1. Purpose
The purpose of this policy is:
- To ensure that only authorised persons have access to those areas of the university that are equipped with an access control system.
- To ensure there is an understanding that any person who is legitimately on University premises may challenge another person over their access status.
- To protect the university’s assets and the people who live and work within it.
- To ensure that the university is protected from the legal implications of a person gaining access to an area of the university that may result in harm to themselves or others (for example areas of high safety or security risk).
2. Scope
This policy applies to all persons who require access to university premises using the electronic access control system.
3. References
- Staffordshire University Academic Conduct Policy
- Staffordshire University Disciplinary Procedure
- Staffordshire University Student Conduct Procedure
4. Responsibilities
Head of Campus Security
- Develop, review and amend this Policy
- Ensure Policy contents are suitably communicated to all users
Campus Security
- Ensure adherence to this Policy
Policy Sponsor
- Assist with development and execution of the Policy
- Assist and support the Policy holder
All system users
- Understand and comply with the Policy
5. Policy Statements
5.1 Introduction
5.1.1 Staffordshire University is a publicly accessible location, with all external areas freely accessible to members of the public. As such, it is necessary to restrict access to university buildings and other defined areas to only those who have a legitimate right and reason to enter.
5.1.2 The university has installed an electronic access control system for the purpose of restricting access to certain buildings and areas. Access to restricted areas is gained using an access control card that is formally issued to those who need them. Access rights data is held on the card and this is individually tailored to the access needs of each individual and/or role. All students, staff, contractors and visitors are therefore required to be in possession of a valid access control card if they are to gain entry to buildings across campus.
5.2 Responsibility
Campus Security have responsibility for managing and controlling all aspects of the access control system. Any changes to the system (for example adding or removing access control points, amending an individual’s access status, changing access control zone definitions etc) must be communicated to and administered by Campus Security. This will ensure an effective level of control is maintained over the system, how it expands, and how it functions to protect the site. The determination of access control zones will be undertaken using a consultative process with relevant stakeholders. The general principle to be used for zoning is to provide access for individuals into as many areas as possible across the university but restricting access into sensitive and high-risk areas. This will ensure the campus remains open, whilst maintaining effective security and providing the capability to remotely lock down buildings as part of a crisis management process.
From a user perspective, all students, staff and contractors/visitors associated with the university have a responsibility to ensure that they use the system correctly.
5.3 Access control cards
5.3.1 The university will issue an access control card to all students, staff, contractors and visitors who are required to gain access to controlled buildings and other areas on campus. General access across the campus will be set up for all staff and students, however the system will be zoned to ensure that, particularly for staff, certain areas will be restricted to only those who are required to enter. For areas that carry specific safety and security risks, access will be tightly restricted and controlled.
5.3.2 Access control cards shall always be carried whilst on university property, except for the case of students when inside their hall of residence or other university-provided accommodation.
5.3.3 When on university property, access control cards must always be visibly worn. Access control cards must not be carried in such a way that they are not visible (for example inside a bag or a pocket).
5.3.4 To facilitate control and adherence to this policy, access control cards must be produced upon polite request to anyone who themselves is in possession of an access control card. This spreads the burden of responsibility for enforcing this policy to the wider university population.
5.3.5 Access control cards may never under any circumstances be given to and/or used by anyone other than the legitimate person to whom the access control card was originally issued. The access control card must always remain in the possession and control of the person to whom it has been issued.
5.3.6 A person to whom an access control card has been issued may never, under any circumstances, use their card to give access to any other person who themselves have not been issued with their own card.
5.3.7 Persons arriving at an access control point without their access control card, may obtain a temporary access card from Campus Security. Such a card will only be issued once Campus Security are satisfied that the person in question has a legitimate and authorised need to access the area in question, and have the ultimate right to refuse the issuing of such a card.
5.3.8 Lost access control cards must be reported to Campus Security as soon as the owner has knowledge of the loss, so that the card may be remotely de-activated. Time should not be spent by the card owner to look for the card or investigate its disappearance prior to reporting its loss.
5.4 Replacement of lost or stolen access control cards
The cost of replacing Security Access Control Cards for reasons other than normal wear and tear or change in data, may be borne by the respective card holder or contracting company at a cost as determined by the university. Due account will be taken of the circumstances leading to the loss to ensure a fair and balanced approach is taken.
5.5 Surrendering of access control cards
5.5.1 Access control cards are non-transferable and remain the property of the university. The onus is on the card holder to ensure that the card is returned to Campus Security upon departure. For staff, the card holder’s line manager should assist with the card return process.
5.5.2 In the case of cards issued to contractors and visitors, the cards will expire at the end of the contract/visit or at a time as defined by the issuer of the card.
5.5.3 Access cards that have been issued to staff (temporary or permanent) and students must be returned to Campus Security when:
- The staff member’s employment ceases for whatever reason, or
- The student is no longer required to have access to the university; note that access to certain areas of the university will be permitted for a period of time to students who have finished their studies, and to alumni.
5.6 Granting and revoking access rights
The granting and revoking of access rights lies with those departments in the university who have been granted the ability and permission to issue access control cards, following consultation with the Campus Security department. Access rights may be revoked (and re-instated) for several reasons, some of which are noted below (note this is not an exhaustive list):
- Suspension of the card holder following a formal disciplinary process.
- Card found or lost (i.e. known to not be in the possession of the owner).
- Card owner refuses to wear or present their card whilst on university premises upon reasonable and polite request, by a person authorised to do so under this Policy.
- Adverse information or intelligence of a criminal nature becomes available about a card owner. Note that this will more likely be applicable to cards issued to contractors and visitors.
5.7 GDPR
5.7.1 Data generated from access card use across campus will be collated and securely stored. Transaction data will be deleted from the system after 4 months.
5.7.2 View access to transaction data is restricted to Staffordshire University Campus Security personnel and certain Digital Services staff members. Information may be provided to the police upon formal request, if required for legitimate purposes.
5.7.3 In general, transactional data will not be viewed and is not routinely analysed. It may occasionally be necessary to view this data to ascertain the identity of an individual who has used a specific access point. Such occasions will only be where there is a legitimate need, for example to support disciplinary or misconduct proceedings.
5.8 Transgressions of this policy
The university reserves the right to take appropriate action against individuals who transgress this Policy. Actions available are as defined in the Staffordshire University Code of Conduct Policy, Disciplinary Procedure and Student Conduct Procedure.
5.9 Acceptance of this policy
Acceptance of this policy is a condition of access to the areas secured by the access control system for whatever purpose.