Security up front

Access & Identity Management Handbook 2005 Access Control & Identity Management

First impressions count! Both the interview candidate and the salesperson dress smartly, shine their shoes and put on their most confident smiles. So too the architect who uses the front lobby of a building to create an upbeat image of grandeur, solidity, and welcome to those entering. Polished wood and stone, pools and fountains, flowers and trees, and vaulted ceilings all promote an ambiance of success, dignified calm and well-being.

To match this ambiance is an inviting receptionist protected by a desk, a telephone, and a visitors' sign-in book. Through the usually large reception area pass clients, salespersons, stockholders, consultants, VIPs, executives, and full- and part-time employees. Other people such as office equipment technicians, messengers, employees' spouses and children, ex-employees and interview candidates also pass through this space. If the reception area is the only entrance, add janitorial staff and construction workers to this mix.

Yet entrance areas also provide the initial impression of the level of security in an organisation. For small businesses whose employees, operations, information, and products are not at risk, identification and control of those who pass through the entry presents little problem. For larger businesses with valuable products, trade secrets, and confidential or sensitive company information, controlling access from the lobby to the rest of the facility is a real necessity. Methods and processes to accomplish effective security must be carefully planned if the architect's vision of how the lobby should look is to be maintained.

Unfortunately, the security professional is often presented with a fait accompli, a final design that is non-negotiable, or with an existing lobby that is too expensive to restructure. Early involvement of the security manager with the architect is the best cure for such headaches.

To create a secure working environment - secure for employees as well as for other corporate assets - the most fundamental precept of access control must be applied: everyone entering the facility must be identified and have a legitimate purpose for being there. People are processed most easily if employees with readily identifiable credentials can be physically separated from non-employees. A post with an automated credential-reading system or a separate employee entrance with a security officer who can recognise faces or check badges is the most effective solution.

Depending on the size and nature of the facility, a third processing point for service representatives, janitors, and other contract staff may be considered. Alternatively, such semi-permanent visitors could be issued badges to use at the employee entry point or points. Take special care to ensure such badges provide only limited access.

Address three major issues to ensure harmony among security, architecture, and actual use. These are architectural design criteria, systems considerations, and procedural elements.

Architectural design criteria

Ultimately, the entry area layout and design must rest with the architect. The following design criteria or constraints the architect should consider to maximise security are keyed to the accompanying exhibit.

1. Reception desk: Position the desk to provide the receptionist with the best view of doorways and persons who have not been processed. Include a flat surface at a suitable height for visitor sign in.

2. Employee entry: If controlled by an automated credential-reading system, position the entry as far away as possible from visitor traffic, preferably at a separate entrance. If no systems are used, a guard post may be needed for employee identification.

3. Visitor entry: Psychologically, a receptionist is more likely to challenge a visitor passing to the secure side of the premises who does not have prior authorisation if the receptionist does not have to raise his or her voice. Therefore, visitors should be tunnelled to the reception desk and should not be able to access the secure side without passing close to the desk. Ideally, the receptionist should be able to unlock a gate or door to control the passage of processed visitors.

4. Visitor amenities: Telephones, restrooms, and waiting areas should be kept on the unsecured side, especially if visitors must be escorted once they are on the secure side. Pay phones should be within the sight of the receptionist.

5. General traffic: Traffic unrelated to the reception function should be kept away from the entry processing area.

6. Barriers: These may be solid walls, planters or velvet ropes depending on the degree of security needed.

7. Conference room: For short meetings a small conference room in the visitor reception area negates the need to process visitors or to allow them into sensitive or secure departments.

8. Messenger centre: Arrange a separate drop-off counter for packages, lunches, and other small deliveries.

Procedural elements

The degree of visitor processing depends heavily on the level of security. At one extreme, anyone who is not carrying an axe in his or her hand or who does not look like a hobo can walk past the desk. At the other extreme, visitors must have made prior written request, must provide positive identification, and may have to leave a driver's licence or other valuable identification at the desk. These visitors may also be subject to personal and package searches and must be escorted at all times. The requirements of most facilities fall between these extremes.

The following are some suggestions to make visitor processing effective:

* Even if visitors are required to sign in a book, the information is worthless unless supported at least by a business card.

* Issue visitor badges that indicate the date, department or person being visited, and the visitor's name. Visitors should be required to return their badges to the reception point when they leave, preferably signed by the employee being visited.

* Call the person being visited to confirm the appointment, and if policy requires it, ask for someone to meet and escort the visitor. A signature by the escort when the visitor is collected will remind the employee of his or her security duties.

* Receptionists should be trained to observe signs of drug dependence - the visitor may deal in more than just the company's products.

* If badges are the selected means of employee identification by a security officer or by a badge reader, those who arrive without them should be directed to an alternate entrance.

Different business settings or building structures such as high-rise office buildings provide the biggest challenge to effective entry control. Since high-rises are located mostly in high-density, urban areas, these buildings are at higher than normal risk from crime.

If the building is occupied by a single tenant, street-level, lobby-entry processing coupled with additional controls (either receptionist or automated systems) on sensitive floors is relatively easy to implement. A separate area for visitor processing is preferable as is a messenger centre for packages, lunches and unusual deliveries. Messengers should not be permitted to roam the building freely.

Multitenant buildings are more difficult to secure. Building management may provide security officers with sign in sheets for off-hours. The officers may challenge anyone carrying out a package without a property pass. However, these controls are usually worthless. Anyone, even a person who looks like a derelict, with an envelope or a box of sandwiches along with a company and employee name perhaps taken from the building directory has access to the elevator banks.

A tenant that occupies multiple floors and enjoys a dedicated elevator bank can provide effective security at the elevator bank lobby. Once again, if space is available, lobby-level visitor and messenger centres make entry processing more controllable.

For tenants who occupy a single floor, their own elevator lobby is an obvious control point. If two or three contiguous floors are leased to a single tenant, using internal stairs and programming the elevators to stop on only one floor especially during off-hours allows for economical single point control. Where there are multiple tenants on each floor, tenants must control access at their own company's front door.

Except where the building has a sole occupant, beware of fire stairs and back doors. In a multitenant environment, no occupant has control over who is using the stairways so someone may be allowing free access to that space. Stairwell doors should be secured against re-entry to the greatest extent possible within fire codes. The regular use of fire stairs by multifloor tenants should be carefully examined and appropriate controls implemented.

In a campus-style environment, the pastoral setting of multiple buildings spread across green and wooded acreage in a rural area appears to be a far cry from the urban high-rise. But from a security viewpoint, it may have as many holes as a sieve. The multiple entry points for each building compound the control problem.

Ideally, the campus should be secured at its perimeter. But zoning restrictions, aesthetics, ineffective barriers, and the costs of both implementation and operation often force the controls inward to the buildings themselves. If buildings are linked by pedestrian tunnels or enclosed walkways and are all within reasonable walking distance, one centralised, controlled entry lobby for visitors is most effective. Card readers can be installed on other building entrances for employee use.

If buildings are spread out and distances greater, multiple visitor reception points may be needed. A small lobby with a receptionist or security officer controlling access to the interior of the building is typical. If personnel economies are needed, a telephone in a secured lobby may be all that is required - the person being visited greets and escorts the visitor.

Security is a subjective discipline. The selection and application of protection solutions are often controlled by perception, corporate culture, public image, and the wishes of the company's top management. The guidelines discussed here cannot be implemented in a vacuum but must be customised to suit the security needs and operating style of each facility.

First impressions are important - the entry lobby not only sets the tone for a company's image but also provides the opportunity to project to both visitors and employees the organisation's security posture and expectations.

Access control need not hamper or menace daily operations. Through a close working relationship between the architect and the security consultant, the process should seem natural, businesslike and efficient.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Facial access control for ministry
Issue 1 2020, ZKTeco , Access Control & Identity Management
The Ministry of Culture in Saudi Arabia has adopted ZKTeco’s facial recognition technology and fingerprint biometrics to manage access control into its building.

New Door Pilot app from dormakaba
Issue 1 2020, dormakaba South Africa , Access Control & Identity Management
With new dormakaba Door Pilot, automated doors can also now be operated on the basis of remote control technologies. The system, comprising the Door Pilot app for smartphones and a Wi-Fi interface for ...

Identity lifestyle
Issue 1 2020, Suprema , Access Control & Identity Management
Once the technology of the future, biometrics has quietly snuck into our daily lives through smartphones and access controls into our places of work.

Securing BP’s new head office
Issue 1 2020, ISF SFP , Access Control & Identity Management
ISF SFP was awarded the contract to secure the first development phase for Oxford Parks, the new head office for BP South Africa.

Combining aesthetics and access control
Issue 1 2020, Turnstar Systems , Access Control & Identity Management
Prestigious law firm Bowman Gilfillan recently upgraded its physical security with the addition of four Turnstar Speedgate Express access control lanes.

Video doorbells from Ring
Issue 1 2020 , Access Control & Identity Management
Ring has a number of video doorbells available in South Africa that run off batteries or power and enable users to answer their doors from anywhere.

Centurion to unveil new product
Issue 1 2020, Centurion Systems , Access Control & Identity Management
Centurion Systems will be hosting its third Access Automation Expo this year, with dates confirmed for Durban, Johannesburg and Cape Town.

Looking ahead with mobile access technologies
Access & Identity Management Handbook 2020, Technews Publishing, HID Global, dormakaba South Africa, Salto Systems Africa, Suprema, Gallagher , Access Control & Identity Management, Integrated Solutions
Given the broad use of smartphones around the world and the numerous technologies packed into these devices, it was only a matter of time before the access control industry developed technology that would ...

Mobile access is more secure than card systems
Access & Identity Management Handbook 2020 , Access Control & Identity Management
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new technology.

This is the future. This is what we do.
Access & Identity Management Handbook 2020, ZKTeco , Access Control & Identity Management
ZKTeco has created a unique range of visible light facial recognition products combined with a flexible Android platform.