Determine how to integrate the right level of secure access to the people who need it. Whether your building has successfully used the same access control system for years, you’re considering implementing a system or there’s been an event (e.g. merger, location or security incident) that warrants a change, now is the right time to evaluate your access control system and procedures. And if you don’t have any in place, consider making it a part of your security plan.
Keep your occupants, tenants, visitors, and assets safe by having a plan and technology to provide secure access to the right people in the right areas of your sites.
Understanding that access control is one part of a complete security plan is important. Other parts to consider include the physical design of the building, complementary security systems and operations, and training for employees.
No matter where you are in your plan or system, there are four key things to keep in mind when looking at strengthening your building access control system.
1. Evaluate Your Access Control System Features
What do you need from your access control system, and does your current setup have that? Many facilities managers will go off how a system looks and verbal information, but don’t really delve into the specific features dealing with the day-to-day challenges they face.
Don’t just pick a system based on what it looks like, but on what features it has. When picking out an access control system, consider:
- The areas where a system is needed
- Times it will be used to gain access
- How many people will have separate access levels
- How it fits into any other components you already have in place
Access is about convenience. More secure isn’t convenient. We want to foster an environment to authenticate access and let the right people in at the right times.
2. Determine Your Access Levels
Not everyone needs access to all of your site. Before deciding who should have what access, look at the building itself to determine what areas need different levels of access.
Many industry experts suggest taking a map of the building and breaking it down by making certain zones different colors based on the level of access or security that’s needed. From there, decide what level of access that will be required, and whether there are any time or date restrictions to it.
The exterior is the first line of defense to a building, so we need to identify when people can have access to the building.
It might make the most sense for most employees to enter and exit through one main access point to be able to monitor easily who’s coming and going. From there, decide which areas different employees and visitors need access to.
Determining the right level of access for different parts of the building and employees is up to the facilities managers and employee supervisors.
We suggest organizations have an access form where each employee’s supervisor or site manager has to sign off on the levels and areas of access, and times and days the person is in the building. This form should be something that creates a digital fingerprint.
We want someone to validate that, and we want it recorded accurately so in case something ever happens, we can go back to that [manager] and say, ‘You’re the person who authorized the access,’.
3. Audit Who Has Access
For more stringent control over who’s going into and out of the building and where, we encourage having people scan an access card or identification as they come into and leave the building to track if, when and where they are in the building.
Giving vendors and third-party employees the right level of access can be difficult. We suggest creating a third-party database with an owner who enrolls people in it, otherwise, there’s no way to know who requires access and who doesn’t.
If that isn’t possible, one way to handle this is pre-registering contractors with the name “contractor” in the name field so it can be searched. We suggest every two to three months disabling all access to contractors, and if they still need access, they can have it re-enabled.
For visitors, we encourage issuing labels or QR codes clearly identifying them as a visitor that expire automatically at the end of the day.
4. Assess Your Potential Security Risks
Look at your current security and access control levels to determine where your weak spots or areas of improvement should be. We suggest taking a comprehensive crime prevention assessment. You should ask:
- What’s your target potential?
- What’s the prevailing attitude toward security?
- Who’s responsible for the overall security program?
- How are security policies enforced?
- When was the current emergency preparedness plan developed?
- What resources are available locally and how rapid are the response times for fire, police, and armed response?
- What kind of physical security systems and controls are presently used?
- Do the available security resources, policies and procedures meet the potential threat?