Skip Maine state header navigation

Agencies | Online Services | Help

maine 

Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

 

 

OIT Office Complex Building Access

Procedures and Standards of Operation

 

I. Statement

It is the responsibility of the OIT Security Officer to provide a secure and stable physical environment.

 

II. Purpose

The purpose of this document is to clarify and delineate the process by which employees, contractors, vendors, and other individuals are authorized for access, and the conditions for controlling that authorized access.

 

III. Applicability

These procedures apply to access to any OIT Office Complex. These procedures and standards must be adhered to by any and all persons who may have occasion to enter complex for any reason.

 

IV. Responsibilities

  • OIT Office Complex Visitors:  Visitors are responsible for complying with these procedures and standards.
  • Supervisory Personnel:  Managers and Supervisors are responsible for enforcing compliance by complex visitors, employees, and contracted staff under their supervisory control.
  • OIT Office Complex Staff:  Staff and management are responsible for implementing, monitoring, enforcing, and complying with these procedures and standards.
  • Security:  OIT Office Complex Security Officers (contract security staff) are responsible for enabling and disabling access levels as detailed in these procedures or otherwise authorized by OIT Office Complex staff.

 

V. Directives

A.  Any OIT Office Complex is a controlled access building.  The information, forms, and material handled at this facility are of the most sensitive and confidential nature.  Therefore, it is necessary to limit building access to those people who have a business reason to be there, or who are visiting a specific employee at the facility.

B.  Entry to the building must be recorded.  There must be a record maintained of persons who enter the building.  This recording may be accomplished through the use of a card access control system, a sign in log, video monitoring system, or other mechanism.  No one will be admitted to any access controlled area of the building unless they use an authorized access control card, or sign a log and present identification credentials.

C.  Employees are responsible for all persons who visit them whether for business or personal reasons.  Employees must provide an appropriate level of supervision of visitors so that security requirements are maintained.  While it is not necessary for an employee to accompany a visitor continuously, the employee must ensure the visitor does not inadvertently compromise security or disrupt essential services.  For example, it is not necessary to accompany a visitor to the rest room, but the visitor must be supervised while in the computer room, and escorted to and from the building exit.

D.  All persons in the building must prove identity, whether they are a building employee, contracted employee, or visitor.  Building employees and resident contractors will be issued a photo identification badge after an access request procedure is followed.  Visitors and occasional contractors will be issued a temporary badge identifying them as a visitor or contractor after presentation of proof of identity.  Because employees, contractors, and authorized visitors are identified, it will be easy to spot an unauthorized individual in the building.  Persons who are unable to present proof of identity must be considered a security risk, and must not be allowed in high security areas.

E.  There are areas of the building that require a higher level of security.  Access authorization for these areas (such as computer rooms, Telco closets, test lab, etc.) is granted by the area supervisors, and administered by building security staff. 

F.  Every employee has a responsibility to help ensure the security and safety of their fellow workers, and the building.  Although we have a security officer on duty 24 hours a day, and an access control system to prevent unauthorized access, every employee must take responsibility to ensure building security as well. Employees must not compromise building security by propping doors open or holding a door open to let someone in the building.  Taking such actions lessens building security and increases the risk to every employee.  Employees should feel empowered to challenge anyone in the building who is not wearing an identification badge to present their badge.  Individuals who are unable to produce a badge must be immediately escorted to the security office to be authorized.  Employees must also report to the security office any security irregularities such as doors left open.

VI. Procedures

A. Access Control System.

1. Access to an OIT Office Complex is controlled through the use of a card access system.  This is a proximity card access system in which the access card is held in close proximity (about 2”) to the reader.  All access attempts, whether successful or failed are recorded and stored by the access control system.  The system is managed by the Bureau of General Services, Building Control Division.

B. Access Identification Badges – General

1. All persons in access controlled areas must wear and display a valid ID badge issued in accordance with this policy.

2. Areas not considered access control areas are those not secured by either a card access reader or keyed lock. 

3. Employees must immediately escort persons found in access controlled areas without proper identification to the security office, or at a minimum, immediately notify the security office of such persons if they refuse to be escorted to the security office.

C. Personal access badge layout.

1. Badge layout – general

  • The cardholder photo is in the upper left corner of the badge.
  • The State of Maine seal is in the upper right corner of the badge on a white background.
  • The space directly below the State Seal is the control group identifier.  The background color and lettering color for OIT is purple or blue with yellow lettering, and the control group identifier is the letters “OIT.”
  • The space in the center of the badge immediately below the picture and agency identifier is the access control area.  Employee badges will have the words “Department of Administrative and Financial Services” in this space.  Contractors and Interns will have a green bar with the word “contractor” or “intern” in red letters at the bottom of this space.
  • The area immediately below the access control area is for the card holder name.  The lettering and background are of the base color for the agency.

