A step-by-step guide for businesses and property managers: when to rekey, when to replace, and how to maintain a defensible key custody record.
A commercial lock change checklist covers five phases: hardware audit, access tier mapping, strategy selection, vendor quoting, and key log update. The most commonly skipped step is the final documentation phase, which is also the phase that matters most if a security incident occurs after the change.
Before calling a locksmith, document every lock on the affected property. A hardware audit takes 20 to 40 minutes for most commercial suites and gives a locksmith the information needed to quote accurately.
Access tier mapping answers one question: who needs to open which doors? For a single-tenant office, this may be straightforward. For a multi-tenant building or campus, the map can reveal whether a master key system or a hierarchical electronic access structure is appropriate.
Draw a simple grid with personnel roles or tenant categories on one axis and door locations on the other. Mark each intersection with the required access level. This document becomes the scoping brief for the locksmith or access control vendor.
| Strategy | Best when | Not appropriate when |
|---|---|---|
| Rekey (standard keyway) | Routine tenant or staff turnover; hardware in good condition | Key duplication control is a security requirement |
| Restricted keyway upgrade | Unauthorized key copies are a recurring concern; master key system is in use | Budget is constrained; low-security area |
| Full hardware replacement | Locks are worn, damaged, or below required security grade | Hardware is serviceable and grade meets requirements |
| Electronic access control | High staff turnover; audit-intensive environment; multi-site management | Budget is limited; no IT infrastructure for credential management |
Request at least two quotes from commercial locksmith vendors. A well-scoped quote should itemize the following:
The final phase is where most commercial lock changes fail as a security measure: the change is made but not documented. Without documentation, an organization cannot demonstrate due diligence if a security incident occurs later.
The commercial lock change protocol applies wherever physical key access needs to be tracked and controlled.
Multi-tenant and owner-occupied commercial office buildings managing access for dozens of employees and contractors across multiple floors.
Apartment complexes and single-family rental portfolios executing move-out reckeying on every tenant transition.
High-turnover environments where staff changes frequently and key access to stockrooms, offices, and safes must be tightly controlled.
A complete checklist covers: hardware audit (grade, brand, keying), access tier mapping, strategy selection (rekey/restricted/electronic), vendor quoting with itemized pricing, execution scheduling, and key log update. The documentation phase is the most commonly skipped and the most important.
A key custody log should record: key number, lock location, recipient name, issue date, return date (or noted as not returned), and the locksmith who performed the rekey. Physical signature on a form is more defensible than a digital entry alone in an insurance or liability context.
Ask for their license number, liability insurance, experience with your hardware brand, whether they provide a key issuance log, and their volume pricing for multi-door jobs. Confirm they can rekey existing cylinders rather than replacing them, which is substantially cheaper if hardware is serviceable.
