Security Guidelines Incorporating Visitor Management
The Department of Homeland Security Offers Security Guidelines Incorporating Visitor Management and Access Management for Businesses, Commercial Buildings and Enterprises
Since the 9/11 terrorist attacks in New York, the U.S. Department of Homeland Security has established a list of guidelines for commercial building security based, in part, on the critical need to ensure that no individual – employee or visitor – in a commercial facility or campus has access to an area they are not authorized to enter.
According to Department of Homeland Security, key common vulnerabilities of commercial office buildings include:
- Open access to buildings by tenant employees, visitors
- Lack of adequate perimeter and site security measures (e.g., fences, bollards, security cameras)
- Building designs that lack security considerations (e.g., blast-resistant glass)
- Lack of adequate vehicular control (e.g., traffic control, parking area controls)
- Lack of security in loading docks, shipping and receiving areas, mailrooms
- Lack of security at HVAC and database systems
- Lack of security at building utility supply points
- Limited emergency response and security forces
- Lack of security regarding vendors and contractors
Homeland Security’s recommended response to these vulnerabilities magnified the importance of protecting private sector buildings.. In addition to the essential physical safety of employees and visitors on the property at any given time, the enterprise’s security, sensitive data and intellectual property, as well as physical and logical technology located in those buildings need security solutions and protocols that meet or exceed the company requirements. Protection from vandalism and workplace violence are also incorporated into DHS guidelines. However, recognizing these threats can be both obvious and challenging.
Potential indicators of individuals and groups that intend to do harm and of most concern to commercial office buildings and private enterprises include:
- Attackers using a wide variety of weapons and tactics to achieve their objectives
- Improvised explosive devices
- Small arms attacks
- Chemical/biological/radiological agent attacks
- Aircraft attacks
- Cyber attacks
Indicators of potential surveillance by adversaries include:
- Persons using or carrying video/camera/observation equipment in or near the facility without authorization
- Persons discovered with facility maps, photos, or diagrams with critical assets highlighted or notes regarding infrastructure or listing of personnel
- Persons parking, standing, or loitering over a multiple-day period with no apparent or reasonable explanation
- Persons questioning facility employees off-site about practices pertaining to the facility and its operations, or an increase in personal e-mail, telephone, faxes, or postal mail requesting information about the facility or one of its key assets
- Facility employees inquiring about facility operations, equipment, assets, or security measures about which they should have no job-related interest
- An increase in buildings left unsecured or doors left unlocked are common vulnerabilities
Countermeasures to reduce, mitigate and eliminate external and internal threats from domestic and foreign terrorists remain of paramount importance to the Federal Government. Beginning with the creation of the Personal Identity Verification smart card (PIV card) in 2005 for everyday access to buildings in order to secure cyber and physical assets and resources, technology and processes have consistently been created, updated and refined to include visitor management and access management security. These measures are entirely dependent on the priority and importance facilities managers and business owners place on making sure no unauthorized visitors can enter a facility on any particular day.
Physical Identity and Visitor Management Guidelines
Technology such as iVisitor and iSiteAccess visitor management systems solve these problems by sustaining valid identities and creating a protective barrier with an enterprise-based solution. This makes it possible for public and private sector facilities to prevent prohibited external and internal access by unauthorized visitors, employees, contractors and other individuals. Veristream’s software can be implemented across multiple facilities and buildings around a campus – or across the globe – in alignment with Federal Identity, Credential, and Access Management (FICAM) guidelines. Veristream is able to integrate most existing physical access control systems with its visitor management system thereby eliminating the need to replace existing physical access infrastructure.
The Veristream visitor access system provides:
- Database storage of every identity who may be present in a facility or on a campus at any time
- Ongoing updates of current access privileges of every identity entered into the system
- The ability to validate identities for all locations of the enterprise, locally, nationwide and worldwide
- Instant, automatic updates for new personnel, new or lost certifications, vendors and subcontractors
- Authorization for every employee or visitor in any enterprise building
- Management of all relevant compliance issues
Reducing the Risk
Implementing Veristream’s visitor management and iSiteAccess software solution can help organizations preserve their existing investments in technology, reduce future costs and simplify many complex procedures. Not only do they improve overall security, Veristream’s systems are easy and cost-efficient to purchase, install, deploy and maintain. These robust and technologically advanced software solutions address the challenges otherwise vulnerable enterprises face by providing a policy-based approach to verifying identities, managing and enrolling ID badges in diverse picture archiving and communication systems, and validating and processing individuals seeking to gain temporary or long-term access to a facility, guarding against fraud and cultivating real-time audit and compliance.
Automating visitor management and access systems makes it possible for enterprises to set rules, controls and policies that are maintained and updated instantly, as well as onboard identities and maintain correct authorization and provisioning for every identity in real time. Most importantly, all Veristream products and systems can be polled, programmed and controlled from any PC with an internet connection.
In addition, facilities also gain a protective layer to keep authorized visitors moving smoothly from check-in to check-out, and keep unauthorized individuals out.
Veristream helps enterprises to not only meet homeland security objectives but also their own internal security requirements. By developing a focus on visitor security – ensuring that no unauthorized individuals find opportunities to access technology or facilities they are not permitted to access – businesses, commercial buildings, and enterprises are better equipped to protect their employees, visitors, and products.