Maine State Government
Dept. of Administrative & Financial
Office of Information Technology
OIT Office Complex Building Access
Procedures and Standards of Operation
It is the responsibility of the OIT
Security Officer to provide a secure and stable physical environment.
The purpose of this document is
to clarify and delineate the process by which employees, contractors, vendors,
and other individuals are authorized for access, and the conditions for
controlling that authorized access.
These procedures apply to access
to any OIT Office Complex. These procedures and standards must be adhered to by
any and all persons who may have occasion to enter complex for any reason.
- OIT Office Complex Visitors: Visitors are responsible for complying
with these procedures and standards.
- Supervisory Personnel: Managers and Supervisors are responsible
for enforcing compliance by complex visitors, employees, and contracted
staff under their supervisory control.
- OIT Office Complex Staff: Staff and management are responsible for
implementing, monitoring, enforcing, and complying with these procedures
- Security: OIT
Office Complex Security Officers (contract security staff) are responsible
for enabling and disabling access levels as detailed in these procedures
or otherwise authorized by OIT Office Complex staff.
Office Complex is a controlled access building. The information, forms, and material handled
at this facility are of the most sensitive and confidential nature.
Therefore, it is necessary to limit building access to those people who have a
business reason to be there, or who are visiting a specific employee at the
Entry to the
building must be recorded. There must be a record maintained of
persons who enter the building. This recording may be accomplished
through the use of a card access control system, a sign in log, video
monitoring system, or other mechanism. No one will be admitted to any
access controlled area of the building unless they use an authorized access
control card, or sign a log and present identification credentials.
responsible for all persons who visit them whether for business or personal
reasons. Employees must provide an
appropriate level of supervision of visitors so that security requirements are
maintained. While it is not necessary for an employee to accompany a
visitor continuously, the employee must ensure the visitor does not
inadvertently compromise security or disrupt essential services. For
example, it is not necessary to accompany a visitor to the rest room, but the
visitor must be supervised while in the computer room, and escorted to and from
the building exit.
in the building must prove identity, whether they are a building employee,
contracted employee, or visitor. Building employees and resident
contractors will be issued a photo identification badge after an access request
procedure is followed. Visitors and occasional contractors will be issued
a temporary badge identifying them as a visitor or contractor after
presentation of proof of identity. Because employees, contractors, and
authorized visitors are identified, it will be easy to spot an unauthorized
individual in the building. Persons who are unable to present proof of
identity must be considered a security risk, and must not be allowed in high
areas of the building that require a higher level of security. Access
authorization for these areas (such as computer rooms, Telco closets, test lab,
etc.) is granted by the area supervisors, and administered by building security
employee has a responsibility to help ensure the security and safety of their
fellow workers, and the building. Although
we have a security officer on duty 24 hours a day, and an access control system
to prevent unauthorized access, every employee must take responsibility to
ensure building security as well. Employees must not compromise building
security by propping doors open or holding a door open to let someone in the
building. Taking such actions lessens building security and increases the
risk to every employee. Employees should feel empowered to challenge
anyone in the building who is not wearing an identification badge to present
their badge. Individuals who are unable to produce a badge must be
immediately escorted to the security office to be authorized. Employees
must also report to the security office any security irregularities such as
doors left open.
Access Control System.
1. Access to an OIT Office Complex is
controlled through the use of a card access system. This is a proximity
card access system in which the access card is held in close proximity (about
2”) to the reader. All access attempts, whether successful or failed are
recorded and stored by the access control system. The system is managed
by the Bureau of General Services, Building Control Division.
Access Identification Badges – General
1. All persons in access controlled
areas must wear and display a valid ID badge issued in accordance with this
2. Areas not considered access control
areas are those not secured by either a card access reader or keyed lock.
3. Employees must immediately escort
persons found in access controlled areas without proper identification to the
security office, or at a minimum, immediately notify the security office of
such persons if they refuse to be escorted to the security office.
Personal access badge layout.
1. Badge layout – general
- The cardholder photo is in the upper left corner of
- The State of Maine
seal is in the upper right corner of the badge on a white background.
- The space directly below the State Seal is the
control group identifier. The background color and lettering color
for OIT is purple or blue with yellow lettering, and the control group
identifier is the letters “OIT.”
- The space in the center of the badge immediately
below the picture and agency identifier is the access control area.
Employee badges will have the words “Department of Administrative and
Financial Services” in this space. Contractors
and Interns will have a green bar with the word “contractor” or “intern”
in red letters at the bottom of this space.
- The area immediately below the access control area is
for the card holder name. The lettering and background are of the
base color for the agency.
Wearing and Care of Identification Badges.
1. All employees, contractors, and
visitors must wear their identification badge at all times while in access
2. Badges must be worn by means of a
clip attached directly to the clothing, a neck lanyard, or similar device.
3. Badges must be worn on the front of
the body in the area above the waist and nearer the midline than toward the
4. Badges must not be worn so as to be
hidden in a pocket, worn under an article of clothing such as a sweater,
jacket, tie, etc., or worn so that the picture is otherwise not visible, such
as wearing the badge reversed, or under another badge.
5. Individuals must not alter their
identification badge by obscuring any portion of the badge, drawing on the
badge, affixing stickers to the badge, or otherwise defacing the badge in any
way. Access badges which are altered will be disabled and confiscated by
Mandatory use of access badges at all doors.
1. Access badge holders must record
their entry to any access controlled area by using their assigned access
control badge. Badge holders must use their badge on every entry,
regardless of whether the entry door is locked, unlocked, open, or closed.
2. Access badge holders must not use
their access badge to grant another person access to any access controlled area
unless they are directly escorting that person.
3. Access badge holders must not give
their access badge to another person for the purpose of granting that person
4. Employees and others must not
facilitate the entry of another person to any access controlled area by holding
the door open unless they are the escort for that person. Anyone
authorized to enter an access controlled area will have either a valid access
badge or be accompanied by their escort.
5. Access badge holders must not
follow another person through an opened access control door without using their
own access badge. This practice is often referred to as “drafting” or
“tailgating” and is prohibited.
Requesting Access to OIT Office Complex.
1. A standard access request form must
be filled out, approved, and delivered to the Building Security Administrator,
in accordance with approved procedures when requesting access to OIT areas.
2. The current form and instructions
are available online at Access
3. Requests for new access or changes
to access must be made by use of the form only.
Other requests that do not require a change of access such as requests
for replacement badges or new photo overlays may be made by an email request to
Lost, stolen, misplaced, and damaged Access Badges.
1. Lost, stolen, or misplaced badges
must be reported to the security office as soon as the loss is discovered, so
that the card may be deactivated from the access control system. Failure
to notify the security office in a timely manner could result in a breach of
building security through the use of the misplaced badge.
2. The security office will produce a
monthly management report detailing all cards which are replaced, the
cardholder name, and the reason for replacement.
Temporary access badges issued for Resident Employee
lost or misplaced badges.
1. Resident Employees who arrive for
work without their personal access badge, must sign in and out at the Security
Office upon entering or leaving the building complex.
2. Resident Employees will be issued a
temporary access badge for the day. This temporary badge will grant
access to the doors nearest the reception desk windows.
3. When a temporary badge is issued
due to loss or theft, the Resident Employee’s personal badge is disabled.
4. Temporary badges are issued for a 1
day period, and access for these badges will expire at 5PM of the day issued.
5. Temporary badges must be returned
to the security office before leaving the building at the end of the workday.
Temporary access badges issued for Non-Resident
Employee lost or misplaced badges.
1. Non-Resident Employees who arrive
for work without their personal access badge will be handled in accordance with
the rules for OIT business visitors.
Contractor and Intern access.
1. Resident Contractors and Interns
a. Resident Contractors and Interns will
be given an access badge identifying them as a Contractor or Intern.
b. This badge will be retained by the
Resident Contractor or Intern and handled as an employee badge.
c. Temporary Resident Contractor or
Intern access badges may be issued in accordance with the procedure outlined
for resident employees under section H.
d. Resident Contractor or Intern badges
will be the same as the basic agency layout for the agency they are contracted or
interned to, but will have a green bar with the word “Contractor” or “Intern” in
red letters at the bottom of the access control area.
2. Non-resident contractors
a. Non-resident contractors will be
pre-authorized within the access control system, but will not be issued a personal
b. Non-resident contractors will be
required to sign-in. They will be given a temporary contractor badge, and
access will be enabled for the day based on their pre-authorized access level.
c. Non-resident contractors who have
not been pre-authorized in the access control system will be given an ID only
badge. They must be accompanied at all times while in the building.
d. The contractor must return the
access badge to Security and sign-out when leaving the building.
Building visitors – General Policies.
1. All visitors must enter the
premises through the 1st floor main entrance only.
2. Visitors will be required to sign a
log form indicating their name, whom they represent, person to be visited, date
and time in and out, and form of ID presented.
3. All visitors must present a current
picture ID when signing in. The photo ID must have a validity date,
photo, and signature. Acceptable IDs and form of ID are:
b. Valid Motor Vehicle Operator’s
c. State personal identification card
d. State of Maine photo ID access
e. Federal or other governmental ID
f. A company photo ID
g. Any other photo ID showing the
face, ID expiration date, signature, and issuing agent information such as
4. The Security Officer on duty will
note the form of the photo ID presented in the space provided on the sign in
5. Visitors who are unable to present
a current photo ID, or refuse to present a photo ID, must not be permitted
access to high security OIT areas.
6. Visitors must sign out when leaving
7. Temporary ID badges will be issued
to visitors who will be visiting access control areas. Temporary ID
badges are not required for visitors to non-access control areas.
8. Temporary badges must be turned in
to the security office when signing out.
9. It is not necessary to sign out if
leaving the building temporarily to have a smoke break, take a brief walk, get
something out of the car, etc.
10. It is necessary to sign out if
leaving the building complex for an extended period such as attending a meeting
at another location, going out for lunch, etc.
11. Employees who admit visitors to
the building without ensuring they are properly signed in will be deemed in
violation of this access policy.
OIT Business Visitors
1. OIT business visitors who present a
valid photo ID, and have a scheduled appointment with an OIT employee, will be
given a badge indicating “OIT Visitor” These visitors must however still be
accompanied while in OIT high security areas. The badge color is red.
2. OIT business visitors who do not
have a scheduled appointment with an OIT employee, who have an appointment with
a contractor only, must not be permitted access to any high security OIT area
regardless of identification presented, and must be accompanied at all times
while in other parts of the building. Such visitors will be given a badge
indicating “OIT Visitor – must be escorted.” The badge is red with black
lettering on it.
3. OIT business visitors who are
unable to present a current photo ID or refuse to present a photo ID, must not
be permitted access to OIT high security areas, and must be accompanied at all
times while in the building. These visitors will be given a badge
indicating “OIT Visitor – must be escorted.” The badge is red with black
lettering on it.
4. The Security Officer on duty will
call the person to be visited. If the person to be visited is not
available, the Security Officer on duty will contact the OIT administrative
staff to let them know the visitor has arrived. OIT staff will find the
person to be visited, find an alternate, or escort the visitor themselves.
5. The person to be visited or OIT
administrative staff member must notify the security officer on duty when they
take charge of the visitor in the lobby and if the visitor will need access to
the OIT office area.
6. OIT business visitors may not visit
Maine Revenue Service (MRS) areas unless escorted by someone authorized to be
in those areas.
7. Visitors must sign out and return
the temporary badge to the security office upon leaving the building.
OIT Personal Visitors
1. OIT personal visitors such as
family, friends, etc. must sign in with the Security Officer.
2. Personal visitors will be issued
“OIT Visitor – must be escorted” visitor badges regardless of ID
3. All personal visitors must be
supervised and escorted at all times while in the building.
4. Personal visitors are not allowed
access to Maine Revenue Service (MRS) areas at any time.
5. Personal visitors must sign out and
return the temporary badge upon leaving the building
Card holder termination procedures
1. Supervisors must collect the access
badge from any terminating employee under their supervision, and return it to
the security office for destruction.
2. Supervisors must, at a minimum,
notify the security office of employee termination immediately upon termination,
or of the expected date and time of termination whether the access badge is
collected or not.
3. Supervisors must notify the
security office to disable access for an employee expected to be out for an
extended period such as maternity leave, extended illness, sabbatical, or any
other extended period when the employee is not expected to report for work.
4. Contract and Intern administrators
must collect access badges from all contracted or Intern employees when they
have finished their work.
5. Contract and Intern administrators
must collect access badges from contracted or Intern employees if they leave
the contracted project, even if they are expected to return at a future date.
6. Contract and Intern administrators
must immediately inform security if a contracted employee or Intern is leaving
for any reason including a scheduled vacation or other interruption of work
where the Contractor or Intern is not expected for some period of time.
