEY MANAGEMENT to eventual replacement. It can therefore be budgeted in advance and the monies in place for each phase, meaning no crisis manage- ment decisions and no heads rolling over the severity of a sudden and unanticipated loss. 15. Above all this, obey the rule com- bining the two most important principles to remember: Standardize and document everything! Documentation is the lifeblood of master keying and key management. The security provided by every master key system is di- rectly related to the use of proper record- keeping techniques and standards. The life cycle of the master key system is directly related to the use of proper record-keeping and documentation and the implementation of standardized procedures. Standardization is the vein through which the lifeblood flows. The more variations exist, the more expensive repairs and corrections will be, the more difficult tracing items will be, and so forth. Documentation includes key issue and return forms, manual or computer file card systems and a master key logbook. With the exception of the issue and return forms, all documentation should be stored in a secure location and encrypted. For manual file card systems, the infor- mation must be cross referenced so that the cards quickly direct you from keyholder to area, area to lock combination and keying levels, and from there to other keyholders. This is difficult, but one of the biggest master key systems in the world was at the World Trade Center, and until the last few years of its existence all records were efficiently tracked on index cards. It can be done, but it requires commitment. Regarding computer supported soſtware, there are many programs on the market, ranging from inexpensive programs in the $30 range to sophisticated systems in the $25,000-$65,000 range. Price is not an ef- fective judge of which soſtware will suit your needs in a particular institution. You 50 KEYNOTES JANUARY 2015 “KEY MANAGEMENT POLICIES SHOULD BE CLEARLY WRITTEN TO BE UNDERSTOOD EASILY, OR TRANSLATED COPIES SHOULD BE MADE AVAILABLE.” need to fully examine its capabilities and limitations, and to find out how receptive its author(s) can be to specific modifications if you need them made for the soſtware to function effectively. Many institutions decide to rely on their in-house programmers to write the program to manage the key system. This is almost always a mistake. It seems like an efficient way to do it in the beginning, but the pro- gram will have more faults and limitations because this is not the sort of programming they are used to, and they will quickly tend to lose interest in updating or correcting it. Some institutions decide to rely on office skills to transform the manual card system into a computer-generated spreadsheet for- mat. This usually lacks the relativity of the data that needs to be tracked, although it can be done, particularly in smaller institutions or institutions with fewer changes. As a guideline, regardless of whether is it file cards or a computerized system of record-keeping, keys should be associated (and searchable) by: Key number to location(s) Key number to bitting (cut depths) Key number to individual keyholder(s) Key number to department(s) Location(s) to key number(s) Locations to individual keyholders Locations to bitting (cut depths) Location to department(s) Bitting (cut depths) to key number Individual keyholder(s) to key number(s) Individual keyholder to location(s) Individual keyholder to department(s) Department to keyholders Additionally, keyholder information should be searchable by: Keyholder by name Keyholder by ID number (preferably not the Social Security number) In spite of all of the above it should be simple to get all the information in as few keystrokes (or index cards) as possible. The 15 steps in this article form the basis of a good key management system that can extend the life of key systems, provide better safety and security for the institution, pro- tect its property, and protect the lives and well-being of its personnel (both employee and transient). Remember, security is provided in layers. Any single layer can be pierced, but the more layers that exist, the more difficult it will be to pierce it, and the less likely it will occur. But in spite of that, it will still eventually reach its usable limit and require replace- ment. Anticipating the life cycle is perhaps the most important of all the aspects of these 15 procedural guidelines. Crisis management is both inefficient and overly expensive, and oſten results in people being sued or fired or both. Following these guidelines and evaluating the life cycle al- lows you to properly set back funds to pre- vent such scenarios and the poor decisions that oſten result from crisis management driven solutions. Don OShall, CPL, CMIL, CMKS, is the author of many books for locksmiths, including Institutional Locksmith Shop Manage- ment (available in the ALOA Bookstore). He has taught the trade for more than 40 years. He has run an exceptionally well- regarded institutional lock shop for more than 25 years. WWW.ALOA.ORG
