The Correct Answer and Explanation is:
Based on standard security and key control protocols, the correct statement is:
Key Custodians should keep a roster of personnel authorized to access keys.
Explanation
This statement accurately describes a fundamental responsibility of a Key Custodian. Effective physical security relies on a robust key management program, and maintaining an authorization roster is a cornerstone of such a program. This roster serves as the primary tool for access control. It is a formal list, approved by management, that explicitly names which individuals are permitted to check out specific keys for designated areas.
When an employee requests a key, the custodian’s first step is to consult this roster to verify the individual’s authorization. This process ensures that access is granted only to those with a legitimate, pre-approved need, thereby preventing unauthorized entry into sensitive or restricted areas. Furthermore, this practice creates a clear and essential audit trail. By combining the authorization roster with a sign-out log that tracks who has which key and when, an organization can maintain strict accountability. If a security incident occurs, these records are invaluable for investigating who had access to a particular area at a specific time.
The other options describe incorrect and insecure practices. A custodian checking out keys “for security” is a conflict of interest that bypasses the control system they are meant to uphold. Constantly carrying all facility keys poses a massive security risk; if the keys are lost or stolen, the entire facility’s security is compromised. Lastly, while spare keys must exist, allowing custodians to “keep copies” suggests uncontrolled duplication, which is a severe security breach. Key duplication must be a tightly regulated process managed by a central authority, not an ad hoc activity. Therefore, maintaining a roster of authorized personnel is the only true and proper function of a Key Custodian among the choices provided.
