The URL can be used to link to this page

Home My WebLink About03.k. Adopt new Board Policy 016-SecurityCentral Contra Costa Sanitary District 3.k. likk BOARD OF DIRECTORS POSITION PAPER Board Meeting Date: December 4, 2014 subject: CONSIDER ADOPTING BOARD POLICY (BP) 016 REGARDING SECURITY Submitted By: Initiating Dept /Div.: Shari Deutsch, Safety & Risk Administration /Safety & Risk Mgmt. Management Administrator REVIEWED AND RECOMMENDED FOR BOARD ACTION. D. Heath — Director of Administration Roger S. Bailey General Manager ISSUE: The Administration Committee has recently expressed interest in establishing a Board policy on District security. Staff developed the attached draft policy which is modeled after East Bay Municipal Utility District (EBMUD)'s Board policy on security. It establishes the intent and expectations of the District's security measures, while authorizing the General Manager to implement the procedures, practices and systems needed to meet those expectations. RECOMMENDATION: Adopt Board Policy (BP) 016 (ATTACHMENT 1). FINANCIAL IMPACTS: None at this time. ALTERNATIVES /CONSIDERATIONS: The Board may choose not to adopt the Security Policy. BACKGROUND: The purpose of the policy is to ensure that adequate security measures are in place to provide a secure workplace for District employees and visitors and to protect District property and systems from external or internal threats, especially those that could compromise the operation of essential District services. The procedures, tools and systems used to control facility access are detailed in the attached Access Control Procedures (ATTACHMENT 2). This administrative procedure was recently updated to support the draft Board Security Policy under consideration. The updated version of the Access Control Procedure will be implemented when the Board adopts a security policy. Staff is currently drafting Physical Security Procedures to complement the Access Control Procedures. Information security issues will be addressed in a third administrative procedure when the Information Technology (IT) security evaluation is complete. C:\ Users \dheath\AppData \Local \Microsoft \Windows \Temporary Internet Files \Content.Outlook\2G7TYU3Y\PP Security Policy 120414.docx Page 1 of 2 POSITION PAPER Board Meeting Date: December 4, 2014 subject. CONSIDER ADOPTING BOARD POLICY (BP) 016 REGARDING SECURITY Staff will review and update these procedures regularly and will propose new ones as needs, circumstances and facilities change over time. COMMITTEE RECOMMENDATION: Recommend approval of the proposed Board Security Policy to the full Board of Directors. RECOMMENDED BOARD ACTION: Adopt Board Policy (BP) 016 regarding Security, effective December 4, 2014. Attached Supporting Documents: 1. Proposed Board Security Policy, BP No. 016 2. Administrative Procedure —Access Control C:\ Users \dheathWppData \Local \Microsoft \Windows \Temporary Internet Files \Content.Outlook\2G7TYU3Y\PP Security Policy 120414.docx I Page 2 of 2 Number: BP 016 Authority: Board of Directors - �DDAFT Effective: November 20, 2014 Reviewed: Initiating Dept. /Div.: Safety & Risk Management BOARD POLICY SECURITY PURPOSE ATTACHMENT 1 Central Contra Costa Sanitary District ANL To maintain a level of security sufficient to provide a secure workplace for District employees and visitors and to prevent or mitigate loss or damage to District assets and critical infrastructure from internal or external threats. POLICY • It is the District's policy to proactively protect its employees, systems, facilities and property from threats, loss and damage. The District will monitor and maintain systems, contracts and procedures to address security issues on a daily basis. The District will also create, maintain, and enforce access control procedures for employees, visitors, contractors and vendors to limit access based on appropriate authorization. The District will employ these and other physical and procedural controls to prevent, reduce and mitigate the impacts of such risks. The District will prioritize security for critical assets to minimize impacts on District operations. The District will utilize appropriate capital facilities and equipment to enhance the District's ability to deter, detect, delay and assess criminal actions. RESPONSIBILITIES The General Manager is authorized to establish and implement procedures to support this policy. Number: AP 016 Authority: General Manager Effective: 3/1/09 Revised: 11/20/14 Reviewed: Initiating Dept/Div: Risk Management Date Signed: Roger S. Bailey, General Manager PURPOSE Attachment 2 ADMINISTRATIVE PROCEDURE ACCESS CONTROL PROCEDURES It is the District's intent to provide appropriate security for its personnel and property while balancing the need to perform daily operations efficiently and to provide timely responses in case of emergency. 