POL-U5710.01 Managing Access to University Facilities

The Vice President for Business and Financial Affairs (VP for BFA) will ensure physical access processes:

1. Are implemented and maintained,
2. Are compliant with other University policies, and
3. Minimize risk to the campus community and its property.

The VP for BFA appoints members of the Campus Access Control Committee (CACC) and approves its charter.

The CACC is a standing committee with the responsibility to:

1. Designate Access Control Administrators (ACA) for campus spaces,
2. Develop and maintain standards, procedures, and guidelines in response to policy objectives,
3. Advise vice presidents on access control issues within their divisions,
4. Advise ACAs in the development of processes for requesting and granting access devices within their areas of responsibility; and
5. Interpret this policy to resolve individual disputes and address questions pertaining to access control.

ACAs designate Area Access Managers (AAM) for areas and spaces assigned by the CACC. The specific process for requesting, and the criteria used for granting access and access devices, is defined by the ACA in accordance with campus guiding documents and divisional guidance. The following underlying principles apply:

1. Employment status does not imply automatic authorization for access,
2. Access is granted at the lowest level of need, and
3. Granting access is to always favor safety and security of persons and property over the convenience of the requester.

AAMs may only grant access privileges within the parameters established by an ACA, and only for the areas assigned by the ACA.

Guiding documents are an extension of this policy. The CAAC, ACAs, AAMs, and Authorized Individuals are required to follow approved guidelines in order to effectively manage access to University facilities. Guiding documents will include, but are not limited to:

1. Standards, procedures and guidelines for Issuing Access Devices - Describes levels of access and criteria for granting access privileges and access devices to authorized individuals.
2. Identification of ACAs and AAMs and departmental responsibilities for access control.
3. Access Control Measures - Describes risk and vulnerability considerations when determining the preventive and detective measures that will be used by the University for access to areas on campus.

1. During scheduled hours, academic and administrative buildings and spaces are open for general use by employees, students, and the public for educational, work related, and special event purposes.
2. Outside scheduled hours, access is restricted to authorized individuals. Sponsored guests must be accompanied at all times by an authorized individual.
3. During all hours:
   1. Access to certain University areas is limited to authorized individuals only. For example:
      1. Operational facilities and spaces (e.g. steam plant and mechanical rooms).
      2. Higher-risk facilities and spaces (e.g. laboratories, hazardous materials storage areas, and performance venues).
   2. Access to residential facilities is limited to authorized:
      1. Students,
      2. Guests of students,
      3. Employees,
      4. Visitors (e.g. pre-authorized conference attendees), and
      5. Contractors.

In addition to employees and students, guests, contractors and visitors on University property are expected to comply with all University policy and state and federal regulations related to:

1. Access to and use of University buildings and spaces, and
2. Appropriate conduct as described in WAC 516-24.

1. Access devices and privileges are assigned to authorized individuals on a temporary basis only,
2. Authorized individuals must sign for the access device, indicating they understand and will comply with individual rules and responsibilities for access devices,
3. Supervisors of authorized individuals must ensure access devices are promptly returned or relinquished to the original issuer:
   1. When no longer needed for any reason,
   2. Before departing the University or transferring to another department, or
   3. Upon request for any reason at any time by an Executive Officer, Access Control Administrator, Area Access Manager, Supervisor, or Director of Public Safety
4. Failure to return access devices by an authorized individual may result in one or more of the following:
   1. Administrative action by the University, up to and including legal action, and/or,
   2. Assessment of charges for expenses incurred by the University to return access control to the same level that it was before it was compromised by the individual’s failure to return the access device.
5. Lost, stolen, or damaged access devices shall be reported immediately to the:
   1. Appropriate Access Control Administrator,
   2. Area Access Manager, and
   3. University Police Department.

The Reporting Loss of University Funds or Property (POL-U5315.25) policy is to be followed when any known or suspected loss results in the unauthorized taking of University (public or non-public funds or property or other illegal activity.

Authorized individuals who are assigned an access device are prohibited from:

1. Loaning access devices to others,
2. Transferring access devices to others,
3. Duplicating access devices,
4. Altering access devices or access control mechanisms,
5. Damaging, tampering, or vandalizing any university access control mechanism,
6. Propping locked doors open, and
7. Admitting unauthorized individual(s) into an access controlled space.

The Director of Public Safety may independently conduct periodic audits of issued access control devices or may request that Area Control Administrators and Area Access Managers conduct audits of the area(s) for which they have oversight.