If an organisation manufactures, designs or develops something, there will be intellectual property that may be of interest to other companies or people. Most importantly, organisations have a responsibility to keep their employees safe at work. For all of this, you can use access control systems to secure parts or a building, site or estate.
Access control, isn’t, however, limited to ‘keeping the bad guys out’. It may also be used to ensure that employees are kept safe.
Imagine, for example, a plant where chemicals are handled or manufactured and lots of dangerous equipment is in use. In this instance, we may want to ensure that only people who have had specialist training for the equipment can gain access to that area.
Why not use another method, such as a key or mechanical PIN Pad?
Keys don’t restrict access to a location based on a specific time or day. If someone has a key, they can enter an area any time they like. Keys can also become expensive to manage. On the surface, keys appear to be cheaper than an access control system.But the time and effort involved in duplicating, issuing and returning keys, and replacing locks when a key is lost or stolen, quickly adds up.
When it comes to PIN codes , when was the last time you routinely changed the code? Do you always change your code when someone leaves your organisation to prevent them gaining access?
The information an access control system needs to work:
An access control system is primarily interested in three things:
An access control system needs to identify people, or vehicles if it’s controlling vehicle access. We might use an identifier, such as a card, PIN code or biometric credential such as a fingerprint to identify people. For vehicles, the number plate is often used as an identifier. Or we can use long-range tags for vehicles so the system knows who we are.
An access control system also needs to know where we’d like to go so it can determine whether we should be allowed to go into that particular area. For this purpose, entry is based on access through a physical door, a group of doors, vehicle gate or turnstile.
Once we have identified ourselves and where we’d like to go, an access control system is also interested in when we’d like to gain access. Some organisations may impose time restrictions to prevent employees accessing the building outside of core working areas.
We also need to take into account public and bank holidays as some organisations don’t want their employees gaining access to their building during a holiday. And we need to consider regulatory compliance requirements in some industries – for example, financial services. An employee may not be allowed to enter the building if they are on annual leave, for example.
The who, where and when is typically combined into an authorisation template or profile. The access control system then uses this authorisation template or profile to decide whether to allow or deny access.
Authorisation templates are usually governed by the organisation’s security policy, but may also be linked to a specific job role, such as an IT technician or security officer.
Some authorisation templates may be quite broad in scope and could, for example, allow access to all zone one doors on an entire site or building. Or they could be very specific, such as the six IT professionals who have access to the data-centre door.
Do you have any questions or comments on access control? Please feel free to email us at firstname.lastname@example.org