Skip to main content

Electronic Access Control System

New Version of Enterprise Access Control System

The UC San Diego Police Department recently upgraded its access control system from C•CURE 9000 version 2.7 to 2.9. Download C•CURE 9000 Version 2.9

C•CURE 9000 Web Client lets you manage personnel, create reports, display dynamic views and monitor system activity anywhere in the world from your PC’s web browser. You must be connected via VPN to access C•CURE 9000 Web Client and use your AD credentials (e.g., AD\username) to login. See How to Connect to C•CURE Web Client (PDF)

All users MUST connect to the C•CURE VPN Pool to access the C•CURE application or Web Client. See Quick Guide to Connecting to the C•CURE VPN Pool (PDF)

Online training is available for new users through Software House. See their training website for Single Topic Web Modules or Operator Course (2 day).

Purpose and Scope

Effective physical and electronic security is essential in providing secure access, protecting people and assets, and mitigating natural or human threats or hazards. The scope of the keyless access upgrade project is to provide increased security and public safety by deploying electronic access controls, door status monitoring/security systems and rekeying the perimeter access points of university buildings.

The UC San Diego Police Department (UCPD), Environment, Health & Safety, and Facilities Management seek to maintain a safe campus environment for students, faculty, staff and visitors. These departments work collaboratively with community members to meet university access requirements for keys and electronic access control systems and to promptly address unauthorized use of devices to gain entry to university facilities and/or failure of individuals to safeguard keys at all times.

Depending on building or facility design and layout, access points will operate in the following manner:

  1. Designated entry doors will be locked and unlocked electronically, according to a predetermined schedule and will be accessible by card reader and/or PIN entry after hours and on weekends. In some cases, card reader and/or PIN entry may be required at all times for access to secure spaces, such as laboratories, storage locations, and other designated locations that require higher levels of security.
  2. Secondary perimeter doors will be locked and unlocked according to a schedule but will not be equipped with card readers.
  3. Egress only doors will remain secured at all times. These doors may also be equipped with a local sounder or piezo device that will alarm when they are propped or left open.
  4. All perimeter doors will be equipped with door status contacts and dog-down devices will be removed after rekeying.

After-hours building access is granted by presenting valid access credentials and/or PIN to create an audit trail. Building entrance doors will be rekeyed off building master keys to reduce the liability of lost or stolen keys. Emergency override keys will be issued to authorized building emergency responders only. Designated entry doors will be locked and unlocked electronically, according to established schedules.

Electronic Access Control Benefits

An electronic access control system:
  • Allows faculty, students, and staff to access buildings without mechanical keys
  • Facilitates easy addition/removal of access to multiple buildings
  • Reduces extended liability of stolen or lost building entrance keys
  • Establishes an audit trail to document activity at each door
  • Easy adjustment of perimeter door lock and unlock schedules
  • Notifies campus police and departments if entry doors are forced open, held open, or malfunctioning
  • Allows remote locking of perimeter doors on a building or group of buildings in the event of an emergency or active threat situation

UC San Diego’s enterprise-wide electronic access control system consists of an access control database and redundant, failover servers located in the ITS Data Center; access control hardware (card readers) installed in individual buildings; and individual departments will manage card/fob/PIN distribution. The centrally administered system allows the enterprise system administrators to grant system rights to Administrative Authorities as needed. Departments only have system administrator rights for buildings or areas for which the department has responsibility.

Administrative Authority Responsibilities

  1. Department Administrative Authorities, working in conjunction with the facility supervisors, are responsible to designate two individuals facility or department areas to act as primary and secondary Department Access Coordinators (DAC). Departments may assign additional DACs, depending on their specific requirements.
  2. The Administrative Authority may serve as the primary DAC, or delegate other individuals in the building to serve as primary or secondary DACs. The DAC will work with the Designated Security Integrator in maintaining the department’s access control and physical security systems program. Failure to designate a back-up DAC could delay processing of access transactions when the primary DAC is unavailable.
  3. Departments are responsible for controlling electronic card reader and/or PIN access to building entry and perimeter doors and to all areas assigned to, or under, the department’s control and responsibility.
  4. The department authorizing access for an individual is responsible for removing, returning, or revoking the access as required. This includes any metal keys or electronic access devices issued to allow access to department controlled areas. (See PPM 530-6 University Key Control)
  5. Keyless access installed on exterior building doors: Departments are responsible for all costs related to exterior door keyless access component installation, repair, and replacement in those areas where:
    1. Existing keyless access is not already in place and they have identified a departmental need or requirement
    2. Replacing standalone keyless entry systems that are not already integrated or capable of integrating with the existing enterprise-wide access control system
    3. State, federal, or university policies and/or regulations require keyless or enhanced access control to a building or area
  6. Keyless access installed on interior building doors: Departments are responsible for all costs related to interior door keyless access component installation, repair, and replacement. This includes any interior door keyless access installations performed after the original building construction.

Department Access Coordinator Responsibilities

Department Access Coordinators (DAC) are responsible for:
  1. Managing electronic card reader and/or PIN access to building entry and perimeter doors and other card access areas under the department’s control
  2. Granting or removing card reader authorization for user access to building entrances and other areas under the department’s control, including granting and removing access for new employees, departmentally sponsored visitors, retiring employees, terminated employees, and rotating student access as required
  3. Routinely contacting the Designated Security Integrator to re-authorize individual card-reader access users, based on the level of access and security required (The DAC should authorize the minimal level of access required for an individual to perform their assigned duties or responsibilities.)
  4. Terminating any means of electronic access to building perimeters or other university areas under their control when the user or employee leaves the department or university
  5. Maintaining accurate records for individuals who have been granted electronic access to building perimeter doors and all other areas under the department’s control
  6. Maintaining the electronic access control system and supported software documentation

Authorized Electronic Access Control System Integrator Responsibilities

Programming

  1. The Authorized Electronic Access Control System Integrator, herein referred to as Integrator, shall program all devices in accordance with the nomenclature and standards provided by the UCPD to ensure they are consistent with existing devices in the enterprise electronic access control system.
  2. Before the installation and activation of any IP addressable device for the electronic access control system, the Integrator shall provide:
    1. Hardware MAC address of IP addressable devices
    2. Make and model of the devices to be installed
    3. Building room number where the hardware will be installed
    4. Completed Electronic Access Control System
      1. Questionnaire
      2. Site Survey

The DAC and UC San Diego Police will coordinate the registration and firewall rule implementation of devices.

Startup and Commissioning

  1. The Integrator shall test each electronic access control system device in the presence of the DAC. Testing shall include placing the door in the controlled mode, using a valid card and/or PIN to release the door, using the request-to-exit device (if installed) to release the door, and placing the door back in the unlocked state.
  2. The Integrator shall test each door alarm function, including door forced open, door held open, device tamper, AC-power loss, and low battery.
  3. The Integrator shall conduct a test to verify that the local card reader and/or PIN device authorized user database and door schedule is stored locally on the card reader and panel to ensure functionality in the event of network loss or connectivity to the electronic access control system server.
  4. The Integrator shall conduct a test to ensure that the door is either in a “Fail Safe” (unlocked) or “Fail Secure” (locked) state, as appropriately identified by the DAC and UCPD, upon loss of power to the panel and/or card reader. If uninterrupted access is required for the building, area, or room, coordination for a UPS backup or power-generator outlet shall be included in the scope of work as needed.
  5. The DAC and UCPD will conduct field audits for installations to verify adherence to these design standards, including appropriate wiring practices for the devices.
  6. The electronic access control system warranty shall begin upon completion of the field audit and university acceptance of the installation.
  7. In coordination with the DAC and UCPD, the Integrator shall coordinate the installation of system software to preauthorized departmental DAC workstations.
  8. The Integrator shall:
    1. Provide a minimum of four hours of onsite training in coordination with the department designated DACs.
    2. Troubleshoot and resolve device-related problems.
    3. Coordinate and automate the notification of device-related problems to the DACs.
    4. Perform firmware upgrades as required

UC Police Department Responsibilities

The UCPD Physical Security Program designee will:
  1. Ensure that the electronic access control system server is online and functioning.
  2. Validate the redundant, failover system server is functioning and tested quarterly.
  3. Request and ensure proper backup and system firewall templates are applied and maintained.
  4. Maintain system records, including purging transactions every 12 months to maintain system performance.
  5. Coordinate system-related activities between the Integrator, ITS, and DACs as appropriate to ensure successful device installation.
  6. Troubleshoot and resolve system-related problems.
  7. Actively audit system account management.
  8. Document and submit change management requests for proper approval as required for any change that may affect system-wide end users and departments.
  9. Schedule and perform system-level housekeeping and audit activities to ensure optimal system operation.
  10. Coordinate and confirm system Backups.
  11. Request firewall configuration for devices, authorized DAC workstations, and integration with Milestone XProtect Video Management System as necessary.
  12. Coordinate and automate the notification of system-related problems to the DACs.
  13. Install security patches, upgrade software packages, and update the system configuration to meet university and industry best practices.
  14. Maintain operating system and supported software documentation.

Service

Client

UCPD

Maintain client/user contact information

X

 

Maintain DAC contact information

 

X

Approve all hardware and software installation

X

X

Coordinate with Integrators to resolve device problems

X

 

Coordinate with Integrators to resolve system problems

 

X

Propose hardware/software configuration and installation standards

 

X

Electronic Access Control System Workflow

Click image to view larger a version.

Electronic Access Control System Workflow

Access Control – Best Practices

Pedestrian Traffic

Direct building occupants to enter and exit the facility through an established main access point. This decreases the likelihood that side doors or fire exits will be left ajar.

Staffing the main entry point with trained personnel provides good customer service and provides a deterrent for unauthorized individuals; staff can direct visitors and couriers as needed and challenge strangers who may have no business there.

Key Card Control

Departments will no longer issue physical keys to staff for entry into the main facility. The electronic access control system tracks and authenticates authorized individuals. If physical keys have been issued, a list of key holders should be available as well as policies that clearly define how the keys should be used, expectations on physically securing them and administrative standards and actions should authorized users fail to comply with policies and procedures.

A Department Access Coordinator or building representative authorized by their vice chancellor, or the vice chancellor’s designee, must approve access to any building, facility or business. The Department Access Coordinator should provide proper documentation with the appropriate signatures to the UCPD dispatch center. If you have any changes or require updates, please notify us as soon as possible so we can update in a timely manner.

Door Props

Every individual is responsible for ensuring that all doors are closed securely at all times. No exceptions.

Any object that could limit or stop the door from closing securely should be removed from the area surrounding the door. Any individual who observes a door being propped open by an object should immediately remove the object and notify their supervisor. Propping open a door allows unauthorized individuals to enter the facility and can result in recurring maintenance costs by altering the function of the door and access control mechanisms.

Audit

The Department Access Coordinator can configure the system to generate an alert when doors are not closed securely or within a predetermined time limit (e.g., longer than 45 seconds). A daily review, or audit, of these “door prop” records can help to identify problem areas, which the coordinator can then report to responsible department managers. Using this information, managers can inform their staff of ongoing issues and address actions that may be allowing unauthorized individuals to enter the facility.

Access control policy violations include:

  • Loaning keys/cards
  • Transferring or duplicating keys/card information without authorization
  • Altering keys, locks or mechanisms, installation of padlocks on university spaces without consent from Facilities Management Access Control Services (e.g., offices, labs, etc.)
  • Damaging, tampering or vandalizing any university lock or hardware, including keys/cards
  • Propping doors open
  • Admitting unauthorized person(s) into a building
  • Failing to return a key when requested or upon leaving university employment
  • Failing to report missing key(s) or card(s)

Authorized Administrator/User Access

Questions?

Contact Robert Meza, (858) 822-6667.