D. Wearing and Care of Identification Badges.

1. All employees, contractors, and visitors must wear their identification badge at all times while in access controlled areas.

2. Badges must be worn by means of a clip attached directly to the clothing, a neck lanyard, or similar device.

3. Badges must be worn on the front of the body in the area above the waist and nearer the midline than toward the sides.

4. Badges must not be worn so as to be hidden in a pocket, worn under an article of clothing such as a sweater, jacket, tie, etc., or worn so that the picture is otherwise not visible, such as wearing the badge reversed, or under another badge.

5. Individuals must not alter their identification badge by obscuring any portion of the badge, drawing on the badge, affixing stickers to the badge, or otherwise defacing the badge in any way.  Access badges which are altered will be disabled and confiscated by Security staff. 

E. Mandatory use of access badges at all doors.

1. Access badge holders must record their entry to any access controlled area by using their assigned access control badge.  Badge holders must use their badge on every entry, regardless of whether the entry door is locked, unlocked, open, or closed.

2. Access badge holders must not use their access badge to grant another person access to any access controlled area unless they are directly escorting that person.

3. Access badge holders must not give their access badge to another person for the purpose of granting that person access.

4. Employees and others must not facilitate the entry of another person to any access controlled area by holding the door open unless they are the escort for that person.  Anyone authorized to enter an access controlled area will have either a valid access badge or be accompanied by their escort.

5. Access badge holders must not follow another person through an opened access control door without using their own access badge.  This practice is often referred to as “drafting” or “tailgating” and is prohibited.

F. Requesting Access to OIT Office Complex.

1. A standard access request form must be filled out, approved, and delivered to the Building Security Administrator, in accordance with approved procedures when requesting access to OIT areas.

2. The current form and instructions are available online at Access Request Form[1].

3. Requests for new access or changes to access must be made by use of the form only.  Other requests that do not require a change of access such as requests for replacement badges or new photo overlays may be made by an email request to OIT-Building-Access@maine.gov.  

G. Lost, stolen, misplaced, and damaged Access Badges.

1. Lost, stolen, or misplaced badges must be reported to the security office as soon as the loss is discovered, so that the card may be deactivated from the access control system.  Failure to notify the security office in a timely manner could result in a breach of building security through the use of the misplaced badge.

2. The security office will produce a monthly management report detailing all cards which are replaced, the cardholder name, and the reason for replacement.

H. Temporary access badges issued for Resident Employee lost or misplaced badges.

1. Resident Employees who arrive for work without their personal access badge, must sign in and out at the Security Office upon entering or leaving the building complex.

2. Resident Employees will be issued a temporary access badge for the day.  This temporary badge will grant access to the doors nearest the reception desk windows.

3. When a temporary badge is issued due to loss or theft, the Resident Employee’s personal badge is disabled.

4. Temporary badges are issued for a 1 day period, and access for these badges will expire at 5PM of the day issued.

5. Temporary badges must be returned to the security office before leaving the building at the end of the workday.

I. Temporary access badges issued for Non-Resident Employee lost or misplaced badges.

1. Non-Resident Employees who arrive for work without their personal access badge will be handled in accordance with the rules for OIT business visitors.

J. Contractor and Intern access.

1. Resident Contractors and Interns

a. Resident Contractors and Interns will be given an access badge identifying them as a Contractor or Intern.
b. This badge will be retained by the Resident Contractor or Intern and handled as an employee badge.
c. Temporary Resident Contractor or Intern access badges may be issued in accordance with the procedure outlined for resident employees under section H.
d. Resident Contractor or Intern badges will be the same as the basic agency layout for the agency they are contracted or interned to, but will have a green bar with the word “Contractor” or “Intern” in red letters at the bottom of the access control area.

2. Non-resident contractors

a. Non-resident contractors will be pre-authorized within the access control system, but will not be issued a personal access badge.
b. Non-resident contractors will be required to sign-in.  They will be given a temporary contractor badge, and access will be enabled for the day based on their pre-authorized access level.
c. Non-resident contractors who have not been pre-authorized in the access control system will be given an ID only badge.  They must be accompanied at all times while in the building.
d. The contractor must return the access badge to Security and sign-out when leaving the building.

K. Building visitors – General Policies.

1. All visitors must enter the premises through the 1st floor main entrance only. 

2. Visitors will be required to sign a log form indicating their name, whom they represent, person to be visited, date and time in and out, and form of ID presented.

3. All visitors must present a current picture ID when signing in.  The photo ID must have a validity date, photo, and signature.  Acceptable IDs and form of ID are:

a. Passport
b. Valid Motor Vehicle Operator’s License
c. State personal identification card
d. State of Maine photo ID access badge
e. Federal or other governmental ID
f. A company photo ID
g. Any other photo ID showing the face, ID expiration date, signature, and issuing agent information such as organization name

4. The Security Officer on duty will note the form of the photo ID presented in the space provided on the sign in log.

5. Visitors who are unable to present a current photo ID, or refuse to present a photo ID, must not be permitted access to high security OIT areas.

6. Visitors must sign out when leaving the building.

7. Temporary ID badges will be issued to visitors who will be visiting access control areas.  Temporary ID badges are not required for visitors to non-access control areas.

8. Temporary badges must be turned in to the security office when signing out.

9. It is not necessary to sign out if leaving the building temporarily to have a smoke break, take a brief walk, get something out of the car, etc. 

10. It is necessary to sign out if leaving the building complex for an extended period such as attending a meeting at another location, going out for lunch, etc.

11. Employees who admit visitors to the building without ensuring they are properly signed in will be deemed in violation of this access policy.

L. OIT Business Visitors

1. OIT business visitors who present a valid photo ID, and have a scheduled appointment with an OIT employee, will be given a badge indicating “OIT Visitor” These visitors must however still be accompanied while in OIT high security areas.  The badge color is red. 

2. OIT business visitors who do not have a scheduled appointment with an OIT employee, who have an appointment with a contractor only, must not be permitted access to any high security OIT area regardless of identification presented, and must be accompanied at all times while in other parts of the building.  Such visitors will be given a badge indicating “OIT Visitor – must be escorted.”  The badge is red with black lettering on it.

3. OIT business visitors who are unable to present a current photo ID or refuse to present a photo ID, must not be permitted access to OIT high security areas, and must be accompanied at all times while in the building.  These visitors will be given a badge indicating “OIT Visitor – must be escorted.”  The badge is red with black lettering on it.

4. The Security Officer on duty will call the person to be visited.  If the person to be visited is not available, the Security Officer on duty will contact the OIT administrative staff to let them know the visitor has arrived.  OIT staff will find the person to be visited, find an alternate, or escort the visitor themselves.

5. The person to be visited or OIT administrative staff member must notify the security officer on duty when they take charge of the visitor in the lobby and if the visitor will need access to the OIT office area. 

6. OIT business visitors may not visit Maine Revenue Service (MRS) areas unless escorted by someone authorized to be in those areas.

7. Visitors must sign out and return the temporary badge to the security office upon leaving the building.

M. OIT Personal Visitors

1. OIT personal visitors such as family, friends, etc. must sign in with the Security Officer.

2. Personal visitors will be issued “OIT Visitor – must be escorted” visitor badges regardless of ID presented. 

3. All personal visitors must be supervised and escorted at all times while in the building.

4. Personal visitors are not allowed access to Maine Revenue Service (MRS)  areas at any time.

5. Personal visitors must sign out and return the temporary badge upon leaving the building

N. Card holder termination procedures

1. Supervisors must collect the access badge from any terminating employee under their supervision, and return it to the security office for destruction.

2. Supervisors must, at a minimum, notify the security office of employee termination immediately upon termination, or of the expected date and time of termination whether the access badge is collected or not.

3. Supervisors must notify the security office to disable access for an employee expected to be out for an extended period such as maternity leave, extended illness, sabbatical, or any other extended period when the employee is not expected to report for work.

4. Contract and Intern administrators must collect access badges from all contracted or Intern employees when they have finished their work.

5. Contract and Intern administrators must collect access badges from contracted or Intern employees if they leave the contracted project, even if they are expected to return at a future date.

6. Contract and Intern administrators must immediately inform security if a contracted employee or Intern is leaving for any reason including a scheduled vacation or other interruption of work where the Contractor or Intern is not expected for some period of time.

7. Employees and Contractors or Interns are not permitted to retain any access badge, access badge overlay, or other form of photo identification issued under this policy after termination.

