Security professionals are all too familiar with the concept of physical access control. But for many, the term “access control” implies an access control system consisting of controllers, credentials, and accompanying software. This assumption leaves much to be desired, as it overlooks some critical elements of access control for risk mitigation.