Managing access for visitors has always been something of a balancing act between keeping unwanted people out, and letting authorised people in. Particularly in a business environment, it is also crucial to make guests feel welcome and safe.
Knowing who to let in and who to keep out starts with identifying who they are, and technologies such as biometrics have come a long way towards eliminating the age-old joke of people signing themselves into a visitors’ book as Mickey Mouse. At the same time, visitor management is being further complicated by measures such as the Protection of Personal Information Act (PoPIA) in South Africa and the General Data Protection Regulation (GDPR) in Europe.
It has therefore never been more critical for companies to know what can, and what should, be done to manage access to visitors. Hi-Tech Security Solutions reached out for insights into this topic from Nicolas Garcia, regional director of sales at IDEMIA SA; Stephan Wessels, solutions consultant at Powell Tronics, and Mayleen Bywater, senior product manager for cloud security solutions at Vox.
Hi-Tech Security Solutions: What can be used to replace the scrappy visitors’ book?
Nicolas Garcia: Scrappy visitors’ books should be a thing of the past but we unfortunately still see too many of them out there. They are unreliable, unsafe and a disaster from a privacy point of view, as all the information is available to whoever casts a glance at it – or even worse, if your information is sold. Technology and solutions now exist to manage visitors in a more efficient and secure way. They are usually divided into two groups, known as assisted and non-assisted system.
With the assisted system, visitors’ information is captured electronically at reception or at the guard house by a dedicated person. Instead of using a keyboard, documents such as driving licence, ID card, passport and so on are scanned by a barcode scanner and the biometric feature can be used to validate the identity of the visitor.
With the non-assisted system, a self-use kiosk is generally installed in the lobby of the company and visitors capture their information, scan documents and capture biometrics themselves by following a process defined in advance.
Both systems are faster and more secure than the scrappy visitors’ book. Captured information is transferred to a secure location only available by authorised people.
Stephan Wessels: One of the biggest problems with the traditional visitors’ book is that the data is often neither legible nor accurate. With the introduction of portable scanners one can obtain the correct visitor information, conduct live verification and achieve fast, effective and accurate results. In addition, the post-visit electronic report data can be deemed to be far more accurate than any handwritten visitor information entered into a paper-copy book.
In instances where one is scanning a vehicle licence disc, one can quickly detect fraud simply by comparing the details on the disc to the number plate mounted on the vehicle. Furthermore, expired drivers’ and vehicle licences can be detected before the vehicle actually enters the premises. This is important in instances where the estate’s policies and regulations disallow the entry of people and/or their vehicles with expired licences.
There are two types of electronic data capture technology used: one with a camera and one with a laser barcode scanner. As a visitor management solution distributor, we’ve found that the laser barcode scanner produces more accurate results, faster, with enhanced security due to the decryption process.
Pre-authorisation using OTP (one-time PINs) can substantially shorten the queue of traffic waiting to enter an estate. It also makes the guard’s job much easier as it puts the onus on the homeowner or resident to manage their own visitors. Management of the site or estate has the benefit of meaningful reporting data, which ultimately assists in the overall management of the visitors and contractor entering and exiting the site.
Mayleen Bywater: The paper-based access control registers are being replaced by handheld scanners that allow guests (invited or unplanned) to be accurately verified. This allows businesses to know who has been on the premises and also that they have left (dependent on scanning at entry and exit). The paper-based method will soon no longer be compliant and is becoming obsolete as visitors are not accurately verified.
As security provides the frontline to controlling access to business premises, creating a seamless customer/visitor experience, while at the same time providing a critical security consideration, is important. With face and licence plate recognition, guests are welcomed at the gate, having previously provided their licence plate details to the host. Upon arrival at the building, they are met in reception by the host, who has been alerted to their entry to the premises. This approach eliminates the possibility of people wandering around the office park or premises.
Hi-Tech Security Solutions: Can visitor management be integrated with access control solutions?
Nicolas Garcia: On of the advantages of an electronic system is that it can indeed be integrated with other electronic systems such as access control. A visitor may be given access to certain pre-defined areas upon arrival and access can be removed automatically after a certain time or after departure.
Further advanced features can be implemented, such as dual-authentication when a visitor is allocated to a guest. In this scenario, the guest will present their biometric feature first but can only access an area after their host validates the operation with their own biometrics. If a visitor is linked to a host, the latter can receive a notification by means of SMS or email when the visitor has checked into the office.
