Where contracted personnel of suppliers require access to BT sites or buildings, they must obtain authorisation by adhering to the BT Security Access Policy.
Why have an Access Policy?
BT has put in place processes intended to protect the assets of both BT and those of the supplier. These processes enable authorised unhosted access to BT’s sites and buildings and allows the supplier to obtain both electronic access control (EAC) tokens and/or any security keys from BT either directly themselves or via a BT Contract Liaison Manager (CLM).
When a contracted person from the supplier enters BT sites or buildings they should be aware of their obligations to maintain the integrity of BT’s assets. A BT Security Handbook provides general guidance concerning the responsibilities of the contracted supplier to ensure that site security is maintained. It also gives advice on how to contact BT security and contacts for fault reporting.
What are the BT Security Access Policy requirements?
Option 1 Obtaining access via a BT CLM
Under this option a designated BT CLM can obtain all of the necessary EAC tokens and/or security keys on behalf of the contracted personnel. Once a BT CLM has been identified, a request for BT CLM status and the ordering of EAC tokens and/or security keys are completed by the BT CLM using BT’s internal BASOL on line system.
This option is normally considered for smaller contracts where it is practical for a BT CLM to administer access requirements for the contracted personnel.
Option 2 Requesting access directly from BT Security
Under this option a nominated person or persons in the supplying company, known as the authorising signatory, can apply for any necessary EAC tokens and/or security keys directly from BT. The authorising signatory/s having been sanctioned by a BT Sponsor. This option provides the flexibility necessary for larger suppliers to administer there own requests for access to BT buildings and sites that would be otherwise impractical to achieve with a BT CLM.
There are a number of key stages and requirements of the access application process that must be followed, these are briefly mentioned below.
The first step in obtaining EAC tokens and/or security keys is for the supplying company to appoint an Authorising Signatory from within their organisation. Once appointed the Authorising Signatory can order the EAC tokens and/or security keys direct from BT Security. In order to do this BT needs the Authorising Signatory to complete the ASF1 form, countersigned by the BT Sponsor.
Once the ASF1 form has been completed, the authorising signatory can obtain an EAC token and/or security key for their people, by completing an appropriate on-line application via the BASOL Redside application. Full instructions and training on how to use the BASOL Redside will be given upon successful appointment of the Authorised Signatory. It should be noted that these will normally only be issued to a named individual and the sites for which access is requested must be specified on the application form. Exceptionally where access to BT's estate is only necessary on a short term temporary basis by some people, EAC tokens and/or security keys will be issued to the authorising signatory as 'pool' tokens or keys. In these situations, where possible, a 24 hour contact point is required for use by BT in exceptional circumstances where a security issue requires resolution, to verify the bona fides of an individual where 'pool' EAC tokens are in use or to facilitate remote access release.
An integral part of the access application process is for the supplying company to maintain a database of its employees (on the BASOL Redside system) who have an EAC token issued to them. This replicates BT's own internal processes where BT's personnel database is compared to the BT security database to ensure that leavers etc do not have an active EAC card to enable them to access BT's estate. It also provides security in situations where an EAC card is lost. The authorising signatory must send a copy of the database to BT Security whenever there is a change of 'named' personnel requiring access to BT's estate.
More detailed information regarding the application process, including all forms referred to above, is contained in the BT Physical Access Application Process for non BT organisations.
It is also important for suppliers to understand that they must also exercise due care when recruiting employees within their own company or indeed when using employees of any other contractors or agents, who will have access to the BT estate. The employer must ensure that, when an individual is recruited, an employment application form is completed, references are obtained, self-declaration of criminal convictions signed and proof of identity validated (e.g. passport / birth certificate). In addition suppliers personnel and those of their contractors/agents must be in possession of, and display, their own company photo ID cards at all times when within the BT estate.
For queries or concerns regarding access requirements please contact ;
Physical Access Control Manager
Tel: 0203 279 0623
Mobile: 07435 978069
Last Updated : 09/01/2013