Reliability a fundamental in visitor management
November 2018, Access Control & Identity Management, Integrated Solutions, Security Services & Risk Management
With the rapid evolution of biometric technology, there are many options available in the marketplace that promise varying levels of performance. This can create a quagmire of choices for security decision makers. The most important elements for consideration in our demanding South African environment and to satisfy the need for maximised security, would be reliability with limited downtime.
With the need for reliability it is wise to link the security system to the source data, in this case the institution’s enterprise software or an estates management software. “The most successful implementations, where data reliability is optimised, can be found in projects where there is a deep integration between the source/host data and the access control solution. This also contributes in many cases to the elimination of manual entries by operators and security,” says John Powell, CEO of Powell Tronics.
On the physical access side and due to the often-harsh outdoor installation requirements, the technology performing the identification function must be robust and be rated for outdoor use. Choosing a product that is well tested in your particular vertical market with a solid track record in South Africa is vital.
Some of the new technology that is available focuses on contactless biometric terminals that use either face (still susceptible to ideal environments) or wave technology (extremely forgiving and fast).
The most challenging user group for these sites is effectively managing visitors as this is often the most vulnerable point, with many unique site complexities to manage. Again, a visitor solution that is fully integrated with the source data, access control and visitor management removes various pitfalls that occur when these various systems are not operated in a unified manner.
Optimal reporting is all about the quality, integrity and availability of the data that is being reported on. Where there are large numbers of users with complex access requirements it is essential that the reporting is done based on individual requirements.
If the access control system and, for instance the visitor management system, are not fully linked there will be no way of reporting on a visitor’s entry or exit through the access control system.
With a fully integrated solution you would be able to take advantage of the ability to schedule an automated report that will provide vital data such as contractors remaining on site after a particular time or those visitors who are on site in the event of an emergency. Often sites have internal access points that allow limited authorised access, which requires specific management and reporting.
Through deep integration, if the source data is coming from the site’s membership, enterprise or estate software, elimination of data entry by security can be drastically reduced and ensures accuracy and improved performance with added reliability. By instituting features like pre-authorisation through host validation one can eliminate the security officer from the equation in terms of decision making, thereby allowing security to focus on the security aspect of the entry and exit points.
Compliance is key
The PoPI Act is based around the principles of consent and purpose. This is not a South African phenomenon as can be seen globally through EU legislation around GDPR. Security companies and other organisations may only collect personal information from a visitor (data subject) with their consent and for the specific purpose of visiting the premises. Further to this, the manner in which information is stored and collected needs to be conducted in line with the PoPI Act. It is important that appropriate and reasonable organisational and technical measures should be implemented.
Cybersecurity protection practices such as the use of encryption on computers or tablets and smartphones demonstrates responsibility taken by the estate, thus ensuring appropriate data privacy action steps are being taken. This will include password-protected databases which are hosted and under the security umbrella of the site’s network where an SLA should be in place to cover the responsible disposal of data collected.
The PoPI Act does not place emphasis on the duration of time personal information can be kept, rather that personal information should not be kept longer than is reasonably necessary. The principle that should be applied is that when the validity of the purpose for which personal data is being stored is no longer applicable it should no longer be kept. It is permissible to keep it longer for reasonable business purposes but this must be defined in an approved retention policy.
Powell believes that one should first establish the site requirements before installing a backend system. This leads to critical emphasis on the infrastructure required and focuses on aspects such as visitor management, access control, CCTV and even the logistical considerations for contractors who require access to the site, since there may be a need for separate entrances.
“Due care must be given to areas such as ease of access or convenience, and what level of security the site needs in order to keep occupants safe and enhance the flow of traffic in and out of the estate or premises. Foresight must be given to the growing demands and future-proofing that may be required in order for the site to function optimally. Scalability and budgeting components will also need to come under the spotlight in comparison to the value proposition sought by respective stakeholders,” says Powell.
For more information contact Powell Tronics, 0861 784 357, email@example.com, www.p-tron.com