Maine State Government
Dept. of Administrative &
Office of Information Technology
Edison Drive Office Complex Building Access Procedures and
Standards of Operation
It is the responsibility of the Security section of Core Technologies
Services (CTS) to provide a secure and stable physical environment. .
The purpose of this document is to clarify and delineate the
process by which employees, contractors, vendors, and other individuals are
authorized for access, and the conditions for controlling that authorized
A. The Edison Drive Complex is a controlled access building. The
information, forms, and material handled at this facility are of the most
sensitive and confidential nature. Therefore, it is necessary to limit
building access to those people who have a business reason to be there, or who
are visiting a specific employee at the facility.
B. Entry to the building must be recorded. There must be a
record maintained of persons who enter the building. This recording may
be accomplished through the use of a card access control system, a sign in log,
video monitoring system, or other mechanism. No one will be admitted to
any access controlled area of the building unless they use an authorized access
control card, or sign a log and present identification credentials.
C. Employees are responsible for all persons who visit them whether for
business or personal reasons. Employees must provide an appropriate level
of supervision of visitors so that security requirements are maintained.
While it is not necessary for an employee to accompany a visitor continuously,
the employee must ensure the visitor does not inadvertently compromise security
or disrupt essential services. For example, it is not necessary to
accompany a visitor to the rest room, but the visitor must be supervised while
in the computer room, and escorted to and from the building exit.
D. All persons in the building must prove identity, whether they are a
building employee, contracted employee, or visitor. Building
employees and resident contractors will be issued a photo identification badge
after an access request procedure is followed. Visitors and occasional
contractors will be issued a temporary badge identifying them as a visitor or
contractor after presentation of proof of identity. Because employees,
contractors, and authorized visitors are identified, it will be easy to spot an
unauthorized individual in the building. Persons who are unable to
present proof of identity must be considered a security risk, and must not be
allowed in high security areas.
E. There are areas of the building that require a higher level of
security. The OIT computer room, OIT telecommunications room, OIT
Shipping & Receiving, and OIT Server test lab are access controlled.
Access authorization for these areas is granted by the area supervisors, and
administered by building security staff.
F. Every employee has a responsibility to help ensure the security and
safety of their fellow workers, and the building. Although we have a
security officer on duty 24 hours a day, and an access control system to
prevent unauthorized access, every employee must take responsibility to ensure
building security as well. Employees must not compromise building security by propping
doors open “to get a breath of fresh air” or holding a door open to let someone
in the building. Taking such actions lessens building security and
increases the risk to every employee. Employees should feel empowered to
challenge anyone in the building who is not wearing an identification badge to
present their badge. Individuals who are unable to produce a badge must
be immediately escorted to the security office to be authorized.
Employees must also report to the security office any security irregularities
such as doors left open.
A. Access Control System.
1. Access to the Edison Drive Office Complex is controlled through the use
of a card access system. This is a proximity card access system in which
the access card is held in close proximity (about 2”) to the reader. All
access attempts, whether successful or failed are recorded and stored by the
access control system. The system is managed by the Bureau of General
Services, Building Control Division.
B. Access Identification Badges – General
1. All persons in access controlled areas of 51 Commerce Center Drive must wear and
display a valid ID badge issued in accordance with this policy.
2. Areas of 51 Commerce Center Drive that are not considered access control areas
are the lobby and all areas accessed from the lobby that are not secured by
either a card access reader or keyed lock. Specifically these areas are
the lobby, cafeteria, meeting rooms accessed from the lobby and cafeteria, four
small interview rooms accessed from the lobby, loading bays, and restrooms.
All other areas are access controlled areas.
3. Employees must immediately escort persons found in access controlled
areas without proper identification to the security office, or at a minimum,
immediately notify the security office of such persons if they refuse to be
escorted to the security office.
C. Personal access badge layout.
1. Badge layout – general
- The cardholder photo is in the upper left corner of the
- The State of Maine seal is in the upper right corner of
the badge on a white background.
- The space directly below the State Seal is the control
group identifier. The background color and lettering color for OIT
is purple with yellow lettering, and the control group identifier is the
- The space in the center of the badge immediately below the
picture and agency identifier is the access control area. Employee
badges will have the words “Department of Administrative and Financial
Services” in this space . Contractors will have a green bar with the
word “contractor” in red letters at the bottom of this space.
- The area immediately below the access control area is for
the card holder name. The lettering and background are of the base
color for the agency.
D. Wearing and Care of Identification Badges.
1. All employees, contractors, and visitors must wear their identification
badge at all times while in access controlled areas.
2. Badges must be worn by means of a clip attached directly to the
clothing, a neck lanyard, or similar device.
3. Badges must be worn on the front of the body in the area above the waist
and nearer the midline than toward the sides.
4. Badges must not be worn so as to be hidden in a pocket, worn under an
article of clothing such as a sweater, jacket, tie, etc., or worn so that the
picture is otherwise not visible, such as wearing the badge reversed, or under
5. Individuals must not alter their identification badge by obscuring any
portion of the badge, drawing on the badge, affixing stickers to the badge, or
otherwise defacing the badge in any way. Access badges which are altered
will be disabled and confiscated by Security staff.
E. Mandatory use of access badges at all doors.
1. Access badge holders must record their entry to any access controlled
area including the 1st and 2nd floor main entrances by using their assigned
access control badge. Badge holders must use their badge on every entry,
regardless of whether the entry door is locked, unlocked, open, or closed.
2. Access badge holders must not use their access badge to grant another
person access to any access controlled area including the 1st and 2nd floor
main entrances unless they are directly escorting that person.
3. Access badge holders must not give their access badge to another person
for the purpose of granting that person access.
4. Employees and others must not facilitate the entry of another person to
any access controlled area by holding the door open unless they are the escort
for that person. Anyone authorized to enter an access controlled area
will have either a valid access badge or be accompanied by their escort.
5. Access badge holders must not follow another person through an opened
access control door without using their own access badge. This practice
is often referred to as “drafting” or “tailgating” and is prohibited.
F. Requesting Access to OIT areas at 51 Commerce Center Drive
1. A standard access request form must be filled out, approved, and
delivered to the Security Office, in accordance with approved procedures when
requesting access to OIT areas at 51 Commerce Center Drive.
2. The current form and instructions are available online at: http://inet.state.me.us/bis/eforms/
(OIT Intranet page / Forms and E-Forms page). The OIT form (OIT
Access and Cancellation Request Form) is an online form that must be filled out
3. Requests for new access or changes to access must be made by use of the
form only. Other requests that do not require a change of access such as
requests for replacement badges or new photo overlays may be made by an email
request to EDOC Security.
G. Lost, stolen, misplaced, and damaged Access Badges.
1. Lost, stolen, or misplaced badges must be reported to the security
office as soon as the loss is discovered, so that the card may be deactivated
from the access control system. Failure to notify the security office in
a timely manner could result in a breach of building security through the use
of the misplaced badge.
2. The security office will produce a monthly management report detailing
all cards which are replaced, the cardholder name, and the reason for
H. Temporary access badges issued for Resident Employee lost or misplaced
1. Resident Employees who arrive for work without their personal access
badge, must sign in and out at the Security Office upon entering or leaving the
2. Resident Employees will be issued a temporary access badge for the
day. This temporary badge will grant access to all areas that the
Resident Employee’s badge is authorized for.
3. When a temporary badge is issued, the Resident Employee’s personal badge
4. Temporary badges are issued for a 1 day period, and access for these
badges will expire at midnight of the day issued.
5. Temporary badges must be returned to the security office before leaving
the building at the end of the workday.
I. Temporary access badges issued for Non-Resident Employee lost or
Employees who arrive for work without their personal access badge will be
handled in accordance with the rules for OIT business visitors (Item L below).
A. Contractor access.
1. Resident contractors
a. Resident contractors will be given an access badge identifying them as a
b. This badge will be retained by the resident contractor and handled as an
c. Temporary resident contractor access badges may be issued in accordance
with the procedure outlined for resident employees under section H.
d. Resident contractor badges will be the same as the basic agency layout
for the agency they are contracted to, but will have a green bar with the word
“Contractor” in red letters at the bottom of the access control area.
2. Non-resident contractors
a. Non-resident contractors will be pre-authorized within the access
control system, but will not be issued a personal access badge.
b. Non-resident contractors will be required to sign-in. They will be
given a temporary contractor badge, and access will be enabled for the day
based on their pre-authorized access level.
c. Non-resident contractors who have not been pre-authorized in the access
control system will be given an ID only badge. They must be accompanied
at all times while in the building.
d. The contractor must return the access badge to Security and sign-out
when leaving the building.
B. Building visitors – General Policies.
1. All visitors to EDOC areas must enter the premises through the 1st floor
main entrance only.
2. Visitors will be required to sign a log form indicating their name, whom
they represent, person to be visited, date and time in and out, and form of ID
3. All visitors must present a current picture ID when signing in.
The photo ID must have a validity date, photo, and signature. Acceptable
IDs and form of ID (Form) are:
a. Passport (P)
b. Valid Motor Vehicle Operator’s License (L)
c. State personal identification card. (I)
d. State of Maine photo ID access badge (M)
e. Federal or other governmental ID (G)
f. A company photo ID. (C)
g. Any other photo ID showing the face, ID expiration date, signature, and
issuing agent information such as organization name. (O)
4. The Security Officer on duty will note the form of the photo ID
presented in the space provided on the sign in log.
5. Visitors who are unable to present a current photo ID, or refuse to
present a photo ID, must not be permitted access to high security OIT areas.
6. Visitors must sign out when leaving the building.
7. Temporary ID badges will be issued to visitors who will be visiting
access control areas. Temporary ID badges are not required for visitors
to non-access control areas (Lobby, Cafeteria, and adjacent conference rooms).
8. Temporary badges must be turned in to the security office when signing
9. It is not necessary to sign out if leaving the building temporarily to
have a smoke break, take a brief walk, get something out of the car, etc.
10. It is necessary to sign out if leaving the building complex for an
extended period such as attending a meeting at another location, going out for
11. Employees who admit visitors to the building without ensuring they are
properly signed in will be deemed in violation of this access policy.
C. OIT Business Visitors
1. OIT business visitors who present a valid photo ID, and have a scheduled
appointment with an OIT employee, will be given a badge indicating “OIT
Visitor” These visitors must however still be accompanied while in OIT high
security areas. The badge color is blue. The badge is an access
control badge and may be enabled to permit access to the OIT lobby doors only.
2. OIT business visitors who do not have a scheduled appointment with an
OIT employee, who have an appointment with a contractor only, must not be
permitted access to any high security OIT area regardless of identification
presented, and must be accompanied at all times while in other parts of the
building. Such visitors will be given a badge indicating “OIT Visitor –
must be escorted.” The badge is blue with a red horizontal stripe on it.
3. OIT business visitors who are unable to present a current photo ID or
refuse to present a photo ID, must not be permitted access to OIT high security
areas, and must be accompanied at all times while in the building. These
visitors will be given a badge indicating “OIT Visitor – must be
escorted.” The badge is blue with a red horizontal stripe on it.
4. The Security Officer on duty will call the person to be visited.
If the person to be visited is not available, the Security Officer on duty will
contact the OIT administrative staff to let them know the visitor has
arrived. OIT staff will find the person to be visited, find an alternate,
or escort the visitor themselves.
5. The person to be visited or OIT administrative staff member must notify
the security officer on duty when they take charge of the visitor in the lobby
and if the visitor will need access to the OIT office area. If access is
needed, the security officer on duty will then enable the “Authorized OIT
Visitor” badge to allow access to the OIT lobby doors. If the business
visitor does not need access to the OIT office areas, the badge will not be
6. OIT business visitors may not visit MRS areas unless escorted by someone
authorized to be in those areas.
7. Visitors must sign out and return the temporary badge to the security
office upon leaving the building.
D. OIT Personal Visitors
1. OIT personal visitors such as family, friends, etc. must sign in with
the Security Officer.
2. Personal visitors will be issued “OIT Visitor – must be escorted”
visitor badges regardless of ID presented.
3. All personal visitors must be supervised and escorted at all times while
in the building.
4. Personal visitors are not allowed access to MRS areas at any time.
5. Personal visitors must sign out and return the temporary badge upon
leaving the building
E. Card holder termination procedures
1. Supervisors must collect the access badge from any terminating employee
under their supervision, and return it to the security office for destruction.
2. Supervisors must, at a minimum, notify the security office of employee
termination immediately upon termination, or of the expected date and time of
termination whether the access badge is collected or not.
3. Supervisors must notify the security office to disable access for an
employee expected to be out for an extended period such as maternity leave,
extended illness, sabbatical, or any other extended period when the employee is
not expected to report for work.
4. Contract administrators must collect access badges from all contracted
employees when they have finished their work.
5. Contract administrators must collect access badges from contracted
employees if they leave the contracted project, even if they are expected to
return at a future date.
6. Contract administrators must immediately inform security if a contracted
employee is leaving for any reason including a scheduled vacation or other
interruption of work where the contractor is not expected for some period of
7. Employees and contractors are not permitted to retain any access badge,
access badge overlay, or other form of photo identification issued under this
policy after termination.
F. Use of emergency exits restricted to emergency events only
1. Employees must not use emergency exits except:
a. During an actual event when emergency alarms are activated.
b. During a fire or evacuation drill when emergency alarms are activated.
2. Security personnel and building management personnel may use the
emergency exits in the performance of their assigned job duties such as
performing periodic checks to ensure the door will open, and to see that the
door is locked.
G. Use of kitchen door restricted
1. Use of the second floor kitchen door is restricted to the following
contracted cafeteria service employees.
food service delivery personnel when delivering food stuffs or
conducting other related business.
contracted repair service employees performing repair work in the
kitchen and food service area of the cafeteria.
Security and building management personnel in the performance of
their job duties.
2. No other individual regardless of employment status is authorized to use
the kitchen door for purposes of entry or exit.
3. Cafeteria service employee visitors are prohibited from using the
kitchen door for entry or exit. Such visitors must register at the
security office before entering the building and enter through the interior
4. No other building visitor may use the kitchen door for entry or exit.
5. Cafeteria service employees must not permit any unauthorized persons
from entering or exiting the building through use of the kitchen door.
6. The kitchen door must be kept secured at all times. To relieve
excess heat in the kitchen, the outer kitchen door may be opened provided the
inner screen door is kept closed and locked.
H. Policy violations.
1. Any employee who notes a violation of this policy must report the
violation to the security officer on duty or appropriate management level
personnel as soon as possible.
2. Security will record information regarding the violation and forward the
report to the appropriate management personnel.
3. Management will contact the violator and apply disciplinary action as
I. Special Events
1. Persons attending special events open to the public that are confined to
the cafeteria and lobby areas may be subject to discretionary rules
administered by the Security Manager.
2. The Security Manager must approve each event as qualifying under this
section. Examples of special events are Blood Drives, Employee
Recognition events, and Retirement parties.
3. The Security Manager may, at his discretion, suspend any or all of the
following rules for event participants during these events:
- Visitor sign in
- Photo ID
- Visitor badge
These procedures apply to access to the 51 Commerce Center Drive
complex. These procedures and standards must be adhered to by any and all
persons who may have occasion to enter complex for any reason.
- Edison Drive Visitors: Visitors are responsible for
complying with these procedures and standards.
- Supervisory Personnel: Managers and Supervisors are
responsible for enforcing compliance by Edison Drive complex visitors,
employees, and contracted staff under their supervisory control.
- Edison Drive Staff: Staff and management are responsible
for implementing, monitoring, enforcing, and complying with these
procedures and standards.
- Security: Edison Drive complex Security Officers
(contract security staff) are responsible for enabling and disabling
access levels as detailed in these procedures or otherwise authorized by Edison Drive staff.
A. Access Controlled Area: Any area of the building which is secured by an
access controlled door or key locked door. This excludes the 1st and 2nd
floor lobby areas, cafeteria, loading bays and adjacent hall accessible from
the lobby, 2nd floor conference rooms directly accessible from the lobby and
cafeteria, restrooms, and the four small interview rooms directly accessible
from the lobby.
B. Building Complex: The building, parking lot, and area surrounded
by the chain link security fence.
C. Business Visitor: A visitor to the facility who is here to meet
with an employee for the purpose of conducting business such as attending a
business related meeting or performing work.
D. Card Holder: Any individual who has been issued a personal access
badge. A Card Holder may be an employee or a contractor.
E. Normal Business Hours: Normal business hours for the building are
6:00 a.m. to 6:00 p.m. (06:00 to 18:00) Monday through Friday, exclusive of
scheduled state holidays and other shutdown days.
F. Non-resident Contractor: Someone under contract to OIT, the building
owner, or other State of Maine agency who has some need to access the facility
but does not have a permanent assigned workspace at the facility. This
includes contractors who are on-site at the facility for less than 11
consecutive working days.
G. Non-resident Employee: Any State of Maine employee who has frequent or
occasional need to access EDOC facilities but whose primary work location is
not the EDOC facility.
H. Off Hours: Any time other than the above defined normal business
I. OIT high security areas: Computer room, HSP room,
Telecommunications Equipment room, Server/Test Lab, and Shipping and Receiving
room. These areas require special authorization for access.
Visitors must be accompanied at all times while in these areas. Visitors
who do not present valid photo ID must not be allowed any access to these
J. Personal Access Badge, Personal Badge: An access control badge
issued to an individual for their exclusive use to enter the facility and any
authorized access controlled areas of the building.
K. Personal Visitor: A visitor to the building who is here visiting
an individual or the building for a social purpose, such as having lunch,
visiting a relative, attending a party, giving blood, etc.
L. Policy, access policy, access control policy: This document, “Edison
Drive Office Complex Building Access Procedures and Standards of Operation” may
also be referred to as the policy, the access policy, or the access control
M. Resident Contractor: A person contracted to perform work for OIT
who is provided with a workspace at EDOC. Resident contractors maintain a
work schedule and work habits that are similar to those of employees.
N. Resident Employee: Any State of Maine employee whose primary work
location is the Edison Drive Complex.
O. Visitor: Any other person who is not an employee or contractor as
Access request form: http://inet.state.me.us/OIT/EForms/Net/AccessRequest/Default.aspx
Duty Roster http://csn.state.me.us/login.php
(You must log in with your AD credentials to access this information).
Reference Number: 41
Security and Privacy
of Contact: Robert L. Witham, Jr., Information Systems Security Analyst, State
House Station 145, Augusta, ME 04333-0145, (207) 624-9439
By: Greg McNeal, Chief Technology Officer, State House Station 145, Augusta, ME 04333-0145, (207) 624-9471
Title(s) or Agency Responsible for Enforcement: Robert L. Witham, Jr.,
Information Systems Security Analyst, State House Station 145, Augusta, ME 04333-0145, (207) 624-9439
Citation: 5 MRSA, Chapter 163, Section 1973, paragraphs B and D, read in part:
[The Chief Information Officer shall] "Set policies and standards for the
implementation and use of information and telecommunications technologies,
including privacy and security standards…" and "Identify and
implement information technology best business practices and project