Key control


Key Control refers to various methods for making sure that certain keys are only used by authorized people. This is especially important for master key systems with many users.
A system of key control includes strategies for keeping track of which keys are carried by which people, as well as strategies to prevent people from giving away copies of the keys to unauthorized users. The former may be as simple as assigning someone the job of keeping an up-to-date list on paper. A more complex system may require signatures and/or a monetary deposit.

Levels

Preventing unauthorized copies typically falls into one of the following five levels.
It is worth noting that none of these levels can protect against a user who loans a key to someone else and then falsely claims that the key was lost. Additional methods of key control include mechanical or electronic means.

Systems

Mechanical systems use a plastic peg that is attached to the key. This peg is securely locked into a numbered port and can’t be removed without an access peg. When someone authorized wants a key, they insert their personalized access peg into the port next to the key they want to remove. Then they rotate their access peg to the left while pulling out the key they want to remove. Their access peg can’t be removed until they return the key they removed to the same port they took it from and then they rotate their access peg to the right and then pull it out. When they remove their access peg it locks the keys back in the cabinet. If someone wants the key they removed during the time it is gone, they’ll know who has it because their access peg has their name on it.
Electronic systems also assign a key to a small device with a microchip that is inserted into a reader inserted into a cabinet. When an authorized user requests and removes a key it records that it was taken and when it was returned. It always lets others know who has the key when others request it. Essentially, it lets management know who took the key, when they took the key, how long they had the key and when they returned the key. There will always be a complete audit trail of every key that was used and anyone who used them.