Skip to content Skip to site navigation Skip to service navigation

Access Control

Overview

University IT provides access control for exterior and interior doors. Services available include planning, installation, and maintenance for all related hardware and software.

Wired, wireless, and offline readers are offered. Wired and wireless readers have a monthly fee associated with them to provide for system maintenance and hardware repairs, while offline readers are supported through time and materials requests. Exterior doors must have wired access control. Exceptions to exterior wired access must be approved by Public Safety and Risk Management. Exterior doors must be connected to the campus system. There are no exceptions. Interior doors may have wired, wireless, or offline access control. Both wired and wireless have the ability to make immediate or planned online changes to either the personnel or times when access is available. Offline locks are programmed by a visit to the lock and are only updated when a time and materials visit is requested. 

Wired and wireless support includes 24x7 system support. Critical outages will be responded to 24x7, non-critical outages will be handled during business hours. Individual reader issues will be responded to during business hours unless escalated as a critical outage.

Included as part of the service are the initial programming and setup, as well as user training. Clients requesting re-training or training of new users may attend classes offered periodically as needed, generally monthly. Class training is free of charge. Additional private training may be requested and will be charged the prevailing hourly rate. Stap funds may be used for private training.

Projects are managed outside the standard service. If you have a new installation request please submit a HelpSU or contact the ID Card Office.

The following reader types are supported:

  • Wired: HID RP style multiclass reader
  • Wireless: Lenel ILS or Schlage AD400
  • Offline: Lenel ILS​

Description of Services

Planning

When new building construction or renovations are planned, University IT should be engaged as early as possible in the project planning cycle to provide input to hardware specification. This contact is generally made from LBRE DPM to the University IT Facilities Engineer.


Recommendations provided by the Facilities Engineer will include hardware components, wiring, and recommendations specific to conformance to the Facilities Design Guidelines.


Security planning, architectural analysis, application integrations, and project management that requires facilitation between multiple groups external to University IT, are not part of core access control services.   If additional planning services are required, the client should work with their designated Business Partner to obtain a proposal with estimated costs and timelines, as these may be considered project-based services.


In addition to responding to alerts from system monitoring tools, the Card Services staff will perform an annual review of all supported servers, and make recommendations as needed.  These recommendations may include configuration, hardware, or software updates, or capacity recommendations.  Clients are expected to comply with periodic outages to support the recommendations.


Card Services will work with clients to plan a periodic (generally 12-year) hardware replacement cycle.  Replacement costs are provided as part of building maintenance for centrally supported groups, while auxiliaries, formula schools, or service centers provide for their own replacements similar to other capital improvements. Clients are responsible for purchasing hardware. Access Control staff will collaborate with the client on hardware purchasing decisions, will build the new systems and bring them to a state of production readiness.  

Installation and Deployment

University IT is responsible for:

  • Verifying all rack, power, and cabling requests have been completed in a satisfactory manner
  • Installing and configuring operating system software and associated patches or updates
  • Installing and configuring access control software, including firmware for equipment in the field.
  • Installing and configuring access control hardware as contracted by the client and/or project.
  • Requesting and ensuring proper backup and system firewall templates have been applied
  • Configure and maintain backup systems, including purging transactions every 15 months to maintain system performance.
  • Coordinating system-related activities between University IT groups as appropriate to ensure the successful installation of a device.

Any interior installation not connected to the campus system must provide 24x7 access to Public Safety and Fire Marshal staff.

Ongoing Support

University IT will:

  • Respond to monitoring alerts and client-reported problems.  During non-business hours, support will be provided when either the hardware, operating system, or infrastructure software is unavailable or the ability to use these resources is severely degraded.   Single reader issues will be responded to next business day unless escalated as critical. Building outages will be responded to 24x7. Please note, should after-hours support be required due to a change that was performed by the client without proper planning or notification, emergency support fees may apply.
  • Troubleshoot and resolve system-related problems
  • Monitor vendor resources for any required operating system patches or upgrades
  • Monitor vendor resources for any required hardware upgrades
  • Coordinate hardware upgrades with hardware support vendors as needed
  • Monitor security advisories for operating system and infrastructure software, and take appropriate actions to safeguard resources
  • Implement security patches as needed
  • System account management
  • Document and submit change management requests for proper approval as required.  Change Management is required for any change that may impact end-users.
  • Install security patches, upgrade software packages, and update system configuration to meet Stanford best practices.
  • Firmware upgrades as required
  • Maintain operating system and supported software documentation
  • System-level housekeeping activities to ensure systems are operating at optimal levels
  • Backup management
  • Requesting firewall configuration

Support requests that fall outside of normal operations will be reviewed on a case-by-case basis and may incur additional costs.  Only vendor-supported versions of operating system or application software will be maintained. 

It is expected that all application and system changes that may impact services will adhere to standard Change Management policies.  Clients should submit any non-impacting or non-urgent system requests via HelpSU. 

Non-urgent and low severity HelpSU tickets will be assigned within 8 business hours. The client can expect an acknowledgement via email that states either:

  • the request has been assigned and additional information is required in order to complete the request
  • the request has been assigned and a target timeframe as to when the request might be completed
  • the request has been assigned and completed

Completed requests will be indicated via a ticket status of “resolved”.  Routine support requests are typically resolved within 24 hours of assignment.  Clients will receive email notification when a request has been resolved.

Host-based access or shared passwords are not permitted.

Card Services will manage all accounts present on the system.  However, any changes to accounts from the client’s organization must be coordinated by the client with the Card Services team.

Card Services uses the University IT Change Management Process for all changes that may affect the service provided to the client or the University community. Work on the system that is controlled under the change management process will generally be performed during maintenance windows. Card Services maintenance windows are Thursday mornings 4 a.m. to 6 a.m., and weekend mornings 5 a.m. to 8 a.m.  Any work performed during this time will be coordinated via the change management process.

Tools and configuration used internally by Card Services staff for administrative or maintenance actions on a system may be installed and updated outside of the change management process provided that those tools are only used interactively by Card Services staff and not part of any automated or continuous management or monitoring of the system, or are unrelated to any services running on the system and not intended for use by clients, only by Card Services staff.

Periodically, Card Services will update software on the system, usually as part of a new minor release of the operating system.  These changes will be coordinate with the clients via change management.

Security

Security policy is put forth by the University. The Card Services team will adhere to all security policies documented in the Stanford Administrative Guide. Please refer to the following link for any specific security policies related to systems administration:

https://security.stanford.edu

University IT also performs regular network security system scans.  Any high-risk security vulnerability discovered by this (or other) process will be addressed as soon as possible and managed via Urgent or Emergency Change Management Request. Security warnings will also be addressed via Urgent Change Management Requests.

Monitoring and Alerting

The health of the servers, software, and devices is monitored by University IT tools and alerts.

Based on the standard configuration setup, clients will not receive system-level alerts. System-level alerts are routed directly to systems administrators and/or the IT Operations Center so that appropriate action can be taken. Based on the type and severity of the alert, time of day, and the potential impact to end-users, the client-designated technical contact may be called.  It is the responsibility of the client to ensure contact information is kept current for notification purposes. Requests for special processes or procedures in response to alerts will be considered as a modular service.

Monitoring may be temporarily suspended during maintenance activities or to eliminate false positive alerts.  Clients must provide notification to University IT of any planned maintenance activity so that monitoring can be temporarily disabled if needed.  

Documentation

Detailed configuration information about each device is maintained within the software.

Training documentation for those who need a refresher is available at https://uit.stanford.edu/service/idcardservices/lenel and will provide instructions on local administrator functions.  

Responsibility Matrix

The Responsibility Matrix indicates whether University IT or the client is ultimately responsible for performing the listed task. In instances where there are check marks (✓) in both columns, both the client and University IT must coordinate their efforts to ensure the successful completion of the task. It is not the intent of any Responsibility Matrix to absolutely define every process, function or task performed as a contracted function.

SERVICE NAME CLIENT University IT
Keep client contact information current  
Keep systems administrator contact information current  
Approve all hardware and software  
Approve all local hardware  
Resolve or coordinate with vendors to resolve hardware problems  
Propose hardware and software configuration and installation standards