Current through October 31, 2024
Rule 13-7-12.14 - Automated Key Control SystemFor licensees who utilize an automated key control system for sensitive or restricted keys, their System of Internal Controls must also include the following:
(a) The automated key system procedures must achieve a comparable level of controls and safeguards as required by the aforementioned key control regulations;(b) Keys must be maintained on tamper proof rings to prevent unauthorized removal;(c) A general description of the automated system and its configuration to include how access is controlled using a separate unique device to identify each employee ( e.g., Password or PIN and Hand Reader, Fingerprint, or Retina Scan, etc.);(d) System override procedures, if applicable;(e) Immediate notification to the Commission in the event of a system failure and what procedures will be utilized when the system fails;(f) The front door and control panel keys used to manually access the automated key box must be keyed separately and maintained in a manual dual lock key box with access limited to approved personnel. Such access must be documented in the key control log;(g) System capabilities to provide a complete audit trail of all access, which includes but is not limited to, identity of the key box, employee, key(s), date and time out, date and time returned, unauthorized attempts to access the key box and all entries, changes or deletions in the system and the employee who did so;(h) Each department head is required to complete a Key Authorization Form detailing their employees user access to the keys maintained in the automated key box. The Key Authorization Form must be provided to the automated key box administrator for entry into the automated key box system. The Key Authorization Form must be completed each time there is a new employee entry, modification to an existing employees user access or deletion of an employee from the automated key box system. The automated key box administrator or the employee in charge of and/or employee(s) authorized to enter, modify and delete keys and employee access in the automated system, must be a member of management who is independent of the revenue producing department whose keys are maintained in the automated key box and this employee cannot be utilized as an escort or witness to access keys maintained in the automated key box. A key licensed employee from the Accounting department must perform a documented review after the administrator performs a key entry, modification, deletion and change in employee access in the automated system;(i) If the licensees automated key box system will not allow the identification description of each key on a key ring, a manual supplemental inventory must be maintained that is signed (to include their legible unique identification number) and dated by the administrator of the automated key box;(j) The automated key box system must be able to provide reports detailing alarms for overdue keys, open doors, unauthorized attempts to access, user access list to ensure a proper segregation of duties and transactions are appropriate and any other unusual activities,(k) Back up procedures for the automated key control system must be performed daily,(l) Accounting must document their review of the following procedures on a daily basis:1. Review the automated user access report to ensure a proper segregation of duties is exercised and transactions are appropriate;2. Ensure all employees in the automated system are current employees with the appropriate job title to access the keys; and3. Review automated detail reports for propriety of transactions, overdue keys, open doors, unauthorized attempts to access and any other unusual activities. (Adopted: 12/20/2007.)13 Miss. Code. R. 7-12.14
Miss. Code Ann. § 75-76-45