Management of keys
and access codes

Quick links

If thieves get hold of a key or access control code/card, gaining entry to a site or a sensitive and otherwise secure part of the premises becomes much easier.

As a result the detection systems may not be triggered letting them have more time to complete their activity.

 

Use of the word 'keys'

From here on, the word ‘keys’ refers not only to a physical key, but also swipe cards, key fobs and other devices used to unlock a door, gate, barrier or similar.  We won’t use ‘keys’ when referring to access codes, biometrics and other intangible elements.

Key actions to manage keys and access codes

  • Check keys you have on site, what they’re used for and who has access to them, before making any decisions about what procedures to put in place.

    - Don’t forget, it’s not only premises keys that need to be secure, think also about keys that open safes, and keys for vehicles like fork lift trucks.
  • Consider using a secure key cabinet for when keys aren’t in use. Place it where it isn’t accessible to the public/customers, and where it is protected by your intruder alarm system.

    - Some key cabinets let you track which employee has which key by requiring a ‘peg’, unique to the employee, to be inserted into a corresponding ‘plug’ in the cabinet to release the key. More sophisticated computer controlled cabinets are also available.
  • Don’t forget to consider the location and security surrounding any spare keys.
  • Remind staff to ensure key cabinet doors are kept closed (with the key to open it removed) and locked, other than when keys are being deposited or removed.
  • Review which employees hold keys (if any) and which keys they actually need access to for their day-to-day jobs. The fewer keys in circulation and the fewer employees with access reduce the chances of keys going missing.
  • Have procedures in place for when a member of staff leaves your employment, so keys are collected, access codes changed and access privileges on computer systems are promptly deleted. You may also want to consider changing locks, especially if the employee was dismissed from their position. Review these procedures on a regular basis, or when changes are made to security.
  • Set up your access control system (if you have one), so each worker only has access to the areas they need access to. For example, only IT personnel should need access to the server room, so only their credentials should permit this.

    - It should also be possible to set up temporary access – allowing access for a certain time period only.
  • Make it clear to all employees and provide reminders (in the form of signage), that when they’ve finished using a key, it should be returned to a safe location (e.g. a key cabinet) as soon as possible. Ensure they understand that leaving keys on desks, in drawers, or even in the locks themselves is a security risk.
  • Change access codes on a regular basis, even if you have no change in personnel, as a matter of policy. As part of your policy regarding access, staff should be reminded that codes shouldn’t be written down or shared with anyone outside of the organisation.
  • Change all the locks when moving into new premises. Similarly, if a key is lost then the corresponding lock should be changed as soon as possible.
  • Consider introducing a system of signing in and out keys, with the return of the keys always being required by the close of business.

Relevant suppliers

Special offers on products and services relevant to key security and access control are available to Allianz Commercial policyholders through our preferred supplier scheme.

Key
security

Building
security

Safes and security cabinets

Bollards and
barriers

Additional resources

Getting the standard right

Find information on regulations that you and your business may need to comply with.
A-Z of legislation

Forms and checklists

Some of our templates may be useful when developing security systems.
Browse the range

Ask an expert

Got a risk management issue that you'd like to talk with someone about?
Send us your query
Frequently asked questions
Find answers to some common queries about securing property, vehicles and stock, and protecting people against potential threats.
Search FAQs

Related topics

The management of keys and access codes needs to be considered when assessing the following risk topics:
Arson
Contractors
Cyber threats
Employee fraud and theft
End-of-day checks
Finding and moving into new premises
Fire risk assessment
Intruder alarms
Perimeter and building defences
Safes and strong rooms
Vacant buildings
Vehicles and parts (security)

Useful links for key and access security

Assistance and guidance about managing keys and access codes can be found within these websites:

BSI (The British Standards Institution)
BSIA (British Security Industry Association)
ISO (International Organization for Standardization)
LPCB RedBook Live
LPCB RedBook Live - List of Security Products and System Standards
NSI (National Security Inspectorate)
Police.uk
Police Scotland
RISCAuthority
SIA (Security Industry Authority)
SSAIB (Security Systems and Alarms Inspection Board)

Follow us