printer friendly version

Implementing an access control system

Of all the security measures implemented by end users, physical access control arguably offers the most visible and pro-active measures to ensure that only authorised persons gain access to facilities at approved times.

Access control is naturally implemented in conjunction with physical barriers such as turnstiles, boom gates and door locks, and often with complementing systems such as electrical fences, fence detection systems, CCTV and video analytics to offer a more comprehensive and secure solution. Time and attendance (T&A) systems are often deployed on top of these systems, and if correctly implemented, provide the most effective manner of recovering the investment made by providing direct savings to the user.

Due to the physical nature of access control, it can be considered as the most intrusive security measure. It provides the most interaction with staff and visitors, and as a result, requires the most pro-active change management process to ensure successful implementation and acceptance. Access control projects are all too often completed successfully from a technical perspective, but fail to provide the envisioned benefits due to adequate change management not having been done to complete the implementation.

While by no means exhaustive, this article is aimed at providing a guide to understanding the dynamics of implementing a physical access control solution and the requirements for change management to ensure a successful deployment.

Implementing an access control system

The implementing of an access control system is an apparently simple concept, but one to be considered carefully if the correct solution is to be selected for the particular environment. The business needs to carefully consider a number of aspects in order to decide on the correct solution and the approach to be adopted.

Access control policy

The user must develop an access control policy that outlines the requirements of the solution. The policy is developed by considering the operational, health and safety requirements, and legal obligations the employer has in protecting staff and visitors while on their premises, as well as the security aspects of securing and protecting assets.

System and vendor selection

There are numerous systems on the market today that provide adequate access control functionality. When selecting a system, the users need to consider the specific requirements they have of their system and installer. Typical questions to ask in deciding which system and supplier to select may include:

* System features.

* System and supplier credibility.

* Service and support.

Project execution

After all the preparation is complete and the preferred system and vendor selected, the time has arrived to finally put it all in place.

Integrators approach projects in different ways depending on their particular preference and experience, as well as customer requirements, project size, site location and technical complexity. Aspects of project execution include: project award, project charter, detailed design, project plan agreement, design freeze, procurement, factory acceptance test, installation, system configuration, commissioning, user acceptance test, user training, documentation, hand-over, project review and service programme. Depending on project scope and complexity, certain of the functions may be combined.

It is important that the detailed design contains all technical and operational aspects of the new system that both client and supplier understand and agree on. This will ensure there is a common understanding of what the final solution will look like and that everybody works towards a common goal.

Going live

This is a critical phase in any access control project and can truly make or break the experience. As a result, it requires careful consideration.

The major decision to be made is what type of start-up or change-over process is to be adopted:

1. Phased change-over.

2. Big Bang.

With a phased change-over, the integrator typically makes one access point live at a time, retaining the old system until the new system is stable. The advantage with this approach is a smooth transition, but the down-side is the increased installation complexity.

The Big Bang approach, as the name suggests, means that the old system is removed prior to or during the new installation, and the new system goes live immediately. While this does provide for a clean changeover and simplifies installation, it does present a risk in that staff who have not been enrolled before the initiation date will not have access to the facility until they have been enrolled.

Planning the change-over

Regardless of which approach is taken, it is important to carefully plan the go-live process to ensure there are no hiccups. Critical steps prior to go-live that have to be completed include:

1. System commissioned and fully functional (this could be the entire system or area by area as in the phased approach);

2. All or the majority of staff have been enrolled;

3. Change management process is well under way and staff have been thoroughly briefed on the new system and what to expect when it goes live.

If any of the above is not in place, it might be better to delay the go-live date until such time as this has been done. It is better to be cautious here, as this is the day when employees will have their first experience with the system, and first impressions last. Consider alternate measures in case something goes wrong. This could range from an employee forgetting his/her new card at home, to a system failure caused by the sudden increases in volumes.

The big day

It is always a good idea to do a final technical check-up of the system prior to the staff arriving. The previous evening is the best time to do this to ensure there is sufficient time to rectify any snags that might arise. Ensure that staff have been briefed that the next time they arrive for work, they will be required to use the new system.

Now that the new system is live and you are ready for the onslaught, ensure that you have identified the major traffic areas and have positioned staff members that are familiar with the new system at these points to provide a helping hand. Always remember that people avoid change and will initially want to go about their business in the traditional way. Enrolment stations should also be staffed with additional resources to be able to cope any increased workload that may occur.

Managing change

Even optimally designed projects can fail if adequate change management does not take place. People have a natural tendency to resist change, especially if the new technology presents a threat to their freedom and possibly their pocket. More often than not, negativity towards a new access control or T&A system sprouts from ignorance. People simply do not understand the organisational goals and the facts behind the system.

Common misconceptions that cause either active or passive resistance can include:

* Management has installed this new system to check up on us.

* These fingerprint readers can tell management if we have a criminal record.

* You can get AIDS from the fingerprint readers.

* The retinal scanners can see into your soul.

While it may be true that companies deploy access control and T&A systems to improve productivity and reduce waste, it is generally never deployed as a negative motivator. Negative attitudes towards any new system often leads to vandalism and simple by-passing it to ensure it does not function as designed and eventually stops working.

As a result, it is of critical importance that a pre-empted change management programme be deployed from early in the implementation process, involving the various role-players to ensure adequate understanding of the companies’ goals and objectives in deploying the new system. This change management programme should be driven by a core group of stakeholder representatives, with adequate opportunity for staff to address questions and concerns.

With all change management programmes, adequate communication is vital. The extent and duration of the change management programme will vary depending on company culture and values, as well as the extent of change that will be occurring.

Implementing basic or sophisticated access control solutions have delivered amazing results to companies in not only securing their environments, but also in re-enforcing discipline in the work-force. But it must be stressed that the system in itself is not capable of solving security and safety issues. It needs to form part of a holistic approach to solving a problem experienced by an enterprise.

People will always form the core of any security solution, with the system complementing the discipline required to meet company objectives. A company may spend millions on a technically fantastic system, but if the system is not managed adequately, and employees do not accept the new system and its benefits to them, it is destined to be a dismal failure.

Share this article:

Further reading: