We use cookies to give you the best possible online experience. If you continue, we'll assume you are happy for your web browser to receive all cookies from our website. See our cookie policy for more information on cookies and how to manage them.

Featured news

Site keyboxes – the associated risks

Most firms and organisations will have in place an electronic security system (ESS) that plays a pivotal role in preventing, and detecting, site intrusion and crime.

The most common ESS is an intruder alarm linked to a remote alarm receiving centre. But remotely-monitored CCTV or other remotely-monitored building management systems also fall under the category of ESS.

Whatever system is in place, it is important that firms have a set of specifically-designated people in place to manage it alongside those who attend in response to any activity or technical fault, the latter being referred to as 'keyholders'. 

Firms have a choice: they can appoint an in-house keyholder – or team of keyholders – or employ a commercial response company which will fulfil the keyholder role, typically in exchange for a yearly retainer and ad-hoc call-out fees. 

Typically, smaller businesses will look to their staff to fulfil the keyholder role(s), selecting reliable and trustworthy individuals. But larger organisations, which may have more than one ESS spread out over different buildings, may be more likely to turn to a commercial response firm. 

The use of commercial response has become more prevalent in recent years, partly as a consequence of employer concern for the health and safety of employees responding to ESS events and partly because the police are taking a harder line on attending false alarms. 

However a business chooses to manage its ESS, it is increasingly likely that with modern systems it will be offered use of a physical unsetting device, rather than a code, to activate and reset it. Because these devices (for example, electronic fobs) are physical devices they need to be carried by keyholders, but some commercial response companies may suggest storing them on-site, in keyboxes.

This is in an effort to reduce their response time, i.e. to avoid having a response team having to collect unsetting devices from a base. In such circumstances, keys for the premises are also likely to be stored in the keybox. 

Recent changes to industry rules have made this a more important issue than it might first appear. Commercial response companies and building management staff are expected to adhere to BS7984, the industry-wide keyholding and response services code of practice. 

In the past, BS7984 only allowed for businesses' keys and unsetting devices to be stored in commercial response companies' own premises or response vehicles. However, since 2008 BS7984 no longer requires this; and now allows for storage of keys on-site in a keybox provided that a customer signs documentation acknowledging the potential security risks of this practice. 

So what are the security risks associated with this practice? Quite simply, if intruders gain access to the keybox they will be able to both unlock entry doors and deactivate the ESS. 

They may attack a keybox in situ or remove the box from the wall and take it away, opening it and returning to the premises at a later time. What is more, BS7984 puts no requirements at all on businesses to use keyboxes that accede to a particular quality, although organisations such as the Loss Prevention Certification Board and Sold Secure do have test standards available which are suitable for keybox testing. 

Given the security risks associated with their use, use of site keyboxes will not usually be sanctioned by insurers, not least given that it goes against many ESS-related standard insurance requirements, among which require customers to not leave premises keys/alarm unsetting devices on-site when they are left unattended.

Failing to comply with an insurer's ESS conditions could jeopardise cover, so if a business wishes to use one they must ask their insurer to consider sanctioning their use. Whilst insurers will generally advise against their use, their response to a specific request is likely to depend on their perception of the risk. 

For example, for a small business that is considered low risk, a keybox may not be felt to greatly compromise security, given that it may be felt that intruders may be more likely to target weaker access points and/or possibly operate on a 'smash and grab' basis. But at high risk premises, with a risk of a prolonged break-in and associated large loss, the use of keyboxes is likely to be prohibited. 

In general, a business wishing to use a commercial response service should rely upon use of an ESS code for unsetting rather than a physical unsetting device, as without access to the code,if intruders do successfully force entry, they will have no means of unsetting the alarm.

If you would like to improve the security measures you have in place at your premises, our preferred supplier, Secom, could help you. They offer discounts of up to 15% to Aviva insured customers who purchase Alarms, CCTV systems and physical security devices from them. Please call the Aviva Risk Helpline on 0845 3 66 66 66 for more information.ADNFCR-3408-ID-800501199-ADNFCR