Visitor access control doesn’t always happen smoothly and trouble free and every once in a while you may come across different situations which may pose a threat to your organization.
Looking at the competition, we learned that almost all visitor management solutions employ 2 functionalities to deal with this aspect:
- List management – which is a useful feature, especially when you have traffic intensive locations
- User access rights set in the access control system – this feature is provided by manufacturers of access control systems but in our opinion it doesn’t really qualify as a security incident. One may be mistakenly use the access card / tag and, regardless of his/her intentions, since he/she does not get access into the room or premises, it doesn’t really count as an incident.
The value of an access management system consists in its ability to provide timely warnings and to efficiently deal with such incidents. We felt that much can be improved in this area so we talked to our clients and learned that most access incidents do not involve by-passing physical barriers and systems but rather fooling the access procedure. Two of the most used methods identified through our research are:
- Modifying access logs (performed by the access guard or with the guard’s complicity)
- Using improper documentation – especially in cargo access (for instance using the same cargo documents several times which resulted in more merchandise leaving the warehouse/factory than it was supposed to)
One of the most difficult tasks we faced in developing SPAccess was the app’s ability to provide useful data in a timely manner in order to prevent or to stop security incidents. The difficulty resides in the fact that most such successful actions are performed with inside help and/or security complicity and that means the system can be easily tricked and manipulated.
In order to prevent, or at least to minimize, the occurrence of such situations, we developed and implemented a couple of functionalities with the specific aim of delivering you timely and actionable information. We believe these functionalities provide our clients with increased control over access process and procedures and with a solid base in their internal investigations:
- Activity logs – all activities performed into the app are stored and you can see who modified what, when and from which value to which value. The data is stored for the period of time mentioned in your plan and can only be accessed by admin users.
- Sensitive data alerts – the logs require a lot of time to go through and they are of no use unless you know beforehand what to look for. Some of the data stored in SPAccess visitor management app are sensitive (e.g. seals, cargo documents, cargo weight) and whenever there is something suspicious (e.g. data editing, duplicate data), you receive a notification and a potential security incident is generated.
- Security incidents log – all these potential incidents are stored in a separate list which can be accessed only by the designated inspectors. By default, the status of every incident is “new” but it can be changed to “investigating”, “processing error” or “security incident”. This is a simple way of keeping track of things. You can even export the data for further analyses and comparison to other locations.
- List management – SPAccess provides you with 3 lists: “VIP List”, “Gray List” and “Black List”. You can add or remove a person from the list with a single click. For every access of a person included in any of these lists, a notification pops up so that the employee at the access point can take the appropriate measures.
We are in constant contact with the market and our clients so that we can further develop new ways of gaining insights and warnings with respect to security access incidents. Should you have an idea or a need, all you have to do is contact us and we’ll try to implement it into SPAccess.