Hi-Tech Security Solutions asked three experts in the field of visitor management – Mark Paynter of TerPay Security Advisors, Gary Swart of Rhyco Risk Projects and Tim Timmins of G4S Secure Solutions – to share their insights into the features and future of visitor management solutions.
Hi-Tech Security Solutions: What are the latest trends in visitor management processes and solutions?
Paynter: Four key areas that are trending are compliance, cloud, real-time/live intelligence, and interoperability and integration.
Solution providers and end-users alike are becoming increasingly conscious about what truly compliant data security and personal information security best practice entails. Solution providers or manufacturers who are unsure as to what the PoPI (Protection of Personal Information) Act and ECT Act entail need to familiarise themselves with legislative requirements for collection, processing and storage of visitor (personal) data and should also audit their systems accurately before claiming solution compliancy. Failure to do so can often mean that their claims are misconstrued by the market as intentionally misleading to end users or that they have an insufficient interpretation of the legislation.
Secure, compliant, managed cloud databases which offer live database integration and multi-site collaboration are the next major step in visitor data management. Cloud data hosting allows for more dynamic management and analysis of data than an isolated database. Violent crime rates are at an all-time high and the ability to live flag/blacklist a vehicle or person identity across multiple sites or even nationally adds value to a visitor management solution and greatly reduces a client’s risk.
As opposed to traditional ‘dumb’ or non-intelligent recording of visitors’ details, a value added intelligent visitor management solution should offer the ability to interrogate and verify that visitors are who they say they are. At the very least, a decent solution has the ability to perform a live identity check and verification.
The evolution of technology is compounding a growing demand for simplicity and usability without the need for additional specialised skills or training. Manufacturers and solution providers are recognising trends and are eventually recognising the importance of visitor data analytics, system administration/management via mobile devices, as well as general visitor management interoperability and integration. Visitor management solutions which offer value added benefits such as programmable APIs, managed web data streams, or innovative data analytics will in turn simplify integration into existing security systems such as control centre platforms, ERP platforms, visitor alcohol testers, label printers, patrol management systems etc. This in turn will likely ensure a higher adoption rate by end users.
Swart: Modern visitor management systems should be integrated into the premises’ or building’s access control system to actually track the visitor. By making use of a fully integrated system, the specific host can firstly be notified via SMS or e-mail that the visitor has arrived. Thus, time is saved and the host immediately appears much more professional by being ready to receive the guest. A better user experience is therefore delivered to the user and visitor by being fully computerised. Should the visitor be pre-registered by either the host or the reception, tracking the visitor in case of an emergency will be completely possible, therefore creating a safe and efficient environment for both the visitor and the company.
In the modern era we are living in, why not use the smartphone for visitor management? Companies like HID have taken the next step – phones, tablets, wristbands, watches, etc. are now becoming available as access control devices. Access control has now become smarter. By using a personal device such as a mobile phone, the user is freed from having to carry a specific ID token, which can be inconvenient and easily forgotten or mislaid.
Timmins: Visitor books and front desk registers are definitely out. Expensive, time consuming, meaningless data and against the privacy laws in pretty much every country, replacing these two die-hard systems for visitor management is the biggest change facing most companies in this area.
What is in is electronic, quick products and systems that capture reliable, usable, reportable data thus reducing wasted time, costs and energy. The requirement for these systems to be privacy compliant is a critical element and certainly driving changes in how the systems work. Some of the latest trends in South Africa include scanning of drivers’ licences and barcodes on new ID cards, as well as systems, such as Biovault, that link to the Home Affairs database for live verification of data.
Hi-Tech Security Solutions: What functionality is required from visitor management systems, now and in the future?
Paynter: Driver’s licence and barcode scanning capabilities are a must. Other important features are fingerprint sign-off or LCD screen signature via stylus to prove consent, data encryption capabilities and live ID screening. Off-device data storage and cache purging functionality is also vital for PoPI compliance.
Features I’m eager to see coming out in the future are proof-of-visitor consent to be incorporated into non-compliant solutions by means of fingerprint sign-off or LCD screen signature via stylus; identity verification against the Department of Home Affairs’ new smart ID card; SSL on all web based visitor management platforms; 3D facial recognition of visitors’ photos against wanted databases; data encryption capabilities; video surveillance text feed overlay integration for post-incident forensics on the PoPI compliant systems (this is available, however the systems offering this are not PoPI compliant); video calling from device to host as a further visitor clearance and authentication step; more exciting analytics of user data; and wider collaboration between law enforcement and security companies in maintaining and real-time referencing wanted criminal and stolen vehicle databases.
Swart: The term ‘access control’ refers to the practice of restricting entrance to a property, building or location to authorised persons. There is no question that integration of systems will be a key factor in the future of access control management as the benefits are numerous. This will offer greater levels of interoperability and make it much easier to assess incidents and analyse events from beginning to end. Video analytics such as people counting and the prevention of tailgating (one of the biggest access control issues) will improve security and lower reaction times. Analytics such as detection of aggressive behaviour are even implemented at certain airports as part of access control.
Timmins: Visitor management should always follow the following basic functions in order to be a successful system in today’s market:
• Fast – the system should not cause delays or make visitors wait to be served at gates and reception counters.
• Reliable data – the system should collect reliable, valuable data which should be stored in an electronic format, in a database.
• Reporting – the system should allow for accurate, simple and non-repudiatable reports to be generated.
• Privacy compliant – the manner in which the data is collected, stored, reported and disposed of should be privacy compliant.
Hi-Tech Security Solutions: Is the use of cloud storage and management becoming more common?
Paynter: Most definitely. If done correctly, the benefits of cloud storage far outweigh the risks of local, unmanaged and often poorly secured data storage. ‘Big data’, intelligent data analytics and cloud hosting, are three major trends which will continue to dominate our lives for some time to come. In fact, Gartner recently advised that the worldwide public cloud services market is projected to grow by 18% in 2017 to total $246,8 billion, up from $209,2 billion in 2016.
Why is this? Well in layman’s terms, any data stored remotely on a server which has Internet connectivity is theoretically in the cloud anyway, which means that more than 75% of all data nowadays is cloud-based. The major difference between data on a backroom server and data stored in an official, correctly managed cloud is the level of security and dynamic data protection systems.
Enterprise level hosted cloud systems which are engineered correctly, and actively managed by experts, offer numerous benefits. These include shared cost of cutting edge hosting infrastructure, skilled enterprise level management of infrastructure and cloud systems by specialised service providers, and simplified, yet highly advanced and secured bi-directional tunnelled transport and access of data.
Swart: There is a growing trend towards integrating access control with business systems to provide more control. Closer integration with other services and the IP system means software is becoming a far more dominant consideration in access control management. The importance of using the Internet and cloud storage for access control is becoming more useful. Companies with multiple branches or even unmanned sites can institute effective control for employees, contractors and visitors.
The involvement of IT departments in taking control of the elements of security in businesses, and managing and controlling the data, brings a new dimension to controlling access. This cuts down on redundancies and duplication of data. The visitor management system becomes a digitalised process with increased integration and more data collected. There is greater potential for processes and devices within visitor management to relate to other devices and processes by making use of the Internet and cloud storage. Visitor information is stored in a computer database, which allows the owners of the company to search, sort, analyse and retrieve visitor data, and to generate reports on visitor data to know who was visiting the facility at any date and time in the past, or know who is in the building at present.
Timmins: In South Africa, this is still in its infancy. Unreliable Internet and security guards/entrance booms that seldom have access to the Internet, mean that most South African systems tend to offer a local, site-based solution. However, more and more applications, including Biovault, are using the cloud to provide security as a service (SECaaS), which is ultimately where the entire industry will end up in a few years time.
Hi-Tech Security Solutions: Are solutions designed with guards who may not be that technically literate in mind?
Paynter: Yes and no. 99% of the PSiRA registered workforce are competent and literate in the use and operation of smartphones. Most systems are easier to operate than a mobile phone or a mobile GPS guard patrol system.
It is important for manufacturers to follow an operational design which forces the user to follow a standard sequence of events as part of an operational procedure and design. The more fields which can be automated via barcode scanning, the less chance of user error or system fraud. In my experience only a small percentage of available systems may be too complex or specialised for the average user.
Swart: Checking in a visitor and providing an environment to welcome a visitor is an important part of a company’s operations. Thus, users have to rely on today’s more advanced visitor management systems, especially in this increasingly connected world. Due to access control systems becoming a more IT controlled issue, the guard or reception person has to become smarter in enrolling new employees and visitors. This brings a requirement for a guard to effectively work with the general public, i.e., visitors, to do enrolment more effectively. The computerised visitor management system should become more effective and user friendly for the company, guard and visitor alike.
Timmins: In our opinion, most systems are not designed with the security guards or receptionists in mind. This has been a key driver for iPulse. Our systems were designed in such a manner as to drive all complex functions into setup applications designed to be used by trained and certified installers, whilst the front ends have been designed for absolute simplicity and require a minimum amount of IT literacy to succeed.
Hi-Tech Security Solutions: Are systems designed with integration in mind and are integration features actually being used?
