Access Without Ownership
Retail’s Quiet Operational Risk
Keyholding and access management are often treated as relatively minor items on the retail security agenda. However, across large retail estates, poorly managed access can create operational friction, financial loss and accountability gaps. Stuart Wheeler, Managing Director at Keynetics, specialists in smart keyholding systems, explores how retailers can improve accountability and governance around access management.
The Illusion of Control
Many retailers believe their keyholding is under control. On paper, there are systems and processes in place. In practice, confidence in those processes does not always reflect how access is managed day to day.
The issue is rarely the absence of process itself, but rather the lack of ownership and clarity. Who is ultimately responsible for keys across the estate? Is it the in-house security team, facilities department or store management? What about outsourced keyholding providers, contractors and maintenance engineers who require regular access?
Across large estates, it does not take long for multiple sets of keys to a single branch to end up spread across internal teams, contractors and external providers.
Responsibility then becomes fragmented. If one set is lost or misplaced, the consequences can quickly escalate. Entire key suites may need replacing, creating additional costs, operational delays and disruption to contractor access or alarm response procedures.
For many organisations, the challenge is not simply physical security. It is maintaining visibility over who has access, why they have it and whether that access is still appropriate.
The Hidden Volume of Access Decisions
Access in retail is constantly changing. New starters, sudden leavers, changing contractors and temporary key handovers all result in constant changes to access permissions across retail estates.
Individually, these decisions may appear relatively minor, but across large estates they can become difficult to oversee, particularly when reviews are inconsistent or managed locally without central visibility.
This is where access drift begins to emerge.
Over time, keys, permissions and informal workarounds can gradually accumulate across the organisation. Temporary arrangements become permanent, historical access remains in place and outdated permissions are not always reviewed as processes evolve.
In fast-moving retail environments, these workarounds can quickly become normalised simply because they keep operations moving.
The challenge is that the issue rarely appears all at once. Instead, it develops gradually through hundreds of small decisions made over time and rarely revisited.
Eventually, organisations can find themselves struggling to answer a simple question with confidence: who currently has access to a site, and why?
When Access Fails, It’s an Operational Problem First
Because of the financial impact of access failures, many organisations see keyholding issues as operational inefficiencies before they recognise them as security risks.
Delayed store openings, missed maintenance visits, failed contractor access and logistical disruption are often accepted as operational inconveniences rather than signs of a wider issue. In many cases, businesses simply work around the problem because addressing the root cause is seen as too costly, disruptive or time-consuming.
Yet when companies do review their approach to keyholding and access management, the benefits often extend far beyond cost savings.
Drawing on experience both as a former retail director and from years working with organisations on access management strategies across large estates, Stuart comments, “Companies that recognise weaknesses in key handling are rarely looking for a security fix alone. They want better accountability, clearer traceability and fewer operational costs caused by inefficient processes.”
He adds, “With tighter budgets and rising expectations, more organisations are reassessing long-standing processes and looking at how technology can improve oversight, efficiency and accountability across the estate.”
From Control to Access Governance
So, what is the solution to access drift in retail?
There is no universal answer, but the most effective approach is shifting from simply controlling access to properly governing it. That means clear ownership of keyholding activities, defined processes and visibility over how access decisions are made.
One of the key requirements for this is greater centralisation and standardisation across the estate, while still allowing local administration where needed. Crucially, access decisions must remain traceable, both in terms of granting access and how it is used.
Reducing the number of keys in circulation and improving auditability will inevitably involve technology, alongside cooperation between multiple departments and service providers that require access to sites across the estate.
What Real Oversight Looks Like in Practice
Ideally, the first step towards mature access governance is establishing who is accountable for all keyholding-related functions, not only on paper, but also in practice and without hesitation. “Pass the parcel” responsibility between departments and providers should be eliminated.
Access to premises should be tied both to individuals and their roles. Technology already exists to support time-restricted, purpose-led and revocable access limited to specific locations, regions or operational areas.
Approaches such as these can help reduce the number of keys in circulation while improving audit trails and overall control over access decisions.
The wider challenge, however, often extends beyond technology itself. Process updates, stakeholder alignment and operational buy-in across multiple departments and service providers all play an important role in making access governance work effectively across large estates.
Stuart comments, “How organisations manage the transition very much depends on urgency, priorities and budget. Some are looking for a gradual change that works alongside existing infrastructure, while others may choose to move towards fully digital access.”
He adds, “We’ve developed a solution that works with existing keys and locks while improving visibility and governance through a cloud-based platform. For some businesses, that offers a quicker and less disruptive route into modernising keyholding, while others may prefer to move entirely towards digital systems by replacing locks and introducing mobile credentials.”
Cost will naturally remain a deciding factor, with organisations weighing investment against operational impact and long-term efficiency. Regardless of the route taken, preparation and implementation remain critical to achieving the intended outcomes.
Access Requires Accountability
For many organisations, keyholding has historically been treated as a routine operational function rather than an area requiring consistent oversight.
But as retail estates become more complex, fragmented access and unclear ownership are creating operational risks that are becoming harder to ignore.
Ultimately, effective access management depends on maintaining clear accountability for who can access sites, when access is granted and how those decisions are managed across the organisation.