Access Control

Background

The new maths building is largely a keyless building with door access being via electronic locks. The data management is largely automated and based on agreed general principles and rules as documented below.

General/Basic Access

General access (e.g. access to the building and common spaces such as the mail room, meeting rooms, library etc) is automatically granted to graduate students and above holding a university card which has a maths affiliation attached to it.

In addition if a person is assigned an office then access to that office is automatically added to their card.

Due to some anomalies in university card data it is possible for a member of the department to have their maths affiliation missing from their card record. In such a situation provided they have a maths account with relevant status and an office allocation they will still be automatically granted general access. Where such anomalies are identified a request should be made to the card office or IT Services IAM team to correct the data so the automated exception is not needed.

Undergraduates can freely access the building and the teaching spaces in working hours and so no special access needs to be granted.

Additional Access

Given the electronic nature of the system fine grain additional access can be added and removed where appropriate, required and approved, e.g.

  • a PA having access to the office of the person they support (and vice versa).
  • a given administrative team agreeing to share access to its offices, e.g. academic admin, personnel.
  • visitor management staff being given access to all visitor rooms.

Depending on the type of access it may be considered appropriate for operational reasons as agreed by the department (e.g. visitor room access for staff overseeing the visitor process) or by consent by the office occupants in general (e.g. Finance team staff having access to each others rooms).

In the past a few research groups had a local mechanism to obtain a master key to rooms in their area (e.g. CMB, OCIAM, NA). Historical this tended to have come about because these groups were based in buildings with less administrative support (e.g. when OCIAM and then CMB moved to DH or when NA moved to 3WS). Having moved to the new building such research group access has been phased out as there is now a more organised system to provide temporary cards or access (e.g. when a university card is lost or forgotten) when needed and a single mail room (which ultimately should have a named pigeon hole for DPhil students and above) to drop off items for people etc.

From a security perspective electronic locks are more secure than mechanical locks and master keys. They allow fine grain access to be given and for access to be changed and removed as required (or if cards are lost etc). Nevertheless from a security perspective it is still considered good practice and strongly recommended to keep the number of people with additional access to a minimum granting such limited additional access only where it is regularly and operationally required (i.e. there needs to be a good clear case for granting such access rather than adopting some other standard workable approach such as using the mail room, person to person transfer, using a PA/admin support etc). This ensures the system remains manageable, runs smoothly and can be regularly and easily audited and adjusted as required.

Broad Access

Broad access to large quantities of doors is something that should be most carefully managed and limited. At present such broad access is given to

  • Contractor Cleaners
  • FM staff based in the building
  • Departmental IT Staff
  • Key holders/Callout List Members (e.g. the key OUES FM, key IT, HoD, HAF)
  • Estates Services staff (access to site plant/service spaces)

OUSS act as the primary key holder for the building. In addition OUSS will have a 24/7 presence in the ROQ site security room which happens to be on the corner of the maths building (room N0.15). As such they will be able to respond very rapidly to issues in the building.

A common question is what to do when someone is locked out. If this occurs in office hours then the person should visit reception who contact a local FM person via the radio to attend the room and facilitate access or reception can quickly issue a temporary/visitor card granting access to the office for use that day.

Out of hours it is possible to call OUSS (the number is on the signs on every print point notice board around the building as well as the sign by the general phones in the entrance foyer and central mezzanine) who will respond quickly and facilitate access where appropriate.

In any such situation though the identity of the person should be confirmed before facilitating access to the building or a specific room/office. By the very nature that a person's 'key' is their university card then they typically do not have that as a form of photo identity if they cannot gain access (unless the problem is a fault with the card, e.g. they have damaged the chip but the card is otherwise intact). They are also unlikely to have some other form of suitable photo ID on them, e.g. passport or driving license. If the problem is that they have locked their card in a room then it would be possible to let them into a room to find the card and show it as proof of ID. However, this exposes people to risk, e.g. where a person is attempting to deceive their way into the building and having been given access then cannot show the card they claimed was there and refuses to leave, runs away within the building or worse still becomes violent (in what is likely to be a quiet and empty building). As such facilitating access other than by FM staff etc in office hours and OUSS staff (who are trained and typically respond in pairs) out of office hours can be dangerous or could result in significant cost to the department in lost/stolen items.

Visitor Access & Temporary Cards

If someone is visiting the building to attend an event then it is typically in the mezzanine in office hours and hence no special access is required. If such an event is out of hours then it will have appropriate support arranged, e.g. through the FM team, which will then also include facilitating access by unlocking the main entrance or managing the door.

If someone is attending a single meeting or other engagement in the office space then this will typically be in office hours and as is common practice in other departments the person signs in at the visitor book on the reception desk before being buzzed through the foyer doors (after which there are no further barriers and they can reach their destination and later also leave the building without needing a card).

If someone is a departmental academic visitor visiting for more than a few days then the visitor arrangements include obtaining a university card for the person. As such they can be treated in the same fashion as other departmental members in that they will be affiliated to maths and get automatic building access and also office access if one is allocated.

If someone is an academic visitor only visiting for a few days they will still be on the visitor records but will not receive a university card. As such they are issued with a white access card from a hopper at reception. The reception staff have a simple web form in to which they enter the name of the person and the duration of the stay (and if possible the person's office number) after which they press a button and the hopper issues the card with the access control system configured to grant that card the relevant access. When the visitor finally leaves they will simply post the card back in to the hopper which will read the card data and update the system so it automatically knows which cards are in circulation. A report can then be periodically run to identify lost cards for audit purposes.

Whilst members of other departments may visit people in the maths building from time to time it is generally considered good practice not to grant such card access to the building unless the person is a very frequent visitor (e.g. weekly). If they are just an occasional day/meeting visitor then they are treated as described above and sign in at the desk and are buzzed through the foyer doors. Such an approach is in line with how other buildings are operated (e.g. CS, CRL, OUES etc).

Lost University Cards

If someone loses their university card it compromises the security of the building and also prevents them from being able to access their office. Lost cards should be immediately reported (to door-entry@maths.ox.ac.uk) and a replacement requested (through personnel in S0.11 or S0.13). This will trigger the lost card to be flagged as cancelled in the university card data which will further disable the card on the maths access control system (if reported to door-entry the card will be manually disabled first at that point). To enabled someone who has lost (or just forgotten) their card to access their office they are issued a temporary card in the same way as very short term visitors are issued cards. This temporary card provides the general access and office access but not any additional access the individual may normally have.

Library Access

The general access granted to maths members includes the Whitehead Library. Members of other departments who have been granted use of the Whitehead Library (for library access, contact Librarian: library@maths.ox.ac.uk), are given office hours access to the library door. Such readers still sign in at the reception desk to be buzzed in rather than be given access to open the foyer doors.

Management of Non-Automated Access

Access requests are made via email to door-entry@maths.ox.ac.uk. Those requests are processed against the above policy procedures and hence a record is kept of the request details and access granted. The access control system itself also allows for reporting of non-automated access granted to enable periodic review and auditing. Any access request that does not conform to the above policy is assessed by the Director of IT & Physical Resources and may be referred to the Executive Committee or Head of Department as appropriate.

Review

Access granted is reviewed periodically, at least annually.