Date Created:  November 8, 2023                             Last Updated: June 20, 2024

Overview: The security of university owned buildings where students live presents moderate/high operational risks for Student & Campus Life that require due diligence to mitigate the risks in avoidance of physical or psychological harm to property or individuals that could result in expenses or reputational harm to the university.

Criticality: Moderate/High

Frequency: Daily

Turnaround:

  • House Manager/Officers: Oversee and manage membership and housing expectations and requirements, attend required trainings, and report behaviors that have a risk for physical or psychological harm to themselves or others. Advocate for oneself to facilitate accommodations related to access, when needed.
  • Co-Op Director/Housing Staff: Collaborate with emergency response personnel and campus partners to provide healthy and safe living environments where residents and their visitors are held accountable for behaviors that violate housing contracts, the Campus Code of Conduct, or key agreements. Maintain housing and membership rosters that identify house residents. Manage user access to systems that store housing and membership rosters. Support Facilities in the collection of funds necessitated by damages to or access breaches at university owned properties. Support the Office of Student Conduct and Community Standards in holding organizations and student’s accountability for sanction completion. Support students working with Student and Disability Services to secure accommodations to safely ensure their access to university owned housing.
  • Facilities Staff: Manage building access and property management through coordination with Fire Marshall, CUPD, EHS, and Student Disability Services for health and safety needs. Coordinate accessibility accommodations as needed. Manage user access to systems that store key and card access (Note: the Co-Ops do not have camera systems. Provide information and training to occupants around access management and security process and policy. Review keys and the forms within 10 days of opening and closing. Conduct monthly audits of keys and documentation during the summer months.
  • Cornell Health/Student Disability Services: Collaborate with and support student to provide reasonable accommodations related to personal safety.
  • Cornell University Police Department: Respond and serve as lead command during incidents where safety of individuals and/or property are deemed to be at risk. Report and investigate serious behavioral incidents to appropriate authorities.
  • AccessIT!
  • Key Management System (KMS)
  • StarRez
  • Campus Kaizen Guardian
  • Salesforce
  • RIC check in system
  1. House Managers determine a date that they will relieve the summer House Manager(s) of their duties. The Co-Op Director will be notified of this date 2 weeks beforehand. Administrative key forms are confirmed with Facilities within 10 days before transitioning to new leadership. Administrative keys (A,B,C) are passed-down from one generation of Officers to the next.
  2. Individual room keys are entered into the online check-in/check-out system by one of the House Officers. (Note: There are different officer positions at different CoOps, most have a house manager position but not all of them. The more general use of House Officer is preferred since it covers all positions. Key possession is certified by House Manager or Officer during check-in and check-out
  3. All keys are stored in the CoOp lock block or box, in compliance with policy 8.4.
  4. SCL Facilities updates internal spreadsheet stored on secure server; accessible to Key Coordinator and Card Coordinator +2 backups.
  5. Individual student notifies Student Disability Services (SDS) of accommodation needs; SDS works with individual to provide reasonable accommodations.
  6. Coops are not allowed to have registered events in their houses. They may have outdoor events or events at other locations, but nothing that interacts with security for the facility.
  7. Unassigned keys are stored in Co-Op Key Box. The Co-Op master key is stored in the Co-Op block.
  8. House Officers check/verify key inventory once at beginning and once at end of each term/semester Coops operate 365, so there is a check at the 3 transition points between sessions (fall semester, spring semester, summer session)
  9. Facilities Manager reviews the keys and the forms within 10 days of each session.
  10. Facilities Manager reviews the keys and the forms monthly during the summer period.
  11. Audit is logged in undisclosed tracking system.
  12. Individuals who lose, do not return, or give their key to another student may be fined and may be referred to the Office of Student Conduct and Community Standards for a violation of the Campus Code of Conduct. In some cases, the Co-Op members may decide to socialize the costs or replacement keying.
  13. House Officer immediately notifies Facilities Manager and Co-Op Director of lost, not returned, or keys given to another individual.
  14. Damaged keys are given to SCL Facilities Manager, who facilitates lock maintenance or recore and replacement key.
  15. When a housing contract expires, the House Officers/Manager certify that their key has been returned and the student vacates the property. Key is stored in Co-Op lock box.
  16. When a student takes a leave of absence from the university, the leave is processed through the University Registrar with a notification made by Student & Disability Services/Co-Op Director sent from Salesforce to the Housing Contracts Office. During the check-out process, the student returns key to House Officers/Manager. Key is stored in Co-Op lock box.
  17. All keys are stored in secure location, behind two locks.
  18. SCL Facilities manages building security systems (locks, windows, doors, sprinkler systems and security systems) through regular maintenance checks.
  19. House Officers are educated about security policies at least once per session (Fall, Spring, Summer) They are then responsible to educate the other residents at the same rate of minimum 3 times per year.
  20. Facilities routinely checks security of property and facilitates the necessary repairs.
  21. House residents plus their families and visitors report emergencies to 911 or CUPD; they may report non-emergency concerns through Campus Kaizen Guardian (including insect and wildlife nuisances.)

Key Risks

Key Controls

Co-Op officers manage their own budgets and spending priority is based on interests of the individual house. Securing properties is costly and often is not prioritized over maintenance and repairs.

Facilities provides guidance to House Officers around property management decisions and assists them by processing the financial transactions. Note: as with life safety systems, Co-Ops have the discretion to mandate some items such as security spending within reason, but professional staff will not prioritize security over health and safety. Limited funding is always the issue.

Deprovisioning of applications that store building access, key and card management, and housing assignments is unclear.

High risk systems that are owned by SCL are audited and accounts are routinely deprovisioned. (AccessIT! is managed outside of SCL and it is not known who owns and manages the KMS accounts.)

Key access during breaks or for exceptions (i.e., shabbat students) is managed by the House Officers and is not documented in written procedures.

Facilities conducts audit of temp badges for card access to SCL owned buildings but some scenarios involving key loans are not covered in audit.

Autonomy of Co-Op officers may result in gaps in storage, transitioning from one group of leaders to the next, and documentation of keys.

Key check in/out happens in RIC which populates to StarRez. New Keys are given the building as a storage location in KMS.  Contractor and staff keys are tracked in KMS

It is widely believed that students prop doors open, share card access, and enter with visitors who do not have credentials checked.

This is a challenging human behavioral issue that does not have a key control in place.

Visitors who are not affiliated with Cornell are not subject to compliance with the Campus Code of Conduct.

Violations of the Campus Code of Conduct are managed through the Office of Student Conduct and Community Standards, and when appropriate violations are referred to local, state, and federal authorities for action.

  • Co-Op: Co-Operative House
  • KMS: Key Management System
  • SDS: Student Disability Services
  • SCL: Student & Campus Life

Process Flow Chart is forthcoming.

Date: July 30, 2024
Name of process being tested:Building Security - University Owned Co-Ops


Staff observed for process:
Staff Name/TitlePeter Warner, Facilities Manager
Staff Name/Title
Staff Name/Title


Control Points:
Confirm all key control points are being followedThose that are documented are being followed
Are there workarounds being used in lieu of documented process?• Students are currently granted autonomy in key management, including passing along to leadership as they transition out of the living environment


Observations:
Identify/list  any deviations to established process in narratives:·Flow chart documentation not completed/submitted

·Noncompliance with University Policy 8.4, related to key storage


Recommendations:
Recommendation for improvements to process:1. Implement comprehensive key audits by Co-Op leadership with review/validation by Facilities Manager (master key, sequence key, closet key, and key box key) 

2.  Consolidate key pickup and return into Service Centers each semester for sequence key set (sequence key, closet key and key box key) with individual bedroom keys return/pick up local in co-op

3. Track data for key replacement through Maximo

4. Transfer keys (sequence key set) to barrel so that they cannot be removed from the ring or copied

5.  Visit each Co-Op and ensure that keys are stored appropriately behind two locks and mounted to the wall


Action Plan:
Assign responsibilities and deadlines for implementing recommendations.·Complete site visits during one designated week to be complete by 12/1/24 (Peter Warner and Dee Zajac)

· Adjust key storage to assure security and compliance with university policy (Peter Warner)

• Implement comprehensive key audit by beginning of Summer semester 2025 (Peter Warner)

• Officer enter key identification # in Star Rez for individual bedroom keys, at check in (Peter to oversee with Officers)

• Make sequence key sets available to Officers. No more than 3 sets to be provided.

·Submit edits to existing documentation and submit process flow chart (Peter Warner) to be added to ICP website (Dee Zajac)

·Coordinate with Brandi Smith Berger and Daniel Richter to consolidate sequence key set pickup/return (Peter Warner)
Plan for addressing any issues or deficiencies identified during the audit.See action plan.


Wrap-up
Schedule follow-up audit to monitor implementation of recommendations and track progress.10/8/24: Next Steps meeting with Peter Warner and Julie Paige.

December 2024: Check-in after site visits
Provide a pass/fail assessment of process complianceFail


Note all source documents used for testing here:https://confluence.cornell.edu/display/SCLIC/University+Owned+Co-Ops+Building+Access+Security
  • No labels