Paynter: Entry-level solutions mostly offer limited integration functionality, but the best of breed solutions, such as the EVIM solution, offer modular and therefore infinite integration possibilities. The most common use cased in my experience are integration into wanted databases to flag high risk ID numbers or vehicle registration and VIN details; gate/boom automation after the scanning procedure is completed and the visitor is cleared for entry or exit; integration to label or card printing setups or to Bluetooth mobile label printers for printing of visitor labels; API pull of data feeds or managed web data streams pulls into ERP systems etc.; integration into electronic visitor alcohol testers; mobile app integration; and truck weighbridge integration for accurate recording of goods vehicles in a logistics process.
Swart: Visitor management systems are currently being used as fully integrated systems, but as standalone systems as well. Several access control platforms do have visitor management systems integrated. In certain cases, the level of integration varies, however should the building or business owner opt for an integrated system, it is always advisable to consider a fully integrated system. Additional advantages are to efficiently control access in the case of emergencies such as fire. Access can thus be limited and controlled by making use of CCTV and evacuation systems which can thus be fully integrated, and ensuring a complete management system.
Standalone systems can be used very efficiently, especially at guarded entrances or gates such as in housing estates. These systems can be cloud-based and can be part of a well controlled, centralised database. In these scenarios, it will be the guard informing the host that the visitor has arrived.
Timmins: Most visitor systems are not very well integrated, and tend to drive a standalone functionality which is not nearly as useful as a fully integrated system that caters for visitors, contractors and employees in one coordinated manner. The iPulse VisitorIQ application is fully integrated with the G4S XTime solution, allowing the visitor component to run as a complete and controlled component of the overall access control system.
Hi-Tech Security Solutions: Since visitor management systems store personal information, what about PoPI compliance?
Paynter: The recent implementation of the PoPI Act makes it imperative for service providers or hosts to record, manage, process and store visitor information in a responsible and compliant manner. In my opinion, this is a good thing. I would far rather allow my personal details to be recorded and managed by a PoPI-compliant system than by a redundant visitor register where my sensitive information is susceptible to fraud, manipulation and misuse.
The traditional paper-based visitors’ books are definitely not compliant and many entry level visitor scanning devices are also not PoPI compliant. Handheld devices which store the data on the device and offer no fingerprint or signature consent proof are not compliant.
For a system to be PoPI compliant, a number of requirements must be met, including: securing data as far as reasonably possible; post record proof of data subject consent; giving visitors the ability andmechanisms to access their data, and to request to opt out or to have data destroyed; valid reasons for data collection; transparency and accountability on how data will be used as well as accountability and tracking of who has access to a visitor’s information, and notification to the data subject if/when the data is compromised; and the integrity and continued accuracy of the visitor’s information.
It is vital that visitor management solution providers adopt a multi-faceted approach to ensure security throughout the data lifecycle. To do this, safeguards need to be implemented at the design stage and would encompass everything from the security and integrity of the application coding through to data transport and data hosting security.
Timmins: There are some key issues that need to be dealt with for a system to be PoPI-compliant. The manner in which the data is collected, who has sight of it, and how long such data is visible, is key. For example, using an eSkan, the data shows up on a screen which only the security guard can see, and after a few seconds, this display clears, removing the data from the device and sending it to the local database for storage. After that, it is not seen again. Compare this to most carbonised guard books, where all the data is shown above for everyone to see, as long as the book is around.
The place and security of where the data is stored is critical. Being able to provide an auditable trail of who has access to the data, and when, is critical for PoPI compliance. In AccessIQ, data is stored in an SQL database, and all users of the system are required to log in with their fingerprints. A full report of who has logged in, and when, is available.
The ability to accurately report on data, both to individuals under request (a PoPI requirement) or for auditing purposes, such as Sorbains-Oxley compliance, is also a major tenet of any system that is PoPI compliant.
Finally, the requirement to hold data for a defined period of time, and then delete it, is the basis of all privacy laws. Most laws, PoPI included, stipulate that you need to be able to delete data on request of an individual. Imagine trying to do this with a guard book or visitor counter book, where often people don’t even know where these are kept.
For more information contact:
Mark Paynter, TerPay Security Advisors, +27 (0)74 566 3663, firstname.lastname@example.org, http://terpaygroup.com
Gary Swart, Rhyco Risk Projects, +27 (0)12 655 0748, email@example.com, www.rhms.co.za
Tim Timmins, G4S Secure Solutions, +27 (0)10 001 4541, firstname.lastname@example.org, www.g4s.co.za
|Tel:||+27 12 655 0748|
|Fax:||086 607 0555|
|Articles:||More information and articles about Rhyco Risk Projects|
© Technews Publishing (Pty) Ltd | All Rights Reserved