7. Employees and Contractors or
Interns are not permitted to retain any access badge, access badge overlay, or
other form of photo identification issued under this policy after termination.
Use of emergency exits restricted to emergency events
1. Employees must not use emergency
a. During an actual event when emergency
alarms are activated.
b. During a fire or evacuation drill
when emergency alarms are activated.
2. Security personnel and building
management personnel may use the emergency exits in the performance of their
assigned job duties such as performing periodic checks to ensure the door will
open, and to see that the door is locked.
1. Any employee who notes a violation
of this policy must report the violation to the security officer on duty or
appropriate management level personnel as soon as possible.
2. Security will record information
regarding the violation and forward the report to the appropriate management
3. Management will contact the
violator and apply disciplinary action as appropriate.
1. Persons attending special events
open to the public may be subject to discretionary rules administered by the
2. The Security Manager must approve
each event as qualifying under this section. Examples of special events
are Blood Drives, Employee Recognition events, and Retirement parties.
3. The Security Manager may, at his
discretion, suspend any or all of the following rules for event participants
during these events:
- Visitor sign in
- Photo ID
- Visitor badge
Access Controlled Area:
Any area of the building which is secured by an access controlled door
or key locked door.
Building Complex: The building and parking lot
Business Visitor: A visitor to the facility who
is here to meet with an employee for the purpose of conducting business such as
attending a business related meeting or performing work.
Card Holder: Any individual who has been issued a
personal access badge. A Card Holder may be an Employee, Contractor, or
Normal Business Hours: Normal
business hours for the building are 6:00 a.m. to 6:00 p.m. (06:00 to 18:00)
Monday through Friday, exclusive of scheduled state holidays and other shutdown
Non-resident Contractor: Someone under contract to OIT,
the building owner, or other State of Maine agency who has some need to access
the facility but does not have a permanent assigned workspace at the
facility. This includes contractors who are on-site at the facility for
less than 11 consecutive working days.
Non-resident Employee: Any State of Maine employee who
has frequent or occasional need to access OIT Office Complex facilities but
whose primary work location is not the OIT Office Complex facility.
Off Hours: Any time other than the above defined
normal business hours.
OIT high security areas: These areas require
special authorization for access. Visitors must be accompanied at all
times while in these areas. Visitors who do not present valid photo ID
must not be allowed any access to these areas.
OIT Office Complex: Currently the 51 Commerce Drive
facility and the 45 Commerce Drive facility.
Personal Access Badge, Personal Badge: An access
control badge issued to an individual for their exclusive use to enter the
facility and any authorized access controlled areas of the building.
Personal Visitor: A visitor to the building who
is here visiting an individual or the building for a social purpose, such as
having lunch, visiting a relative, attending a party, giving blood, etc.
Policy, access policy, access control policy: This
document, “OIT Office Complex Building Access Procedures and Standards of
Operation” may also be referred to as the policy, the access policy, or the
access control policy.
Resident Contractor or Intern: A person
contracted to perform work for OIT who is provided with a workspace at an OIT
Office Complex. Resident Contractors or Interns maintain a work schedule
and work habits that are similar to those of employees.
Resident Employee: Any State of Maine employee
whose primary work location is an OIT Office Complex building.
Visitor: Any other person who is not an Employee,
Contractor or Intern as defined above.
OIT Access request form: http://inet.state.me.us/OIT/EForms/Net/AccessRequest/Default.aspx
On-Call Duty Roster http://csn.state.me.us/login.php (You
must log in with your AD credentials to access this information).
Adoption Date: November 18, 2009
Effective Date: November 25,
Last Update Date: August 15,
Next Review Date: August 15,
Point of Contact: Derek Mullens, Sr. Information System Support
Specialist, Office of Information Technology, 207-624-8803.
By: James R. Smith, Chief Information
Officer, Office of Information Technology,
Position Title(s) or Agency
Responsible for Enforcement: Dan Durgin,
Enterprise Security Officer, Office of Information Technology, 207-624-9811.
Legal Citation: 5 M.R.S.A. Chapter 163 Section 1973
paragraphs (1)B and (1)D, which read in part, “The Chief Information Officer
shall:” “Set policies and standards for the implementation and use of
information and telecommunications technologies…” and “Identify and implement
information technology best business practices and project management.”
Waiver Process: See the Waiver Policy.