The role of time and attendance in access control

Access & Identity Management Handbook 2004 Access Control & Identity Management

Time and attendance is an expensive afterthought to an access control system and vice versa. By pre-planning, one can use their synergies, save money and avoid ending up with incompatible systems that duplicate functionality.

Time and attendance (T&A) was once a clocking machine plus a pay clerk. Workers would stamp their cards on arrival and departure, under the watchful eye of a supervisor. The cards were laboriously checked and tallied and the totals were multiplied by pay rates and so the worker received his wages. The modern version is an electronic data capture device to which the worker identifies himself, combined with a computer program.

An access control system (ACS) is an ideal data capture device for T&A, provided that it is specified with that purpose in mind. It can also be a tool to ensure that genuine data is recorded, if the correct technology and design is chosen. These objectives are achieved by understanding the unique requirements of T&A.

Critical requirements for time and attendance

1. Genuine data:

Cheating the T&A system is a widespread problem. The best-known ruse is 'buddy clocking' where a worker logs for himself and for other workers. This can be to cover-up for late arrivals or even to obtain pay for someone who is not working at all. Solutions to consider are biometric identification or even just having proper supervision.

2. Data reliability:

Access control is primarily aimed at 'pro-active' control of movement, and data logs are occasionally needed for incident investigations. T&A on the other hand is a recording of essential data to be used for the payment of wages. This means that a different attitude is needed to the data captured. The following factors must be considered:

a. Accuracy

Data errors cannot be tolerated. The primary concern will be the setting of the time on the system, where a few minutes slow/fast will impact the wages paid. Data cannot be discarded and so systems cannot be 'rebooted' to quickly solve a problem.

b. Recovery

Ideally a system should be able to read data from its readers or controllers a second time, should a failure occur on the computer.

c. Backup

It is a critical requirement to ensure that regular backups are made in a systematic way, so that at least a partial recovery can be made after a computer or system failure.

d. Fallback planning

It can (and inevitably will) happen that a fault or failure will occur, and most likely on payday! A method of processing a standard payroll run should be in place, so that at least a partially correct payout can be made. There will then be time to recover data and thereafter adjustments can be made. A procedure for collecting manual records from supervisors should be planned in advance.

e. 24/7

In T&A reliability becomes paramount compared to access control, where it is usually possible to bypass a non-functional system using security guards etc. For T&A there is a need for stable equipment, backup power supplies and possibly redundant clocking points so that one can take over if another fails.

3. Flexibility:

T&A systems function through applying a set of rules to the data received, to produce a calculated amount of time worked. These rules need to be parameterised and to cater for all likely variations to be found in that work environment.

4. Ease of use:

T&A is a heavily used process in a HR office. Systems with deep menu structures and complex procedures will be inefficient and need additional staff skills. A user friendly system will do the job in much less time.

5. Payroll links:

In any but the smallest installations, wages/salaries are processed on a payroll program. Each organisation finds such a program that suits their needs, and would not like to change to suit the 'clocking system'. It is therefore necessary to ensure that the payroll program in use can import from the T&A system chosen. It is also wise to select one that supports most payrolls on the market, in case a change is needed one day.

6. Speed:

Although this is also a factor in access control, it often has a bigger impact with a T&A system. Long queues delay work startup and especially at knock-off time they cause anger and labour unrest.

Closing loopholes

Supervision is a strong deterrent to cheating, but it is relatively expensive, it can be bribed or threatened and it may just be ineffective.

As mentioned, biometric readers are very effective, with fingerprint and hand geometry being the only types in widespread use. They can cause a bottleneck as they are slower than the token-based systems, especially those which require PIN entry before reading, or take more than one to two seconds to identify.

Dedicated T&A readers at the workplace can be used to ensure workers appear at their work areas before they can log in. These can be biometric units while the less expensive token-based readers can be used at the access points.

Implementing 'anti-passback' is a way of preventing workers from clocking in but not entering the premises. There are also intelligent turnstiles available that ensure that a person who has clocked is forced to pass through.

Integration

T&A is a specialised field, so most access control companies utilise third party T&A software. This means that the two products need to pass data to each other. The standard method is that the ACS generates a text file and the T&A system does an import. This may involve a few manual tasks, but can also be automated and occur in the background. One downside is that employee changes must be made on both systems.

A better approach is where the T&A system makes direct access to the database of the ACS. This process is almost invisible to the user and can also handle employee updates without much user intervention.

At the top end of the market are systems manufactured primarily as T&A systems but have integrated access control. The advantage of the marginal convenience factor does not usually justify the large cost differential.

The second integration area is from the T&A program into the payroll program. Most payroll companies discourage direct access into their database, due to security issues, so the standard method of transferring data is via an intermediate file, which the payroll program imports.

Costs

T&A systems are generally priced according to number of employees using the system. Most systems are sold outright with an ongoing licence/support charge collected annually. The alternative is the subscription based software where the upfront charges are low but an annual fee is charged to use the software and to be given support and upgrades. The time critical nature of all pay related systems makes it a necessity to have an ongoing support arrangement.

Management tools

In a small installation a single operator is likely to do all the administration and the processing. Bigger operations need to give control over to supervisors or managers. A low cost solution is to distribute and collect paper based reports. The better alternative is to use a system which either has multi-user functionality, or still better by Web browser access. This gives each supervisor the ability to check his department's data and to do certain adjustments and/or exception overrides.

Other common requirements are for shift changes to be done by managers, and also leave and absenteeism to be controlled.

New releases

With advances in technology, many new functions are being added to T&A systems, to name a few:

Employee self service.

Employees can check their records and their leave status via a self-service station or using a Web browser via the company WAN or even over the Internet. Leave applications and company communications can also be incorporated.

Cellphone Log-in

Trusted workers can use their cellphones to register start and end of work, which is especially useful for off-site jobs.

Internet-based

Data can be consolidated from branches around the world at the company head office, and be accessible to managers worldwide, again over the Internet.

Conclusion

The processes of access control, time and attendance and payroll work extremely well together. Purchasing any one of them must take into account the other two, so that the advantages of integration result.

Vivian Taback has a BSc (Eng) Elec, and is a manager of Clockwatch Distribution.

Integration pros and cons

Pros

Cost saving.

Clockings tie in with access times.

Anti-passback and zoning reduces loopholes for cheating.

One system to control and back up.

Cons

Duplication of existing systems.

Importance of data not appreciated by security managers.

Access events can confuse T&A calculations.

Data security not addressed properly.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Disconnect between confidence in identity security and operational reality
Access Control & Identity Management News & Events
New FIDO Alliance and HID study reveals gap between identity security confidence and reality; 94% of enterprises claim they can revoke employee access within 24 hours, yet 35% experienced delays or failures in the past two years.

Read more...
Paxton Solo training available to security installers
Paxton Access Control & Identity Management News & Events
Following the launch of Solo, Paxton’s brand-new access control system, the security manufacturer is rolling out dedicated Solo training sessions across South Africa to support security installers working with the system.

Read more...
Controlling access for people and vehicles
IDEMIA STid Security Technews Publishing Editor's Choice Access Control & Identity Management Asset Management Industrial (Industry) Mining (Industry)
When it comes to access control, the security requirements of mines and the industrial sector are similar, requiring a layered approach that combines physical barriers, digital authentication, and continuous monitoring to protect personnel, assets, and operational continuity.

Read more...
Paxton launches new phone-based security system: Solo
Paxton News & Events Access Control & Identity Management
Paxton has officially unveiled Solo, a phone-based, cloud-hosted access control system. As part of the launch, installers can claim a free Solo starter kit from Paxton, allowing them to trial the system and see how it can work for their business.

Read more...
Taking control of IAM in the AI era
Access Control & Identity Management AI & Data Analytics
AI and Shadow AI are proliferating, creating a series of new risks for organisations. To gain control over who and what has access to corporate data, organisations need unified control over their entire environment.

Read more...
Impro announces Primo update
News & Events Access Control & Identity Management Integrated Solutions
Impro Technologies recently held a launch event in which it introduced a series of new products, from new readers through to its updated Primo access management software.

Read more...
If you cannot prove identity, you cannot claim security
Access Control & Identity Management Information Security
Cybersecurity planning for 2026 is a structural change in how attacks are executed and how trust is exploited, demanding that companies stop layering tools on top of infrastructure and instead prioritise intelligence and identity.

Read more...
Paxton set to launch game-changing new system
Paxton Access Control & Identity Management News & Events
Access control is evolving fast. Installers and end users are looking for systems that are simple to install, easy to manage remotely, and flexible enough to scale. In response, Paxton is exploring how emerging technologies can reshape access control.

Read more...
NEC XON secures mobile provider’s hybrid identities
NEC XON Access Control & Identity Management Information Security Commercial (Industry)
For a leading South African telecommunications operator, identity protection has become a strategic priority as identity-centric attacks proliferate across the industry. The company faced mounting pressure to secure both human and non-human identities across complex hybrid environments.

Read more...
Cloud security in visitor management and access control
SA Technologies Access Control & Identity Management Infrastructure Residential Estate (Industry) Commercial (Industry)
Cloud has become the default platform for modern security operations, from visitor management portals and remote access control to incident logging, reporting, analytics, and integrations. But “in the cloud” does not mean “someone else is securing it for us”.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.