Department of Local Government and Housing

Access Control Policy

DEPARTMENT OF LOCAL GOVERNMENT AND HOUSING


Access ControlPolicy
Physical and Information Security Policy
Revision: / 1.1
Author: / Meshack Sematle
Effective date: / 2004-04-01
Electronic file: / Access control Policy

TABLE OF CONTENTS

  1. PURPOSE
  1. BACKGROUND
  1. THE LEGAL MANDATE: CONTROL OF ACCESS TO PUBLIC PREMISES AND VEHICLES ACT 53 OF 1985 AS AMENDED
  1. OBJECTIVE OF THE ACCESS CONTROL POLICY
  1. THE ID ACCSS CARD POLICY
  1. APPLICATION FOR IDENTITY ACCESS CARDS
  1. RECOVERY OF ID ACCESS CARDS
  1. LOST/STOLEN AND RE-ISSUING OF ID ACCESS CARDS
  1. VISITORS

9.1Categories of visitors

9.2Access procedures

  1. PROXIMITY CARDS
  1. GENERAL
  1. OFFICE SECURITY
  1. KEY CONTROL
  1. COMBINATION SETTINGS OF SAFES, VAULTS AND STRONG ROOMS
  1. COMPROMISE OF KEYS/COMBINATIONS
  1. REPAIR OF LOCKS/COMBINATION LOCKS AND ADDITIONAL KEYS
  1. CONTROL OF FIRE ARMS
  1. PARKING
  1. SECURITY BREACHES
  1. Purpose

1.1To introduce access control and ID card system for the Department of Local Government and Housing.

  1. Background

2.1The Department of Local Government and Housing has been a victim of theft that resulted in serious financial losses due to a lack of proper access control measures.

2.2For the purpose of improving the safety of staff members, information and assets of the Department of Local Government and Housing, identity access cards (access cards) are issued to all members of staff primarily for them to access the premises of the Department.

2.3The access cards are issued by the Chief Information Office and remain the property of the Department.

2.4The access cards should be regarded as work facilities as well as security tools since they enable the user access to the Departmental premises, which may compromise information and assets security.

  1. The Legal mandate: Control of Access to Public Premises and Vehicles Act 53 of 1985 as amended.

3.1(Subsection 1 of the Act) Not withstanding any rights or obligations to the contrary and irrespective of how those rights or obligations arose or were granted or imposed, the owner of any public premises or any public vehicle may-:

3.1.1(a) Take such steps, as he may consider necessary for the safeguarding of those premises or that vehicle and the contents as well as for the protection of the people therein or thereon.

3.1.2(b) Direct that those premises or that vehicle may only be entered upon in accordance with the provision of subsection (2).

3.2Subsection (2) of the Act. No person shall without the permission of an authorized officer enter any public premises or any public vehicle in respect of which a direction has been issued under subsection (1) (b), and for the purpose of granting of that permission authorized officer may require of the person concerned that he/ she-:

3.2.1(a) Furnish his/ her name, address and any other relevant information required by the authorized officer.

3.2.2(b) Produce proof of his/ her identity to the satisfaction of the authorized officer.

3.2.3(c) Declare whether he/she has any dangerous object in his/ her possession or custody or under his control.

3.2.4(d)Declare what the contents are of any vehicle, suitcase, attaché case, bag, handbag, folder, envelope, parcel or container of any nature, which he has in his/ her possession or custody or under his/ her control, and show those contents to him.

3.2.5(e) Subject him/ her and anything which he/ she has in his possession or custody or under his/ her control to an examination by an electronic or other apparatus in order to determine the presence of any dangerous object.

3.2.6(f) Hand to an authorized officer anything, which he/ she has in his/ her possession or custody or under his/her control for examination or custody until he/ she leaves the premises or vehicle.

  1. Objective of the Access Control policy

4.1 The objective of the access control policy is to ensure that strict control guidelines over the issuing or use and return of the Department of Local Government and Housing access cards and keys are provided. These controls, in conjunction with the National, Provincial and Departmental Security policies and procedures will enhance the safeguarding and securing of Departmental assets and employees thereby reducing the risks and threats to the Department. This in turn will assist in minimizing losses resulting from theft and unauthorized access.

  1. The ID Access Card Policy

5.1The access card is an integral part of any physical and technical access control system or procedure other than just being a means to positively identify departmental employees.

5.1The issuing and strict control of the identity cards is crucial to a safe and secure working environment.

5.2Chief Information Office: Security Services is responsible for the manufacture, issue and management of the Department of Local Government and Housing identity access cards.

5.3The individual ID access card holders are responsible and accountable for their cards and how and where they are used.

5.4Where external contractors are issued with the Department of Local Government and Housing contractor cards, the line management by whom they are appointed is responsible for control, use and return of the cards.

  1. Application for Identity Access Cards

6.1An identity access card shall only be issued on the strength of an application form that has been signed by both the applicant and his/ her manager.

6.2Application forms for ID access cards can be obtained from the Chief Information Office: Security Services

6.3Application forms shall be submitted at least four hours prior to the issue of the card.

6.4Once the employee’s photograph and details have been printed onto the ID card, the relevant information will be captured into the access control system by the Chief Information Office: Security Services.

6.5Contracted service providers and internship students must complete an application form for contracted staff.

  1. Recovery of ID Access Cards

7.1Human Resource Management shall recover the card from the employee whose employment with the Department has been terminated and submit it to Security Services within 24 hours of termination of employment. Application for benefits of such an employee would not be processed before the card is returned.

7.2 Human Resources shall notify the Chief Information Office: Security Services on a monthly basis and in writing of the names and details of any person who left the Department of Local Government and Housing during the preceding month. On receiving such notification Chief Information Office: Security Services will amend its records accordingly.

  1. Lost/ Stolen and Re-issuing of ID Access cards

8.1When an ID access card is lost, the cardholder must report the loss to the South African Police Services (SAPS) and Chief Information Office: Security Services within twenty-four hours of loss.

8.2When an ID access card is lost, the employee must pay an amount of R100.00 for the replacement of the card. The money shall be paid to the Departmental Revenue Office (Cashiers at the Finance Division). The revenue office will issue a receipt, which will be produced to the Chief Information Office: Security Services for the replacement of the card.

8.3When an ID access card is damaged and needs to be replaced, the damaged card must be returned to the Chief Information Office: Security Services before a new card is issued. A new application form will be completed for the new ID access card. Paragraph 8.2 above is not applicable in this case.

  1. Visitors

9.1 Categories of visitors

9.1.1VIPs, e.g. MECs, Ministers, HODs. (The only definition of VIP applicable is one provided for in the South African Government Protocol Handbook

9.1.2Official visitors, i.e. for the purpose of meetings, work related matters, ad hoc contractors, technicians, and etc., with the exception of those mentioned in paragraph 9.1.3 below.

9.1.3Service Providers who are contracted on a permanent/ long-term basis to the Department.

9.1.4Non- official visitors, family members, friends, relatives and etc.

9.2Access procedures

9.2.1VIPs: The office of the MEC will arrange for the reception and departure of the VIPs. Security instructions shall be observed in respect to VIP visits. Any assistance required by the VIP shall be issued with a visitor’s card for record purposes.

9.2.2Official visitors: This category must report to the access control point, go through all applicable access control procedures and are escorted to the venue of the meeting, workplace, etc. For this purpose, the host must notify the security personnel of the meeting at least two hours before the commencement of such meeting.

9.2.3Service Providers: This category of vetted visitors will be issued with temporary contractor cards, which may be coupled with access cards programmed to provide restricted access privileges only, and will be in use during the contracted period only. Escorting is not essential, although the areas to which they may not have access to must be clearly indicated to them.

9.2.4Family members, friends or non-members: Such persons will be admitted to the access control point for applicable access control procedures. No authority to access the premises will be provided for them without sound motivation, a justifiable reason and approval from the visited family member. The visited family member may personally receive the visitor at the access control point.

  1. Proximity cards

10.1.1ID access cards will be activated as proximity cards for all personnel of the Department of Local Government and Housing who function in buildings that are fitted with electronic access control systems, or personnel who regularly visit departmental premises that are fitted with electronic access control systems.

  1. General

11.1.1ID access cards shall be worn at all times whilst on the premises of the Department of Local Government and Housing and shall be worn in such a manner that they are clearly visible.

11.1.2An official who accesses and exits the premises of the Department with a visitor without authorization by the security officials may be charged with breach of security provisions. No person shall without the permission of an authorized/ security officer enter or enter upon public premises or any public vehicle – Control of Access to Public Premises and vehicles Act 53 of 1985.

11.1.3Without prejudice to the provisions of the Trespass Act, 1959 (Act 6 of 1959), an authorized officer may at any time remove any person from any public premises or public vehicle if-:

  • That person enters or enters upon the premises or vehicles concerned without the permission contemplated in paragraph 9 above.
  • The authorized officer considers it necessary for the safeguarding of the premises or vehicle concerned or the contents or for the protection of the people therein or thereon.

11.1.4Office-hours for the purpose of officials’ access to Departmental premises is from 07h00-18h00 during the week. Any official who wishes to access the premises of the Department outside the defined office-hours and weekends must apply with Chief Information Office: Security Service for authorization at least twenty four hours before the time.

  1. Office Security

12.1. Each member is responsible to inspect his/ her own office or work area for signs of intrusion at the beginning of each day. If the member detects any sign of intrusion, he/ she should notify the immediate head or next senior member so that the matter can be reported to the Chief Information Office: Security Services immediately.

12.2 Cleaning of offices should be done during official working hours and supervised by the occupant of the office. The occupants of offices that contain sensitive apparatus or documents, which cannot be hidden or locked away, may clean their offices themselves.

12.3 The occupant of an office should lock the doors of the office or working area at all times when leaving such an office or working area.

12.4 At the end of the day, before departure, each official should ascertain that:

  • All electrical appliances are switched off.
  • No cigarettes, tobacco and/ or matches are left burning.
  • Blinds/ curtains are drawn.
  • Doors, windows and cabinets are closed and locked.
  • Sensitive apparatus or documents are locked away.
  • A register for after-hours visitors to the Department will be kept and checked within 24 hours by the Chief Information Office: Security Services.
  • The jamming of doors fitted with electronic readers, either on the hallway or in offices is prohibited.

13. Key Control

13.1Chief Information Office: Security Services is responsible for the control and record keeping of keys of all offices, safes and vaults, as well as of combination codes of safes/ vaults.

13.2Any loss of keys has to be reported immediately to the Supervisor after which the Security Services must be informed in writing by the Supervisor. Such a loss must also be reported to the Chief Information Office: Security Services by the person who lost the keys.

13.3Excluding certain duplicate keys kept for emergency use, all other duplicate keys must be kept at a central point, which is under control of and manned by the Key Control Officer. Keys must be sealed and stored in prescribed cabinets. Only the management of the Chief Information Office: Security Services or the higher line levels can give permission to break a seal.

13.4If a duplicate key is needed, a written motivation counter signed by the Supervisor should be forwarded to the Security Services. This will be the case when a member of staff has left his/ her keys at home. Duplicate keys will be returned to the KCO within an hour of their use.

13.5The duplicate keys of Registries and other sensitive areas have to be stored in a properly sealed envelope (with its details on the outside) by the Key Control Officer (KCO) in the Chief Information Office: Security Services with proper record keeping. Sealed envelopes are subject to controlling actions by the Manager: Security Services, while the head of office can implement other measures to his/her satisfaction.

13.6The KCO has to ascertain that duplicate keys are available and safeguarded for every office.

13.7The KCO will safeguard duplicate keys and the most recent lock combinations, which must remain sealed in the envelopes in which it has been received. These envelopes are subject to controlling measures by the Manager: Security Services and the client/ user SBU.

14. Combination settings of safes, vaults and strong rooms

14.1Lock combinations of safes, vaults and/ or strong rooms must be set by the users and memorized. The combination must be written on an A4-size (folio) paper, folded in such a way that the written numbers are covered on both sides by at least two layers of paper, sealed in an envelope on which the following particulars are displayed:

  • The date of the sealing by affixing an official date stamp;
  • Signature of the member(s) sealing the envelope;
  • The serial number of the relevant safe/ strong room; and
  • The number of the office and name of the building in which the relevant safe or strong room is situated.

14.2The sealed envelope is sealed in a second envelope and sent to the KCO in the Security unit.

14.3As soon as a new safe/ strong room, which uses both a key and combination lock is put into service, the duplicate key (which takes the place of a combination code setting) is sent to the Chief Information Office: Security Services.

14.3.1Always ensure that the duplicate key and combination code are not put in the same inner envelopes.

14.3.2Avoid using numbers that are multiples of 5 or 10. High and low numbers must be alternated and must preferably not be higher than 85 or lower than 15.

14.3.3.Do not use combinations that can easily be connected or relayed to the user, e.g. birth dates, telephone numbers, vehicle registration number, etc.

14.4The same combination may not be used more than once in any of four consecutive settings.

14.5Combinations must be memorized by the member and may not be made available to other members who are not co-users. Written notes of the combination are strictly forbidden.

14.6 Resetting of combinations

14.6.1A combination code will be valid for three (3) months, unless a compromise takes place or a suspicion of compromise arises.

14.6.2On the last working day of such a period, a new code should be introduced. In the case of a compromise or suspicion of a compromise, the combination must be immediately reset.

15. Compromise of keys/ combinations

15.1 A compromise should be assumed when:

  • The envelope in which a combination or key was sealed is opened or is found open for some or other reason;
  • A new combination lock is received;
  • A member of staff responsible for a safe or strong room resigns;
  • Any other circumstances that may indicate a possible compromise.

15.2Events, which suggest that a compromise has taken place or even if only such suspicion exists, must be reported as soon as possible to the Chief Information Office: Security, as soon as it is suspected or when it comes to attention.

16. Repair of locks / combination locks and additional keys

16.1Repair of any lock or the provision of an additional key may only be authorized by the KCO.

16.2The repair of locks, safes or strong rooms must be undertaken under the auspices of the KCO, or where applicable while heads of offices are supervising.

17.Control of fire arms

17.1No fire-arms are allowed in the premises of the Department.

17.2Officials and visitors in possession of fire-arms must leave them at the lockable gun deposit safes at the reception areas except close protectors of political principals.

17.3The owner of the fire-arm will be required to produce a license for such a firearm before keeping in the safe. The owner will lock and take with the key of the gun deposit safe.

18. Parking

18.1Parking of private vehicles in the Departmental located parking bays is at the owner’s risk.

18.2Vehicles parked in enclosed parking bays of the Department will be subjected to physical check upon exiting such a premise.

18.3Government-Owned Vehicles will not be authorized to exit the Department’s vehicle parking bays without approved route plans and itineraries.

19. Security breaches

19.1Failure to adhere to the prescriptions of this policy constitutes a security breach and a punishable offence.

19.2Any loss incurred by the Department as a result of failure to adhere to these policy prescriptions constitutes fruitless and wasteful expenditure.

APPROVED BY

______

HEAD OF DEPARTMENTDATE

1

Confidential