O. Use of emergency exits restricted to emergency events only

1. Employees must not use emergency exits except:

a. During an actual event when emergency alarms are activated.
b. During a fire or evacuation drill when emergency alarms are activated.

2. Security personnel and building management personnel may use the emergency exits in the performance of their assigned job duties such as performing periodic checks to ensure the door will open, and to see that the door is locked.

P. Policy violations.

1. Any employee who notes a violation of this policy must report the violation to the security officer on duty or appropriate management level personnel as soon as possible.

2. Security will record information regarding the violation and forward the report to the appropriate management personnel. 

3. Management will contact the violator and apply disciplinary action as appropriate.

Q. Special Events

1. Persons attending special events open to the public may be subject to discretionary rules administered by the Security Manager. 

2. The Security Manager must approve each event as qualifying under this section.  Examples of special events are Blood Drives, Employee Recognition events, and Retirement parties.

3. The Security Manager may, at his discretion, suspend any or all of the following rules for event participants during these events:

  • Visitor sign in
  • Photo ID
  • Visitor badge

 

 

VII. Definitions

A. Access Controlled Area:  Any area of the building which is secured by an access controlled door or key locked door. 

B. Building Complex:  The building and parking lot area.

C. Business Visitor:  A visitor to the facility who is here to meet with an employee for the purpose of conducting business such as attending a business related meeting or performing work.

D. Card Holder:  Any individual who has been issued a personal access badge.  A Card Holder may be an Employee, Contractor, or Intern.

E. Normal Business Hours:  Normal business hours for the building are 6:00 a.m. to 6:00 p.m. (06:00 to 18:00) Monday through Friday, exclusive of scheduled state holidays and other shutdown days.

F. Non-resident Contractor: Someone under contract to OIT, the building owner, or other State of Maine agency who has some need to access the facility but does not have a permanent assigned workspace at the facility.  This includes contractors who are on-site at the facility for less than 11 consecutive working days.

G. Non-resident Employee: Any State of Maine employee who has frequent or occasional need to access OIT Office Complex facilities but whose primary work location is not the OIT Office Complex facility. 

H. Off Hours:  Any time other than the above defined normal business hours.

I. OIT high security areas:  These areas require special authorization for access.  Visitors must be accompanied at all times while in these areas.  Visitors who do not present valid photo ID must not be allowed any access to these areas.

J. OIT Office Complex: Currently the 51 Commerce Drive facility and the 45 Commerce Drive facility.

K. Personal Access Badge, Personal Badge:  An access control badge issued to an individual for their exclusive use to enter the facility and any authorized access controlled areas of the building.

L. Personal Visitor:  A visitor to the building who is here visiting an individual or the building for a social purpose, such as having lunch, visiting a relative, attending a party, giving blood, etc.

M. Policy, access policy, access control policy:  This document, “OIT Office Complex Building Access Procedures and Standards of Operation” may also be referred to as the policy, the access policy, or the access control policy.

N. Resident Contractor or Intern:  A person contracted to perform work for OIT who is provided with a workspace at an OIT Office Complex.  Resident Contractors or Interns maintain a work schedule and work habits that are similar to those of employees.

O. Resident Employee:  Any State of Maine employee whose primary work location is an OIT Office Complex building.

P. Visitor:  Any other person who is not an Employee, Contractor or Intern as defined above.

 

VIII. References

 

1.      OIT Access request form: http://inet.state.me.us/OIT/EForms/Net/AccessRequest/Default.aspx

2.      On-Call Duty Roster http://csn.state.me.us/login.php (You must log in with your AD credentials to access this information).

 

 

IX. Document Information

 

Adoption Date: November 18, 2009

Effective Date: November 25, 2009

Last Update Date: August 15, 2013

Next Review Date: August 15, 2014

 

Point of Contact:  Derek Mullens, Sr. Information System Support Specialist, Office of Information Technology, 207-624-8803.

 

Approved By:  James R. Smith, Chief Information Officer, Office of Information Technology, 207-624-8800.

 

Position Title(s) or Agency Responsible for Enforcement:  Dan Durgin, Enterprise Security Officer, Office of Information Technology, 207-624-9811.

 

Legal Citation:  5 M.R.S.A. Chapter 163 Section 1973 paragraphs (1)B and (1)D, which read in part, “The Chief Information Officer shall:” “Set policies and standards for the implementation and use of information and telecommunications technologies…” and “Identify and implement information technology best business practices and project management.”

 

Waiver Process: See the Waiver Policy[2].

 



[2] http://maine.gov/oit/policies/waiver.htm