Policy and Procedures for Electronically Secured Buildings

Recommendations of the CACS Policy Committee




To provide policy and procedures for gaining appropriate access to electronically secured buildings by authorized individuals; to enhance personal safety for all members of the University community; to protect the moveable physical assets of the university; and to facilitate timely access in case of emergency.


General Policy:


1.  Certain university buildings are secured by an electronic campus access control system (CACS).  Access to those buildings is granted through a security code that is programmed on the individual’s TigerCard or on a generic Loaner Card.  Persons having a valid reason to enter CACS buildings when they are locked will be granted a clearance code.  Most dormitories are generally locked at all times but other buildings are locked only after normal working hours.  Normal working hours are generally defined as 8:30 AM through 5:30 PM, although each building may have more customized hours depending on its particular needs.


2.  Access to areas with higher security protection levels (SPL) requires approval from the department that owns the space and may require special training.


3.  The “safety” clearance code granting access to all doors except high security areas is intended solely for those personnel who must access numerous rooms or buildings for safety reasons.  The following roles will be granted the “safety” clearance code if a need is demonstrated:

  a. The Department of Public Safety Officers

  b. The Emergency Preparedness Task Force

c. Selected Environmental Health and Safety staff

d. The Alarm/Lock Shop who service the alarms


This clearance must be renewed on an annual basis.


4. Department Access Facilitators will be appointed by the VP of each department (Facilities, OIT, etc) with employees who provide critical services (repair the plumbing, electricity, heating, air conditioning, fire protection systems, etc.) and who are not assigned to any specific building location but rather move from location to location.  These employees will be granted access to all building exterior doors except for the Art Museum and Firestone Library.  Exterior doors are limited to those providing direct access to the building proper.  The exterior door clearance must be renewed on an annual basis.


5. A Building Access Coordinator will be appointed by every chair/head of a department housed in a building having an electronic access control system. Where there are multiple departments sharing a building, the departments will work together to accommodate their shared interests.  Branch libraries are “owned” by the Library and authorization for granting clearance must come from them.


6. The CACS system is a technological alternative to the traditional lock and key system. Use of a mechanical key, rather than a card with a chip, produces a false “forced entry” alarm and creates a nuisance alarm for monitoring purposes. Consequently, once a building is electronically secured and has passed the transition phase, the key core on all CACS doors will be replaced by a new core to guarantee that existing keys will no longer be used. The backup mechanical key will be maintained by the Department of Public Safety as a precaution in the event of an extended outage due to a power or panel failure. Upon request, the TigerCard Office will issue a backup mechanical key which is building specific to any department that can demonstrate a compelling need. The backup key is intended for use only during a power or panel failure and not for routine building access. Any department requesting a backup mechanical key is responsible for that key and is required to pay the re-coring costs if the key is lost. Possession of the key will be reaffirmed on an annual basis .


Security Policy:


1.  Security features of the Campus Access Control System (CACS) (example: alarms, horns, general lockdown) cannot be disarmed without the approval of the Department of Public Safety.


2. Building interior spaces equipped with card access and designated SPL 2 must be locked at all times.  Requests for exceptions must be approved in writing by the department chair and the Department of Public Safety.


3.  Disabling or propping open electronically secured doors provides a threat to personal safety and a risk to property and is against University policy.


4.  Loaner Cards are generic cards carrying an access clearance but not associated with a specific individual.  Department Access Facilitators and Building Access Coordinators requesting Loaner Cards must provide for their strict control.  In addition, regular reconciliations of the cards must be performed to ensure that the whereabouts of the card is known.  Active Loaner Cards will expire yearly. 


5.  TigerCards and Loaner Cards are non transferable.  It is the responsibility of every cardholder to report a lost or stolen card immediately to the TigerCard Office during working hours and to the Department of Public Safety after hours.


6.  Anyone possessing or using a TigerCard or Loaner Card without authorization will be subject to disciplinary action from the University, and/or criminal charges where appropriate.



General Procedures:



  1.  Department Access Facilitators and Building Access Coordinators will be responsible for working with the access control manager in the TigerCard Office to design and assign clearance codes which serve the needs of the department and fit within the CACS General and Security Policy.  In addition, the Building Access Coordinator and his/her pre-approved delegates will schedule building open hours, and authorize building “unlockings” for special events.


2.  The Tigercard Office is responsible for programming clearance codes and special events as well as issuing clearances in accordance with the policy and procedures defined in this document.  The TigerCard Office will only respond to requests from Department Access Facilitators and Building Access Coordinators or their pre-approved delegates.


