Temporary Blacklist

Temporary Blacklist

Here, at Security Portal, we are constantly trying to improve our products so we keep in close contact with our customer and the security market as a whole. In this context some of our clients requested a new feature in our visitor management app – SPAccess – namely the possibility to generate temporary Blacklists.

This feature is different from the Graylist which wants to give you warnings for potential risk generating persons and also from the classic Blacklist which provides a basis for not validating someone’s request for access into the premises based on past experience with that person.

The Temporary Blacklist can be used as a tool to increase conformity. For instance, you may require suppliers and transportation companies to abide to a set of rules or they may be not granted access to your facility for a certain period of time.

So, how does it work? Quite simple! All you need to do is log in the admin console and set up the predetermined period of times you want available for your operators (15 days, 30 days, or any other period of time expressed in days). When the operator adds a person or a vehicle to the Blacklist, a new window will display asking him/her to opt for one of the available periods of time which will be associated with the black-listed item: permanent or predefined periods of time as set up by the admin. The person/vehicle is added to the Blacklist and, if the operator opted for one of the periods of time defined by the admin, at the end of the period the black-listed person will be automatically removed from the list. Also, every time a person is added to or removed from the Blacklist, the admin and the inspectors will receive a notification.

We hope you will be making use of this new feature and we are waiting for other suggestions from you!

Share on:
Access Control Guard

Visitor Management and Access Control Incidents

Visitor access control doesn’t always happen smoothly and trouble free and every once in a while you may come across different situations which may pose a threat to your organization.

Looking at the competition, we learned that almost all visitor management solutions employ 2 functionalities to deal with this aspect:

  • List management – which is a useful feature, especially when you have traffic intensive locations
  • User access rights set in the access control system – this feature is provided by manufacturers of access control systems but in our opinion it doesn’t really qualify as a security incident. One may be mistakenly use the access card / tag and, regardless of his/her intentions, since he/she does not get access into the room or premises, it doesn’t really count as an incident.

The value of an access management system consists in its ability to provide timely warnings and to efficiently deal with such incidents. We felt that much can be improved in this area so we talked to our clients and learned that most access incidents do not involve by-passing physical barriers and systems but rather fooling the access procedure. Two of the most used methods identified through our research are:

  • Modifying access logs (performed by the access guard or with the guard’s complicity)
  • Using improper documentation – especially in cargo access (for instance using the same cargo documents several times which resulted in more merchandise leaving the warehouse/factory than it was supposed to)

One of the most difficult tasks we faced in developing SPAccess was the app’s ability to provide useful data in a timely manner in order to prevent or to stop security incidents. The difficulty resides in the fact that most such successful actions are performed with inside help and/or security complicity and that means the system can be easily tricked and manipulated.

In order to prevent, or at least to minimize, the occurrence of such situations, we developed and implemented a couple of functionalities with the specific aim of delivering you timely and actionable information. We believe these functionalities provide our clients with increased control over access process and procedures and with a solid base in their internal investigations:

  • Activity logs – all activities performed into the app are stored and you can see who modified what, when and from which value to which value. The data is stored for the period of time mentioned in your plan and can only be accessed by admin users.
  • Sensitive data alerts – the logs require a lot of time to go through and they are of no use unless you know beforehand what to look for. Some of the data stored in SPAccess visitor management app are sensitive (e.g. seals, cargo documents, cargo weight) and whenever there is something suspicious (e.g. data editing, duplicate data), you receive a notification and a potential security incident is generated.
  • Security incidents log – all these potential incidents are stored in a separate list which can be accessed only by the designated inspectors. By default, the status of every incident is “new” but it can be changed to “investigating”, “processing error” or “security incident”. This is a simple way of keeping track of things. You can even export the data for further analyses and comparison to other locations.
  • List management – SPAccess provides you with 3 lists: “VIP List”, “Gray List” and “Black List”. You can add or remove a person from the list with a single click. For every access of a person included in any of these lists, a notification pops up so that the employee at the access point can take the appropriate measures.

We are in constant contact with the market and our clients so that we can further develop new ways of gaining insights and warnings with respect to security access incidents. Should you have an idea or a need, all you have to do is contact us and we’ll try to implement it into SPAccess.

Share on:
Visitor Management Badges

Top 5 Reasons You Need a Visitor Management App

During our presentations, we were asked many times about the advantages of a visitor management app and why is it important to have one. Some people say all the features of such apps can be easily replaced with a carefully designed and implemented access procedure. I agree only in part with this approach because I believe there are a couple of things that an app does in addition to or better than an access procedure. You can see my top 5 reasons you need a visitor management app below :

1. VISITOR MANAGEMENT APPS PROVIDE IMPROVED COMPLIANCE

Many times, especially when you come across a security incident, you run into the difficult task of gathering data from different sources such as your access log, video surveillance system, other documents (cargo documents, access documents). It is in these moments you realize your system is not working properly because data are incomplete and with mistakes.

A visitor management app has several functions in place in order to avoid the appearance of incomplete or corrupt data. Although each app may have different specific functions, two of the most common are the mandatory fields which must be filled in and the data input format which may correct faulty input (for instance the Social Security Number format).

2. VISITOR MANAGEMENT APPS CAN BE AUDITED

A good application provides its users with auditing tools. Whenever I consult hard-copy access records I see occasional data corrections which cannot be traced back. One can never say who modified the data, when, for what reason and from which value to which value. This type of information could prove extremely useful in delicate moments or in security related investigations.
An app usually keeps a log of all or certain operations performed by users which may be consulted when in need of such information. Also, there are instances in which you can never retrieve this type of information like in the case of former employees.

3. SPEED, AVAILABILITY AND ACURRACY OF DATA

This reason is valid for any type of application as compared to hard copy systems. The arguments are well known and they are provided by different options and functionalities such as backup, remote access, auto fill in, editing and so on.

4. REAL TIME NOTIFICATIONS / ALERTS

This functionality proves itself especially useful for new employees and security inspectors / managers. New employees require a certain amount of time to learn the rules, persons and so on but this should not be transparent to the visitors. In this case, it’s enough for the new employee to learn the basic elements and the app will prompt her/him every time she/he needs to take special action.
Also, inspectors and managers dealing with security may be informed about specific situations and persons (ex: watch list) so that they can act accordingly.
Hard copy logs / registries cannot provide these alerts and one needs to check every element against printed lists which means longer access times and a poor identification rate.

5. DATA MANIPULATION

One of the most useful functionalities provided by visitor management apps is the ability to manipulate data. Some solutions provide a good amount of data (list management, access KPIs and so on) within the app itself and almost all solutions offer you the possibility to export data in excel or other formats that allow calculations.
By opposition, hard copy systems require a person to go through recordings and take notes or make a new evidence with all the data of interest. Also, if you need to update the data you need to restart the process from the very beginning or from the last point of reference whereas in a visitor management app you simply apply a filter and export the results.
These data and calculations can be used for various purposes such as improving operational KPIs (for instance gate-to-gate time) or to better managing the peaks of activity.

CONCLUSION

We believe that in order to have a decent visitor access and management system, one needs to implement an app. However, an app can only record data and run some algorithms and therefore it should be used as a tool to augment the capabilities of the receptionist or access control personnel.
This is especially true in case of crowded places (such as office buildings), sensitive places (such as government facilities or research facilities) and data intensive places which require lots of data to be captured, processed and stored (such as warehouse or production facilities).

Share on: