The concept of regulatory compliance is simple: compliance maintains the safety and welfare of the general public. A few examples of the more common regulations include NERC for the electricity generation and distribution industry, HIPAA for medical records, and FSMA that applies to the national food supply. Each of these, and many other similar requirements in other industries, include guidelines or recommendations for physical security to limit access to sensitive areas.
In order to comply, organizations must take the necessary steps to reduce the risk of intrusion, and, they must prove that they have taken reasonable actions. Security entrances as a solution can meet both of these needs.
Security entrances are specifically designed to prevent unauthorized intrusions and meet regulatory requirements. They provide for a range of assurance levels, from those which support guarded entrances all the way up to unstaffed entrances with very high security levels. For example, mantrap portals can eliminate piggybacking and also enable multi-factor authentication, including biometrics, ensuring that the individual entering the facility is the one who is authorized – and not another person carrying their credentials. No matter which type of security entrance you deploy, they work to mitigate the threat of unauthorized entry and can accommodate two-way traffic with varying degrees of throughput.
Swinging Doors Are Unacceptable
Security entrances are distinct from standard swinging doors, which are incapable of controlling access. No matter what kind of credentials are required to unlock a swinging door, once the door is open, access is no longer controlled. Because of this, and because it is nearly impossible to prevent employees from presenting a credential at a swinging door and then holding it open for others to enter, swinging doors cannot be made secure.
Adding security guards is a step in the right direction to improve security at swinging doors, but no security officer can reliably prevent all intrusion incidents. Security officers are human, and subject to distractions, fatigue, and other weaknesses, in addition to being vulnerable to “social engineering” techniques.
Because security entrances provide a consistent high-level of security, and are immune to social engineering and other distractions, they are the most effective way to control physical access while detecting and denying unauthorized entry attempts.
Non-Compliance = Steep Fines and Liability
Because of the applicable regulations, companies that are required to implement access control can be subject to significant fines and other actions if they are found to be non-compliant. For regulated firms, periodic audits and inspections are the normal process to ensure the required actions are being taken.
In the case of an incident, however, for all organizations – not just the regulated ones – any organization can ultimately be faced with the liability related to the loss or harm; especially if people are harmed. Then, the burden of proof shifts to a different arena – that of the court system, evidence and testimony. A security manager may think he has the necessary precautions in place, but after a breach has occurred, would a court of law agree that the company did everything possible to prevent it? In several cases, the answer has been “no” and hefty fines were imposed.
Building a “Defensible” Risk Posture
When companies are challenged to prove the effectiveness of their current physical security plan or prove after-the-fact that they adequately prevented physical infiltration at a particular time, the key to having a defensible risk posture is the use of an integrated access control entry solution. An integrated entry solution makes use of a high-level security entrance, such as a security revolving door or mantrap portal, which prevents tailgating or piggybacking, linked to a high-accuracy electronic access control system, which only allows access to authorized individuals at authorized times and locations. Such systems also keep comprehensive auditable logs of entry attempts, all presented credentials, and all completed and denied entries. The most extreme mitigation solution is to deploy multifactor authentication with a mantrap portal: a credential opens the first door and after the portal verifies the user is alone, a biometric device proves their identity before the second door opens into the secure area.
For very sensitive areas, and for many of the regulated industries, video surveillance is also used as a secondary verification of the operations of the entrance. This combination provides clear, compelling, and nearly indisputable evidence of proactive access control, as well as a confirmation of actual events in time.
Organizations that implement integrated access control entry solutions for their facilities gain a range of benefits, from increased security and safety to risk and liability reductions. It may not be possible now to prevent every incident, but with a proactive security stance on the entry, you can significantly minimize the chances of getting that call.