Customer Story: Why One School District Replaced Three Apps with KeyDog

The customer is a mid-sized unified school district on the West Coast — eight schools, two administrative buildings, a maintenance yard, and a transportation depot. About 4,800 students, 540 staff. Roughly 2,300 physical keys, 380 fob credentials, and — until last fall — three separate software systems trying to keep track of all of it.

The district's IT director called me in October because the renewal cycle for one of those three systems was up and he wanted to "have a different conversation." He had been thinking about consolidation for two years. The renewal gave him the budget conversation he needed to actually do something.

This is what they had, what they replaced it with, and what the year has looked like. The district has asked us not to publish their name; everything else is accurate.

The "before" picture

The IT director inherited the three-system arrangement from his predecessor. Each system had been adopted independently, by different people, to solve a specific problem at a specific moment in time.

System 1: A legacy key management app. Locally installed, on-premises, last updated by the vendor in 2019. Tracked the physical keys. Had a clunky UI, no remote access, and was hosted on a server in the basement of the district office that nobody wanted to touch.

System 2: A name-brand electronic access control suite. Robust hardware-side, but the management UI required Internet Explorer (yes, in 2024) and was used by exactly two people in the district who had the patience to keep it running.

System 3: A Microsoft Access database. Built by the previous IT director around 2016 to "tie the two systems together." Held the staff records, the building assignments, and a mapping table between key IDs and fob IDs that was theoretically supposed to be kept in sync with the other two systems. In practice, it diverged from both within weeks of any reconciliation.

To answer a question like "what access does this staff member have," somebody had to log into all three systems, cross-reference the results, and produce an answer that was usually correct but never fully trusted. To revoke access for a departing staff member, the admin team had to make changes in all three systems and then check that the changes had taken effect. The process took 25 to 40 minutes per offboarding. The director estimated his team was spending eight hours a week just on access reconciliation.

What they were trying to solve

The director's goals were specific, and I am going to list them because they are pretty representative of what most district IT directors are dealing with:

1. One source of truth. Eliminate the cross-system reconciliation entirely. One record per staff member, one record per key, one record per fob, all in one place.
2. Reduce the offboarding window. Get the time-to-fully-revoked-access down from 30+ minutes to under five. The risk window of a departing employee with active credentials was the single biggest security concern.
3. Survive an audit. The district had been notified of an upcoming security audit by the state for the following spring. The current system arrangement would not survive scrutiny.
4. Reduce IT operational load. His team was spending more time managing access systems than the systems were spending managing access. He needed that time back for higher-leverage work.
5. Keep the existing access control hardware. The electronic access hardware was relatively new and represented a significant capital investment. Whatever replaced the management software needed to continue working with it.

The fifth point was the one that scared off most vendors he talked to. Most consolidated key/access platforms want to sell you their own hardware. The district was not going to rip out their existing readers.

Why KeyDog

We had two conversations and then a technical evaluation. The deciding factors, in the director's own words at the kickoff meeting:

• KeyDog tracks the fob profiles and the staff-to-fob assignments as records in the same system as the keys. The actual signal-level access control still happens on the existing hardware, but the management of who-has-what lives in KeyDog. This was the answer to his hardware-preservation requirement.
• The audit log was, to use his phrase, "the kind of thing I want to show the state auditor without having to apologize first."
• The single-tenant architecture was a positive for his security team, who had been burned in 2023 by a multi-tenant SaaS breach that affected the district's HR system.
• The price was lower than the combined renewal of the legacy key tracker and the Microsoft Access maintenance arrangement, before even counting the access-control management software savings.

He signed in late October. We started implementation in early November.

The implementation

This was a complicated import because we were merging three sources that disagreed with each other.

Week one was reconciliation. We built a workbook that pulled exports from all three systems side by side, with conflict columns highlighting where the systems disagreed. The district's team spent four days going through it row by row, deciding which source was authoritative for each record. About 4% of the records had genuine conflicts that required physical verification — walking to a key drawer, checking a fob reader log, calling a staff member.

Week two was the import itself. We loaded the reconciled workbook into KeyDog, validated against the live data model, and ran through the staging environment with the admin team to make sure everything looked right before we committed.

Week three was the cutover. We ran KeyDog and the old systems in parallel for five days, with the admin team using KeyDog for all new transactions and verifying that the old systems agreed. On the sixth day we put KeyDog into production-only mode and took the old systems offline.

Week four was the cleanup. About 40 records surfaced as discrepancies during the parallel run and needed individual investigation. The Microsoft Access database was archived to a cold backup (the director could not bring himself to delete it outright). The legacy key tracker was uninstalled. The access-control management software was reconfigured to be invoked only from KeyDog's integration adapter, which calls the vendor API to push fob profile changes.

Six months later

I checked in with the director last week, six months after the cutover. The numbers:

• Offboarding time: Down from 30+ minutes to under 4 minutes per staff member. The single-screen offboarding view in KeyDog handles the staff record, all associated keys, and all fob profiles in one workflow. The hardware integration pushes the fob revocation automatically.
• Weekly IT operational time on access: Down from approximately 8 hours to approximately 1.5 hours.
• Lost-key incidents: Down from 14 in the prior six months (district-wide) to 4 in the most recent six months.
• Staff reporting "I am not sure what access I have": The director is tracking this informally through helpdesk tickets. It was a steady trickle pre-KeyDog and has stopped entirely since the self-service portal went live in February.
• Cost: They are on the Campus plan with the Long-term Retention and Floor Plans add-ons. Total annual spend is approximately $3,800. Combined annual cost of the three replaced systems was approximately $11,200. Net annual savings: $7,400, on top of the operational time savings.

The state audit happened in March. They passed. The director told me the auditor's exit comment was "this is the cleanest access control documentation I have seen at a district your size."

What the director says he would do differently

I asked him this directly, because I always want to know what we should have done better. Three things from him:

He would have started sooner. "I thought about this for two years. I should have started two years ago. The fact that we had a renewal forcing function was the only reason I finally moved. If you are thinking about this, just do it."

He would have spent more time on the staff communication. "I underestimated how much anxiety the change caused at the principal level. The technical implementation was clean. The change management was bumpier than it needed to be. I would write more emails, hold more brief town halls, and overcommunicate the timeline."

He would have looped in the union earlier. "The teachers union had questions about the audit logging. They were reasonable questions, and we answered them, but we should have proactively briefed the union rep in week one instead of waiting until they came to us in week three."

We are folding all three of these lessons into our implementation playbook for school districts. If you are a K-12 IT director considering the same kind of consolidation and you would like to talk through your environment, we are happy to.