3.  The TigerCard Office requires that Building Access Coordinators and Department Access Facilitators send a list of names, PUIDs, and authorized clearances codes before issuing a clearance code, with the following exception:

  1. All permanent or term employees working in an electronically accessed building will be given access to the exterior doors of that building if requested in advance by the Building Access Coordinator.


  4.   Building Access Coordinators or pre-approved delegates requesting the TigerCard Office to program a special event or issue a clearance code should:

  1. Make requests in writing,
  2. Expect that requests may take up to 24 hours to be programmed during the work week although an effort will be made to handle requests as soon as they are received.


5.  Each Department Access Facilitator or Building Access Coordinator may request Loaner Cards from the TigerCard Office.  The access coordinator will be responsible for checking those cards out and getting them back.  A fee will be assessed on all replacement cards.  The TigerCard Office will activate/deactivate the cards and program the clearance codes for Loaner Cards “on demand” as well as offering “active” cards programmed with the exterior doors only; however, any department requesting “active” cards will be expected to comply with control procedures which mirror those  the Lock Shop has for keys. 


6.  An access coordinator may take responsibility for programming his/her own department’s special events on a desktop computer if appropriate security measures are taken to ensure the computer is not open to the public.


7.  The TigerCard Office will accept authorization for unlocking exterior doors for a University sponsored event if authorized by the Department of Public Safety since the Department of Public Safety is the primary contact. 


8.  An appeals process will be implemented to hear requests by individuals who have been refused the access they feel they need.  The appeal must be in writing and sent to the TigerCard Office.  The Building Access Coordinator and Department Access Facilitator refusing access will be included the process.


Procedures for University staff who are not affiliated with the department(s) occupying the building:


1.  University staff working in other departments’ buildings (Facilities Shops, Building Services, Dining Service employees, OIT, etc.) will be granted access to those buildings where they are actually working by their Department Access Facilitator (rather than the Building Access Coordinator). The Department Access Facilitator must send a written request to the TigerCard office authorizing access to the building.  The access must be renewed at the beginning of each academic year.  However, if the need for access is only temporary, see 2 below as an alternative.


2.  In cases where there is a short term need to access a building, Loaner Cards will be issued to a Department Access Facilitator who will be responsible for those cards.


3.  Certain non-University subcontractors have an ongoing need to access University facilities.  In such cases, the head of the unit that contracts for those services will act in the “access facilitator” role described above and will accept responsibility for granting access and controlling the Loaner Cards.



Student Procedures:



1.  The Housing Department will act as the access coordinator for all dormitories and residential colleges to ensure consistency.


2.  Dormitories will generally be locked at all times owing to the residential nature of the buildings with the exception of the following:


  1. Dormitories having administrative offices which cannot be isolated from the living  space,
  2. Move-in and move-out periods which are designated by Housing,
  3. Specific entry ways where Jewish Orthodox students are living are unlocked for a part of the Jewish Sabbath and holy days.


3.  All undergraduate and graduate students will be granted access to all dormitories, the Graduate College, and to any appropriate rooms designated for their general use.


4.  All residents of a residential college or dormitory will be granted access to private areas restricted for their use only.



Privacy Policy


Below is a proposed privacy policy that describes the conditions and circumstances under which the University may use C-Cure access records.  This policy would be distributed to all cardholders in order to give them notice of all such potential uses:

The CACS system records entry data such that it is possible to identify the times and dates that a card has been used to enter certain buildings on campus.  In the interest of protecting the privacy of card holders, access to CACS data shall be restricted in accordance with the University’s Information Security Policy*, and such data shall be used only for the following purposes:


1.      To administer and evaluate the CACS system;  

2.      To investigate breaches of building security, serious violations of University policy, and crimes; and

3.      To respond to security alerts and to address other emergencies.


University personnel authorized to access CACS data for these purposes are required to protect the confidentiality of such data.  Moreover, except in emergencies, such personnel shall not use CACS data to investigate the whereabouts of a specific individual without the prior approval of the appropriate Information Guardian as defined under the Information Security Policy.**  


In the event the University is served with a properly issued subpoena or court order compelling the disclosure of CACS data, the University will make reasonable efforts to give advance notice to the relevant cardholder(s), provided that such notice is practicable and permitted under the law.





                                                                               Approved January 28th, 2005

                                                                                   Amended March 3, 2005


* The University’s Information Security Policy (effective May 21, 2004) is available at: http://www.princeton.edu/~protect/PoliciesAndGuidelines/InfoSecPolicy05-21-2004.pdf


** As listed in Appendix C of the Information Security Policy (above), Information Guardians are Deans, Directors, Vice Presidents and other senior administrative officers (or their designees).