Stephan Wessels: Absolutely, this is specifically one of our key directives. We offer both standalone visitor management solutions and fully integrated solutions. Ultimately the decision rests with the site/estate based on their requirements for how effective or strict the controls that they would like to implement. The stricter the controls, the deeper the integration with the access control solutions should be in order to take full advantage of all the features that are available from both solutions.
Mayleen Bywater: We have developed solutions that offer more integration between visitor management and access control. This facilitates integration into an office or home that enables access from the keypad on a mobile phone. Guards have access to visitors’ lists and can verify with the intended person to ensure access may be granted.
Hi-Tech Security Solutions: Have companies accepted cloud-based systems as reliable and effective visitor management solutions?
Nicolas Garcia: Companies are definitely embracing more and more cloud-based systems, for their convenience and for their relatively low investment and operating costs. Cloud-based systems are usually proposed as a service and charged as a monthly fee. Where hardware is needed, there is usually a once-off cost to bear and this cost may sometimes be partially or fully incorporated.
Stephan Wessels: Some companies have accepted cloud-based systems as an effective visitor management solution. This method provides additional ease of use but users need to be aware that it generally incurs additional monthly costs and heavy reliance on connectivity and the Internet. So, to cloud or not to cloud really depends on the level of security and convenience that the site requires within the realms of being PoPIA complaint.
Powell Tronics offers onsite systems that give the site/estate complete ownership of the solution with the added value savings of once-off costs, and no additional monthly hosting fees. In our five years of experience with visitor management solutions, we have found that a one-size-fits-all approach does not apply to visitor or contractor management, as virtually every implementation requires bespoke enhancement to suit the specific onsite needs.
Mayleen Bywater: Cloud services are growing exponentially, and if your business is not on board it leaves you behind from a technology and digital transformation perspective. Cloud is simplifying services for businesses, making it easier for them to access and use a whole host of services. It also brings down the cost of managing and maintaining infrastructure.
A business’s data is its number one asset and business intelligence that it wants to hold dear. With cloud the business has an audit trail of who has access to which systems and services, and what was updated or not updated. The cloud is a realistic and reliable option for visitor management as security is top of mind for cloud service providers. For businesses using video or facial recognition on a live feed and a continuous basis, an onsite environment would be better suited due to the amount of data traversing across the network and the resulting cost.
That said, if the business is using snippets and compressed data, then it is much easier to have that data in a hosted environment where the provider can manage the backend infrastructure. It is always a good idea to ask the cloud service provider about the security measures that are in place and whether it is necessary for the business to add its own measures.
Hi-Tech Security Solutions: Can guards or receptionists be expected to answer the data questions as PoPIA requires?
Nicolas Garcia: Responsibility for data should be not rest with a guard or receptionist but with the management of the company. With a book system, the data stays with the guard or receptionist and becomes their responsibility as well as the management of the company.
With an electronic system, the answers to PoPIA related questions should be straightforward and management can prepare a list of frequently asked questions that can be presented to guests if necessary. This list can include an email address of the relevant authority within the company for further questions.
Stephan Wessels: Most estates carry a disclaimer regarding PoPIA, whether it be a printed document handed to visitors, a signboard exhibiting the estate’s PoPIA compliance and use of data, or within a standard disclaimer notice that is presented to the visitor on the scanning device itself, which they can read and acknowledge by signing on the device as part of the admission process.
Mayleen Bywater: Guards and receptionists need to be trained to ensure that visitors/guests feel that their data, as provided upon entry, will be protected. PoPIA is intended to dictate how companies collect, store, share and discard personal information about visitors, guests and customers – it does however also require the business to be transparent about the information it is collecting and the purpose thereof.
Critically, GDPR aims to strengthen the rights of individuals regarding the processing of personal data, while ensuring free flow of data in the EU digital single market. It builds on existing legislation but also amplifies areas related to content and deletion period (amongst others).
For more information contact:
• IDEMIA, +27 11 601 5500, firstname.lastname@example.org,
• Powell Tronics, 0861 784 357, email@example.com, www.p-tron.com
• Vox, +27 87 805 0000, firstname.lastname@example.org, www.vox.co.za
|Tel:||+27 11 601 5500|
|Articles:||More information and articles about IDEMIA|
|Tel:||+27 87 805 0000|
|Articles:||More information and articles about Guardian Eye|
|Tel:||+27 11 543 5800|
|Articles:||More information and articles about Technews Publishing|
© Technews Publishing (Pty) Ltd | All Rights Reserved