2. SCOPE This procedure applies to all: • District personnel including board members, regular employees, temporary employees, co -ops, summer students and selected long -term contractors; Access control facilities and equipment at the Martinez and Walnut Creek campuses. Access control facilities and equipment include access card readers, ID cards locks, locksets and keys to doors and gates. This policy does not apply to keys or locks to storage cabinets, desks, equipment or vehicles. Introduction: Safety & Risk Management (SRM) is responsible for access control systems at the Martinez and Walnut Creek campuses including all card readers, access control software, ID cards, gate and door locks, lock hardware, and associated keys. Directors, managers and supervisors are responsible for keys to any equipment, desks, cabinets and vehicles under their control. No employee, supervisor, manager or director is authorized to disable or reset access card readers, to change door or gate lock hardware, locks or keys or to make Number: AP 016 TITLE Page 2 of 10 copies of keys without the express approval of the General Manager and in coordination with SRM. Public Areas: The following areas of CCCSD are open to the public during normal business hours: • HOB Lobby • HOB Permit Counter • Household Hazardous Waste Collection Facility drop -off site and driveways The following areas of CCCSD are open to the public during public meetings or pre - approved scheduled events: • Board Room • Multi- Purpose Room All other areas of District facilities are considered private property. All visitors and guests with business beyond the public areas must be escorted by an authorized District employee. General Control Procedures: • All employees will be issued an ID card upon hire. An ID card shall consist of a photo ID including the person's name, department and job title, and an access card programmed with approved access to District facilities. • Employees must display their ID cards on their outermost garment of clothing at all times while on District premises; • Employees are not permitted to share ID cards or to allow others to access District facilities with them (often called `piggy backing). • Visitors with business at the District extending past the public areas shall wear a visitor badge on their outermost garment of clothing at all times while on the premises. • SRM shall maintain the access control software and keep a record of keys issued to all District personnel. • The access control software shall be configured to limit access to areas and times as designated by an employee's manager. • Temporary personnel shall be issued ID cards that expire on the day their work with the District ends. If that date is unknown, ID cards will be issued with a maximum activation term of 90 days. Number: AP 016 TITLE Page 3 of 10 • ID cards for separated and terminated personnel shall be deactivated immediately. • Keys to building perimeter doors shall not be issued except when specifically required to perform a specific job function. Such keys will be issued to the Department Director who assumes responsibility to secure the key appropriately. Responsibilities: Safety & Risk Management (SRM) • Develop and implement a master key system for all doors and perimeter access points within the Martinez and Walnut Creek campuses; • Maintain a log of all door and gate keys issued to individuals as well as all door and gate keys stored in shared access key cabinets; • Periodically audit the key logs to ensure compliance with this policy and accuracy of records; • Coordinate installation, repair and replacement of all door and gate lock components in accordance with equipment standards; • Coordinate installation, repair and replacement of all card readers or other access control measures; • Maintain access card reader and ID card production software; • Issue keys and ID cards with approved levels of access to District personnel; • Provide visitor badges for distribution at the HOB Lobby; • Provide identification badges to contractors working in private areas of District facilities; • Review this policy periodically and recommend changes as needed. HOB Lobby Receptionist • Issue visitor badges to all persons whose business at the District extends beyond the public areas; • Track badge numbers on the daily sign in sheet; • Collect badges from visitors during the sign -out process. Number: AP 016 TITLE Page 4 of 10 Project Managers with On -Site Contractors • At least one week before on -site work begins, provide SRM with the names of contractor personnel expected to be working on District property and the duration of the on -site work; • Distribute badges to on -site contractor personnel; • Advise SRM when contractor personnel have completed work or will no longer be on -site; • Collect all badges from contractor personnel when their work is complete and return them to SRM. Employees • Properly use and protect all issued ID cards and keys; • Report the loss of ID cards and keys and any lock problems to SRM as soon as possible; • Surrender ID cards and keys as described in this policy. Supervisors • Initiate and route Access Request Forms and Key Request Forms for appropriate signatures and forward to SRM; • Ensure that keys are issued only to employees who need them to perform their duties; • Forward any requests to change locks and /or locksets to SRM; • Forward requests to issue new or additional keys to SRM; • Report any damage, needed repairs or maintenance to locks or locksets to SRM; • Be responsible for the content and use of door and gate keys stored in shared access key cabinets; • Periodically review the access granted to their employees for accuracy and propriety; • Advise SRM to extend the activation of ID cards issued to temporary personnel as needed. Managers /Directors Number: AP 016 TITLE Page 5 of 10 • Establish access control guidelines for positions and /or employees under their supervision; • Advise SRM of any proposed changes to access control guidelines within the work group; • Sign and submit Access Request Forms and Key Request Forms to SRM in a timely manner; • Train supervisors and employees on their responsibilities under this Access Control Procedure. EOC First Responders • Access for EOC staff and emergency response personnel is addressed in the District's Emergency Operations Plan. Procedures: Issuing Keys • Supervisors may authorize the distribution of new or additional keys to areas within their control to current employees via submission of a signed Key Request Form to SRM. • Upon receipt of an approved Key Request Form, SRM shall issue keys to new employees in accordance with the access control guidelines established by the work group supervisor. • Upon receipt of any new key or keys, each employee will sign the Key Request Form to acknowledge all keys received. Issuing ID Cards Requests for new ID cards must be made using the Access Request Form. Managers shall sign and forward Access Request Forms to SRM, indicating the locations and hours of access needed to allow personnel to perform their duties. • Upon receipt of an Access Request Form, SRM staff will program the ID card and provide it to the designated individual. Returning ID Cards and Keys ID cards and keys to District property are provided to employees to facilitate performance of their duties. These items remain District property and shall be Number: AP 016 TITLE Page 6 of 10 surrendered upon request of an employee's supervisor, manager or department director, or SRM. Keys must be surrendered under the following circumstances: • Termination of employment • Leaves in excess of 30 days • Change of Duty / Work Group • Change of Lock ID cards must be surrendered under the following circumstances: • Separation or termination of employment • Leaves in excess of 30 days Supervisors, managers or directors shall collect ID cards and keys and forward them to SRM. Lost ID Cards or Keys • All lost ID cards and keys shall be reported to SRM as soon as possible. • SRM will discuss whether or not to re -key areas affected by lost keys with the supervisor or manager of the reporting work group. • If re- keying is found to be necessary, costs to perform such work will be charged to the responsible work group. Re- keying locks • Requests to re -key locks shall be submitted to SRM. • SRM will review the request with the supervisor or manager of the requesting work group and evaluate any impacts to the master key system. • Costs to perform re- keying work will be allocated based on the reason for change. Shared Access Key Cabinets • Shared access key cabinets containing door and gate keys will be audited periodically by SRM staff. Number: AP 016 TITLE Page 7 of 10 • Managers and supervisors of work groups with shared access key cabinets are responsible for tracking removal and replacement of all keys stored in the cabinets covered by this policy. Related Policies and Procedures: Board Policy 016 - Security On -site Contractors Badging Procedures (forthcoming) District Visitors Badging Procedures (forthcoming) Information Technology Security Policies and Procedures (forthcoming) Attached Supporting Documents: 1. Key Request Form 2. Access Request Form [Original Retained by the Secretary of the District] Number: AP 016 ATTACHMENT 1 TITLE Page 8 of 10 CENTRAL CONTRA COSTA SANITARY DISTRICT KEY REQUEST FORM NAME: Regular Employee❑ Temporary[] Co -op❑ Other❑ Estimated time period Temps will work: JOB CLASS TITLE: DEPARTMENT /DIVISION: (Check one only) Key Description MANAGEMENT/ BOARD OF DIRECTORS Date Issued ADMINISTRATIVE Date Returned ENGINEERING - CAPITAL PROJECTS. ENGINEERING - ENVIRONMENTAL SVCS COLLECTION SYSTEM OPERATIONS PLANT OPERATIONS DEPARTMENT Other — Specify (Janitorial, Contractor, Guards, etc.): Key Description Quantity Issued Date Issued Recipient Initial Date Returned Recipient Initial Authorized by Supervisor: (please print) Signature of Supervisor: Employee Acknowledgement Date: understand that by signing below, I assume responsibility for the above keys and their use. I will follow the District's Key Control Policy, including not loaning my keys to others, reporting lost keys immediately and returning the above keys upon the end of my employment or as outlined in the Key Control Policy. Signature of Employee: Date: Please return this form to Safety & Risk Management Number: AP 016 TITLE Page 9 of 10 CENTRAL CONTRA COSTA SANITARY DISTRICT ACCESS REQUEST FORM ATTACHMENT 2 NAME: ❑ Regular Employee ❑ Temporary ❑ Co -op ❑ Other Estimated time period Temps will work: JOB CLASS TITLE: DEPARTMENT /DIVISION: (Check one only) CARD READER ACCESS AREA: (Check all that apply): MANAGEMENT/ BOARD OF DIRECTORS ADMINISTRATION ENGINEERING - CAPITAL PROJECTS ENGINEERING - ENVIRONMENTAL SERVICES OPERATIONS - COLLECTION SYSTEM OPERATIONS - PLANT OPS / MAINTENANCE OTHER — Specify (Janitorial, Contractor, Guards, etc.): CARD READER ACCESS AREA: (Check all that apply): A. SCHEDULE OF ACCESS TIME (Check only one): HOB LOBBY DOOR (Open 8:00 a.m. — 5:00 p.m. M -F) HHWCF D. Wyatt HOB BACK DOOR (Open 7:30 a.m. — 5:00 p.m. M -F) MECHANICAL MTCE. BUILDING MONDAY thru SATURDAY - 5:00 AM to 10:00 PM (Open 6:00 a.m. — 3:00 p.m. M -F) T.P. Mgr. HOB ACCOUNTING — COMPUTER T. Vassallo MATERIALS CONTROL BUILDING MONDAY thru FRIDAY - 6:30 AM to 3:00 PM (Open 6:00 a.m. — 4:00 p.m. M -F) S. King HOB RECORDS — VAULT T. Vassallo SUB - STATION 82 T.P. Mgr. HOB GARDEN LEVEL LABORATORY FRONT DOOR (west door) Sign off required if not HOB employee D. Heath LAB. BACK DOOR TO PLANT (east door) M. Esparza POD N.E. DOOR MAINTENANCE & RELIABILITY CENTER (MRC) (After -hours door controlled by Operations Dept.) I (Open 4:00 a.m. — 5:00 p.m. M -F) T. P. Mgr. POD S.E. BACK DOOR (Open 7:30 a.m. — 5:00 p.m. M -F) T.P. SOUTH GATE T.P. Mgr. (Between POD & HOB back door) POD N.W. DOOR (POD OFFICES) T.P. Mgr. MARTINEZ PUMPING STATION GATE D. Rhoads POD TRAINING ROOM CSO LOBBY ENTRY P. Seitz (Open 6:00 a.m. — 5:00 p.m. M -F) T.P. Mgr. CSO LOWER ENTRY P. Seitz POD IT STAFF OFFICE R. Li POD BASEMENT NETWORK ROOM (MDF) R. Li CSO WAREHOUSE P. Seitz PLANT MAIN GATE JCS0 SOUTH GATE P. Seitz (Open 7:30 a.m. — 5 :00 p.m. M -F) T.P. Mgr. A. SCHEDULE OF ACCESS TIME (Check only one): B. OR, ALTERNATE SCHEDULE (Check only one, then indicate time period): MONDAY thru FRIDAY MONDAY thru SATURDAY MONDAY thru SUNDAY TIME PERIOD: 24 HOURS /DAY, 7 DAYS/WEEK MONDAY thru FRIDAY - 6:00 AM to 7:00 PM (Managers, Supervisors & Special Schedules MONDAY thru SATURDAY - 5:00 AM to 10:00 PM MONDAY thru FRIDAY - 7:00 AM to 7:00 PM (Regular Employee - General Access MONDAY thru FRIDAY - 6:30 AM to 3:00 PM OTHER: CSO - General Access Non CSO Staff B. OR, ALTERNATE SCHEDULE (Check only one, then indicate time period): MONDAY thru FRIDAY MONDAY thru SATURDAY MONDAY thru SUNDAY TIME PERIOD: Number: AP 016 TITLE Page 10 of 10 Approved by: Approved by: SUPERVISOR Date DEPARTMENT DIRECTOR Date Approved by: DIVISION MANAGER Approved by: SAFETY & RISK MANAGEMENT ADMINISTRATOR Date Date