Key Control and Management Audit Checklist [FREE PDF]
Key control and management is a foundational element of physical security, governed by ASIS Physical Security Standard PSC.1-2012 and NFPA 730 Guide for Premises Security. Inadequate key control can expose facilities to unauthorized access, asset theft, and liability under regulatory frameworks including DHS CFATS for high-risk chemical facilities. This audit ensures all key issuance, return, storage, and accountability procedures meet applicable standards and organizational policy.
- Industry: Facility Security
- Frequency: Monthly
- Estimated Time: 45-60 minutes
- Role: Access Control Manager
- Total Items: 34
- Compliance: ASIS Physical Security Standard PSC.1-2012, NFPA 730 Guide for Premises Security (2020 Edition), DHS CFATS 6 CFR Part 27, ASIS General Security Risk Assessment Guideline GDL GSRA-2012
Key Inventory and Accountability
Verify that a complete, accurate master key inventory is maintained and reconciled.
- Is a current master key inventory log maintained and up to date?
- Does the key inventory record include key number, type, issued-to name, and issue date?
- Is the total number of keys physically present reconciled against the inventory log?
- Are duplicate or spare keys separately logged and secured?
- How many keys are currently recorded as unaccounted for?
Key Issuance Procedures
Confirm that key issuance follows a documented, authorized, and signed process.
- Is written authorization required from a supervisor before issuing any key?
- Does each key recipient sign an acknowledgment of responsibility upon receipt?
- Is a background check or identity verification completed before issuing master or grandmaster keys?
- Are temporary keys issued with a defined return date and tracked separately?
- Is key issuance to contractors or vendors restricted and documented with contract reference?
Key Storage and Physical Security
Inspect the physical security of key cabinets, lockboxes, and storage areas.
- Are all unissued keys stored in a locked, tamper-evident key cabinet or safe?
- Is access to the key storage area restricted to authorized personnel only?
- Is the key cabinet or safe inspected for signs of tampering or forced entry?
- Are master and grandmaster keys stored separately from standard keys with additional access controls?
- Please photograph the key storage cabinet or safe for the audit record.
Key Return and Revocation
Verify procedures for key return upon termination, role change, or contract expiry.
- Is there a formal process to collect all keys from employees upon termination or role change?
- Are key returns logged with date, time, and receiving officer signature?
- Is rekeying or lock replacement triggered when a key is reported lost or not returned within 24 hours?
- Are incidents of unreturned or lost keys escalated to security management and documented as incidents?
Electronic Key Control Systems
Assess the configuration and functionality of any electronic key control or key management systems in use.
- Is an electronic key management system (EKMS) in use at this facility?
- Does the EKMS generate tamper-evident audit logs for every key check-out and check-in event?
- Are EKMS access credentials (PINs, cards) reviewed and updated on a quarterly basis?
- Is the EKMS backed up and its data retained for a minimum of 12 months?
- Has the EKMS been tested for functionality and alarm notification within the last 90 days?
Lock Cylinder and Hardware Audit
Inspect the condition, security rating, and rekeying history of lock cylinders throughout the facility.
- Are all lock cylinders on secured perimeter doors inspected for wear, damage, or tampering?
- Is the rekeying history for each lock cylinder documented with dates and triggering events?
- Do high-security areas utilize restricted-keyway or patented key control lock cylinders?
- Are lock cylinders in critical areas rated at ANSI/BHMA Grade 1 or equivalent security rating?
- Please photograph any lock cylinders showing signs of wear, damage, or tampering.
Policy Review and Staff Training
Confirm that key control policies are current, communicated, and staff are properly trained.
- Is the written key control policy reviewed and updated at least annually?
- Have all personnel with key issuance authority received formal key control training in the past 12 months?
- Are key control audit results reported to senior management or the security steering committee?
- Are corrective actions from previous key control audits tracked to closure?
- Provide any additional observations, notes, or recommended corrective actions from this audit.
Related Security Checklists
- Badge and Credential Verification Inspection Checklist [FREE PDF]
- Access Control System Daily Inspection Checklist [FREE PDF]
- Visitor Management and Screening Procedure Checklist [FREE PDF]
- Key and Lock Management Audit Checklist [FREE PDF]
- Security Lighting Inspection Checklist [FREE PDF]
- Emergency Lockdown Procedure Check Checklist [FREE PDF]
- Parking Lot Security Inspection Checklist [FREE PDF]
- Security Officer Equipment Check Checklist [FREE PDF]
Related Access Control Checklists
- Access Control System Daily Inspection Checklist [FREE PDF] - FREE Download
- Visitor Management and Screening Procedure Checklist [FREE PDF] - FREE Download
- Key and Lock Management Audit Checklist [FREE PDF] - FREE Download
- Badge and Credential Verification Audit Checklist [FREE PDF] - FREE Download
- Vehicle Search and Screening Checklist [FREE PDF] - FREE Download
- Physical Access Control System Audit Checklist [FREE PDF] - FREE Download
- Visitor Management & Badging Compliance Checklist [FREE PDF] - FREE Download
- Data Center Physical Security Inspection Checklist [FREE PDF] - FREE Download
- Cybersecurity Physical Security Integration Checklist [FREE PDF] - FREE Download
- Access Control System Audit Checklist [FREE PDF] - FREE Download
Why Use This Key Control and Management Audit Checklist [FREE PDF]?
This key control and management audit checklist [free pdf] helps facility security teams maintain compliance and operational excellence. Designed for access control manager professionals, this checklist covers 34 critical inspection points across 7 sections. Recommended frequency: monthly.
Ensures compliance with ASIS Physical Security Standard PSC.1-2012, NFPA 730 Guide for Premises Security (2020 Edition), DHS CFATS 6 CFR Part 27, ASIS General Security Risk Assessment Guideline GDL GSRA-2012. Regulatory-aligned for audit readiness and inspection documentation.
Frequently Asked Questions
What does the Key Control and Management Audit Checklist [FREE PDF] cover?
This checklist covers 34 inspection items across 7 sections: Key Inventory and Accountability, Key Issuance Procedures, Key Storage and Physical Security, Key Return and Revocation, Electronic Key Control Systems, Lock Cylinder and Hardware Audit, Policy Review and Staff Training. It is designed for facility security operations and compliance.
How often should this checklist be completed?
This checklist should be completed monthly. Each completion takes approximately 45-60 minutes.
Who should use this Key Control and Management Audit Checklist [FREE PDF]?
This checklist is designed for Access Control Manager professionals in the facility security industry. It can be used for self-assessments, team audits, and regulatory compliance documentation.
Can I download this checklist as a PDF?
Yes, this checklist is available as a free PDF download. You can also use it digitally in the POPProbe mobile app for real-time data capture, photo documentation, and automatic reporting.