Securing Keys, Assets & People - News, Tech and Trends Blog

An Effective Key Control Policy in 4 Steps

Jul 19, 2017

The pin tumbler lock has been around for about 6,000 years. The Egyptians developed a lock and wooden key (about 2 feet long!) using the same basic principles as your front door deadbolt. With so much attention paid to the high-tech layers of a security program – intrusion detection, video analytics, electronic access control – it’s easy to forget just how critical a well-designed lock is; and just how vulnerable an inexpensive metal key can make you.

As useful as mechanical locks and keys are, they have three major weaknesses. And these weaknesses must be taken into account when designing a complete security program.

First of all, most mechanical keys can be copied without your permission or knowledge. Chances are, you have no idea how many keys to your facility are actually in use: which means you don’t know how many people can open your doors.

Secondly, mechanical keys provide no audit trail. If you suspect theft, it’s impossible to tell if or when a door was opened – unless you plan on installing video surveillance at every single door. Facility-key-control-systems.jpg

Finally, mechanical keys work 24/7/365. This may not seem like a weakness at first. But think about the access you are providing to a key holder. Do you really want your cleaning crew or other contractors to have unrestricted admission to your facility?

How Do You Know if You Have a Problem?

Do you suspect that your company has a key control problem? There are several questions you can ask to determine the extent of your risk. First of all, how many keys have been issued by your company? If you can’t put a hard number to this basic question, then controlling access to keys is an issue in your organization. Second, do you know who currently holds those keys? This is the same thing as asking, do you know who can open your doors?  If the answer is no then, again, there is a hole in your security program. Finally, can you stop key holders from making copies? It really doesn’t matter how careful you are in distributing keys if you can’t restrict the duplication. Many grocery stores now have self-service key copying machines. If someone can duplicate your keys while picking up bread and milk, then you have a problem.

Start With a Patented Key System

The first step in solving your key control problem is to select a patented key system. I’ve worked in commercial security for a couple decades now and I think “Do Not Duplicate” is the funniest phrase in the industry.  Most keys can be duplicated at local hardware stores because anyone can purchase the blank – or uncut – key. Stamping “Do Not Duplicate” on the key is meaningless. If the blank is readily available, someone will be willing to cut that key for you. And without patent protection, they’ve done nothing illegal. Unless the manufacturer can strictly control the distribution of key blanks, your policy will have no teeth.

Manufacturers control the sale and manufacture of key blanks by applying for and being granted a Federal Utility Patent. A Utility Patent applies to the way an invention works and is protected by federal law. Once a design patent is issued, it is illegal for a third party to produce a key that will work in the manufacturer’s lock. The only locksmith that should have access to the patented key is under contract with the manufacturer. High security lock manufacturers can and do audit the keys that a contracted locksmith cuts to ensure compliance with all control policies.

When working with a reputable locksmith, you as the owner of the keying system can provide the names of the people allowed to request duplicate keys. The locksmith should have a system of verifying identification and recording the details of every key they cut. You have every right as a consumer to ask your locksmith to explain how they ensure only authorized individuals receive your keys.

Medeco , ASSA, Schlage, BEST, Multi Lock, and others manufacture federally patent-protected keying systems. You can purchase these systems through a network of contracted dealers

Create a Master Key System

After you’ve chosen a patented keying system, your locksmith will have the expertise to design a master key system. The system describes which keys will work in particular doors. You can give all keys the ability to unlock the front door, while only select keys will access the Executive Suite.

Caution: master key systems include a grand master key. This key will open every lock in your business. Lose it, and the only way to maintain complete security is to write a new master key system, re-key your locks, and cut new keys. This could easily cost thousands of dollars.

Your key control system can be complemented by an electronic access control (EAC) system. An EAC system requires a card, fob, fingerprint, or some other credential to open a door. The EAC system allows you to restrict access based on time, date, and credential. It can also provide you with an audit trail of every opening – or attempted opening – of a door. The audit trail is a powerful tool to investigate crime and loss. Finally, the EAC system allows you to remove a lost, stolen, or inactive credential from your entire system in minutes.

An EAC system can easily cost $3,500 for every protected door, so it’s not usually possible to protect every door. Not only that, the EAC protected doors will often have a mechanical lock acting as an override. For these reasons, even the most sophisticated electronic system does not eliminate the need for effective key control.

Re-Key Your Facility

Once the master key system has been written, you are ready to re-key. At this stage, your locksmith will spend time at your facility working on every door. Usually, this will entail installing new cores into your existing locks and providing you with cut keys.

Sign Out Keys

With a new keying system installed, your security program has given you a clean start. Now it is important that every employee and contractor receiving keys sign a key holder agreement. This documents will explain that keys may not be loaned, and lost keys must be reported immediately. In addition, make it clear that all keys must be surrendered on termination of employment or contract.

Keep Track of Keys with Key Tracer

You can take your program a step further and control the distribution of keys with Key Tracer. The Key Tracer system secures keys in a secure electronic cabinet. Users cannot remove the keys without a code or electronic credential tied to a particular item. Not only does Key Tracer automate the process of distributing keys, it maintains control over their movement by alerting you if a key is not returned or if it is removed from your facility.


Effective key control is the foundation of a robust physical security program. In fact, your high tech electronic systems can be neutralized if you lose control of the simple mechanical keys. Fortunately, you can restore and maintain key security with a well-designed master key system, a comprehensive policy, and a Key Control cabinet.

Click here to learn more about KeyTracer Key Management Systems



Topics: Key Control

Shannon Arnold

Written by Shannon Arnold

Shannon Arnold is the VP of Marketing and Strategic Partnerships at Real Time Networks.