printer friendly version

Visitor management central to security

We have all had the experience of having to sign in at the gate of a company or residential complex before being granted access. Most of us have also sighed with frustration as we quickly scribbled in a tattered book, knowing that this so-called security was about as secure as a sign saying ‘no criminals’.

Readers of Hi-Tech Security Solutions will know that there are companies out there offering digital visitor management solutions that supposedly replace the visitors’ book and increase the security of managing people coming into one’s premises. But are these new visitor management solutions better? Hi-Tech Security Solutions asked a few people involved in the subject for their opinions.

Marius Coetzee

Marius Coetzee, CEO of Ideco Biometric Security Solutions, says visitor management is the biggest loophole in many access control systems today. “Visitors are basically received on face value and allowed to enter the business premises.”

It is more than a security issue, however, as Coetzee asks if organisations truly understand the reason a visitors’ book is required? Naturally security is one factor, but health and safety is another as legislation requires companies to “keep a register of the entries and exits contemplated in sub-regulation (1) and that register shall be available for inspection by an inspector ... Whenever in any legal proceedings in terms of this Act it is proved that any person was present on or in any premises, that person shall, unless the contrary is proved, be presumed to be an employee.”

The only recourse organisations have in the event of an incident is the visitor’s book, he adds, and that is generally a total waste of paper.

Gerhard Loots

Gerhard Loots, commercial director of ATEC, agrees that the typical visitor access book serves little to no purpose, due to the fact that the data is never verified. He recalls a situation in which a Mr A Robber entered a secure area via the visitor book on the same day as a car theft took place at a prominent business park in Gauteng.

Moreover, he says that even if the data was verified, the actual physical medium poses further problems in that handwriting is often illegible and, due to the nature of paper, searching for information can be quite tedious to counterproductive.

So how can technology help?

Coetzee says many organisations have discovered the value of biometrically enrolling visitors, capturing and verifying their personal information at the first point of interaction, ie, at the gate. “Ideco’s EVIM product is a good example of how the traditional visitors’ book can be replaced with a service in the cloud.”

Loots notes that ATEC first deployed drivers’ licence scanners in South Africa in order to achieve positive identification. “Our i-Dentifid product uses 2D barcode scanning in order to capture details from drivers’ licences and car licences. This information is then stored electronically in order to facilitate a user-friendly database query process. The practice of using drivers’ licence scanners in order to verify identity is starting to become a de facto standard at secure areas and is really the only expedient and legal way to ensure on-the-spot positive identification.”

Howard Marson

Looking internationally, Howard Marson, VP & GM for EasyLobby at HID Global sees many customers switching from the paper visitor book to HID Global’s EasyLobby Secure Visitor Management (SVM)system. “HID has sold approximately 10 000 systems worldwide that replace the paper and pen experience. The system provides a more professional, secure and automated way to manage visitors, ensuring that employees and visitors are safe and secure. Most customers use the software with a passport/driver’s licence reader to automatically capture visitor information and scan a photo without manually inputting the information. This reduces the time it takes to process and badge each visitor to less than 20 seconds.”

The card and RFID question

Many companies, while acknowledging the poor service paper trails provide in the visitor management field, also overlook the benefits of biometrics in favour of cards or RFID tags that are assigned to visitors and employees as well.

As an example, Marson says that in cases where a visitor or contractor requires temporary facility access to navigate through locked areas, unescorted, they are typically issued a temporary access card that the SVM software automatically activates for the appropriate clearance group and given time period. EasyLobby visitor management system is integrated with over 40 different access control systems to facilitate this streamlined access.

However, Coetzee believes issuing cards, PINs and RFID tags to visitors are an ineffective and costly way to manage visitors. “Competent access control solutions allow for visitors to be biometrically enrolled, either directly onto the security system or via a mobile biometric terminal such as Ideco’s EVIM.”

Loots agrees, noting that biometrics have come a long way and is the only true way of verifying identity positively. “We are not big fans of any non-biometric access system that does not contain verifiable and protected identity qualities, such as a driver’s licence or passport. A card that can be passed around is pretty useless, one assumes the identity of the registered card holder by mere possession.”

Of course, one cannot simply take your current visitor management processes and slap in a new technology solution, be it biometric or other.

Strategy determines success

“One first needs to look at the overall security strategy,” explains Loots. “It is no use having a decent visitor management system if the perimeter and surveillance control methods are non-existent. Assuming there are decent technologies deployed on perimeter and surveillance, the access control strategy should comprise both frequent and infrequent visitors.”

Frequent visitors such as contractors should be subjected to a standard operating procedure that not only verifies identity, but also assesses risk (individual profiling in terms of criminal background checks, for example, is a good prerequisite to allowing individuals into a secure area). By ensuring that the standard operating procedure is in place and being followed, you are immediately eliminating the majority of the issues. If you take a landscape contractor as an example, proper SOP would dictate that each person in the vehicle needs to be registered and checked, there is no sense in just enrolling the driver.

“For infrequent visitors, you need to capture the information electronically and there simply is not a better way of doing it than scanning the licence, if there was, we would have been selling it,” Loots asserts.

Coetzee advises that a good visitor management system not only enhances the security system at the customer’s site, but also:

* Fits in with the existing security protocols and simulates the way companies receive visitors,

* Is experienced as non intrusive by managing the visitor in a responsible manner,

* Offers functionality that enhances the visitor’s experience,

* Generates a lot of business intelligence for the site security manager, and

* Complies with all regulatory requirements.

Most importantly, he says a competent security solution will offer visitor management as an integral part of the access control system.

Supporting this, Marson says, “Deploying a system that is feature-rich, easy to use, has the ability to read/scan photo IDs and passports, and can be easily integrated with other security systems will make for a complete visitor management solution. The system should be customisable from badge designs down to the fields on the screen; be able to interface with hardware for reading/scanning IDs, and have the capabilities to integrate with access control systems.”

When asked what technology solutions he would advise a potential buyer to consider when looking at a new visitor management system, Loots says, “Firstly a decent network with layer-two switching capabilities and then Sagem (now Morpho) biometrics with a decent well supported access control controller such as Impro, Softcon or Saflec and ATEC’s i-Dentifid Visitor Management system.”

Coetzee is naturally inclined to support EVIM, but notes that the system chosen must be able to accurately capture visitor details and verify the information in real time. At the same time, it must seamlessly integrate with access control systems. Most importantly, the system must create a secure register of visitors on site, a record that can confidently be used in the event of an incident.

At the end of the day, while visitor management is often seen as a separate component of the security process, it cannot be if the company concerned is to have comprehensive control over its environment. It is, first and foremost, an element of access control and identity management that controls the access and permissions of strangers or infrequent visitors to a site.

With visitor management done properly, access control is easier to manage inside the building. When it is not done effectively, relying on scribbles in a book for example, your perimeter is already compromised no matter what other systems you have in place.

Share this article:

Further reading: