Re: Electronic card access/facilities

[Steve Brukbacher <sab2 () UWM EDU>]

Our office helped design the implementation of an enterprise door
control and IP based surveillance systems in partnership with our police
and physical plant staff.

Basically we have area representatives that are designated "access
authorizers"  These are organized by department and physical area as
necessary.  They have a form that they fill out to get a card issued to
a person.  They have to get the correct signatures for us to proceed
including their supervisor or department head.  Then someone from our
office produces the credentials for them.

In other areas, a designated staff member is granted limited access to
the system to add/remove credentials for their staff for their doors,
provided they ensure proper signature authority and are trained by
campus police in maintaining controls.

I have some sample forms if you are interested.

We took great pains to ensure they know to get the card back or get it
disabled when the employee leaves.  It is ultimately the authorizers job
to let us know, but we keep an eye out for this as well.

--
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Coordinator
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224



Garcia, Gisela A wrote:
> Some of our IT Security staff is responsible for the CSGOLD system that
> manages card readers which provide physical access to buildings and
> classrooms all over the campus.  Can anyone share policies/practices
> used by higher ed institutions that establish a custodian-type
> role/responsibilities for granting/controlling/monitoring/removing
> access privileges to facilities on campus?   Any help would be most
> appreciated.
>
>
>
> Gisela Garcia
>
> Project Manager
>
>
>
> IT Security
>
> University of Miami