Major Imtiaz Ahmad Malik ( R ) Tamgha-i-Basalat , a result oriented Chief Executive of Reichert Security Services (Pvt) Ltd with vast experience at operational and strategic levels in Pakistan Army. Managing international organizations and operations with proven success
Access control is paramount important for the security of coworkers and for the safety and information. For superior access control systems, the organization can have layered security which restricts all unauthorized entries in a befitting manner. The access control system should provide complete record of in/outs, Stay time, movements, authorized access attempts and unauthorized access attempts. Similarly, information security is protected. Information should travel on need to know basis.
The definition (Wikipedia) of access control is, In the fields of physical and information security, access control (AC) is the selective restriction of access to a place or other resource. Permission to access a resource is called authorization.
Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft or terrorist attacks whereas information security is the practice of protecting information by mitigating information risks, It typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information.
First of all we see the risks of access control then we can easily evaluate the mitigations and counter measures and good practices.
It is for sure that aantivirus won’t stop a physical attack but for the purpose, physical security would be required. Without proper protection measures in place, your business is left vulnerable to physical threats.
Deceptions in Access Control
Most workplaces are secured by some type of access control, whether a locked door or a swipe-card access point. These physical security measures are, unfortunately, easily deceived.
When multiple people pass through doors, and only the front person shows identification or swipes card. The people following behind get the opportunity to get success without following the access control protocols.
1. How to overcome the Deception
- Fixing of anti -tailgating doors.
- Deployment of hi-quality guards
- Implementation of access control policy strictly.
- Hardening Physical Access Control Measures
(1) Physical access control can be made harden to stop the vehicles through barriers, bollards, crash gates (Steel Gates with sliding designs), vedge, Drop Arm (Could be manual or the electronic).
(2). Portable barriers can also be used like plastic barriers which can be lifted on place to another. The same barriers can be devised also. The aim must be cleared that barriers should work efficiently to block or stop the vehicles.
Bollards can be fixed, moveable. Steel bollards are generally fixed and the plastic bollards can be removed easily and shifted from one point to another.
(3). For the facility entry turnstile gates integrated with electronic device can prove effective measure for the control entry of the pedestrians.
Theft of documents
Your office is likely to have papers and documents lying around in many places, from desks to printer stations. Sensitive documents can easily become unaccounted for – and fall into the wrong hands. Even if they are not taken from the office, a visitor could see information that you wouldn’t want them to see.
1. Measures to Overcome
a Clear Desk Policy.
- It good to keep your belongings safe. If you are working in a large office or even small office, clear desking policy will help you to keep your belongings safe.
- You may not have thought over it but by clearing the desk daily, you can save your money by not losing your important documents, project information and other valuable items.
(b) Keeping Laptop or the computer screen visibility limited.
(c) Keeping diaries and note books well within control.
Un-Vetted and unaccounted Visitors and Guard’s duties
Un-vetted and Unaccounted visitors pose a grave risk, they can plan and execute a negative activity selecting their own time and day. For an instance, some incident happens, it would be difficult for the organization to check the details of visitors as they were not recorded.
2. Check on Visitors
- Check through Guards
- ID Doors and visitor passes
- Identification cards
- Biometric for the registered people.
3. Guards Duties at Access control
a. Handling the guests and Invitees
The normal procedure for handling the visitor depends on the types of visitors. whether the visitor is planned, unplanned, or a VIP, etc.
- Guard should complete all the access control protocols in relation to identification.
- If advance notification is done through advance notification form, then he may have identification information already and can Talley the data for confirmation.
- If guest has some appointment, guard should confirm it by the office barer who has invited him or fixed the appointment.
- Guard should issue visitor badge / card before allowing him to proceed inside premises.
- Record the entries.
b. Deliveries of Assets /Stores
- All the organizational SOPs should be implemented. All stores arriving at Access Controlling Points (ACP) should be properly checked as per the given check list.
- Guard should complete the screening.
- Make record of delivery items like Parcel, mail, food, commercial goods. Perishable items should be inspected for the its health.
- None should be allowed to be delivered for which permission is not granted.
c. Venders Access
- Guard should carryout screening.
- Should check authorizations
- Nature of visit, if vendor is making visit of some maintenance team, nature of work must be asked.
- Recording entries on log book
- Issue the proper access badges and record the badge details in the visitor logbook, mentioning date and time.
4. Guard’s ACP Record Details
Guard should maintain following records at ACP.
- Checking authorizations
- Search of people and the vehicles before allowing to enter.
- Log Book Entries should include name, ID details, vehicle details, location, pass number issued, time and date, signatures
5. Guard’s Exit check list
- Search of outgoing vehicle
- Search of personnel
- Depositing back of the visitor card already issued,
- Ensure same vehicle entered the premises /site on which time and date
Employees, at times, commit crime of steeling identifications
You will observe that own employees do not take it as a crime or the offense using someone else’s identification for access or the exit, meaning by there is no access control at all. The violators may be dealt using organizational policies.