For centuries we, as human beings have had a need to protect our property, be those physical possessions, information, or our families.
Organisations are the same, they may have expensive manufacturing equipment or computers that cost thousands of pounds.
If an organisation manufactures, designs or develops something, there will be intellectual property that may be of interest to other companies or people.
Most importantly, organisations have a responsibility to keep their employees safe whilst at work.
We use Automatic Access Control Systems or Access Control Systems to secure parts of a building, site or estate to ensure that what we are trying to protect remains secure.
Access control, however, is not limited to “keeping the bad guys out”, it may also be used to ensure that employees are kept safe.
Imagine for a second, a chemical plant where chemicals are being handled or manufactured.
There is lots of dangerous equipment in use that needs specialist training before we even consider the chemicals!
In this instance, we may want to ensure that only people who have had that specialist training and are therefore safe to work in that area can gain access.
Why not use another method, such as a key or mechanical PIN Pad?
Keys do not restrict where someone can access based on a specific time or day – if a person has a key, they can enter an area any time they like.
Keys can quickly become expensive to manage. On the surface, keys appear to be cheaper than an access control system.
The time and labour involved in duplicating, issuing and returning keys, before we take into account replacing locks when a key is lost or stolen quickly add up.
When it comes to PIN codes when was the last time you routinely changed the code?
Do you always ensure that when someone leaves, that the code is changed to prevent them gaining access?
What information an access control system needs to work
An access control system is primarily interested in three things:
The access control system needs to identify us as people, or a Vehicle if we are controlling access for Vehicles.
We might use an identifier, such as a card, PIN code or biometric credential such as a fingerprint to identify people, and number plates or long range tags for Vehicles so that the system knows who we are.
The access control system also needs to know where we would like to go.
This is so that the system can determine whether we should be allowed to go into that particular area.
We use a logical representation of a physical door, a group of doors, vehicle gate or turnstile to determine where someone would like to go.
Once we have identified ourselves and where we would like to go, the access control system is also interested in when we would like to access the door.
Some organisations may impose time restrictions to prevent employees access the building outside of core working areas where there is less supervision in case someone does something they should not be doing.
We also need to take into account public and bank holidays as some organisations will not want their employees gaining access to their building during a holiday.
We also need to consider regulatory compliance requirements in some industries – for example, in Financial Services, an employee should not be allowed to enter the building if they are on annual leave.
The Who, Where and When is typically combined into an Authorisation Template or Profile.
Access Control Systems use the authorisation template or profile to make a decision on whether to allow or deny access.
Authorisation templates are usually governed by the organization’s security policy, but may also be linked to a specific job role, such as an IT Technician or Security Officer.
Some authorisation templates may be quite broad in scope, and could for example, allow access to all zone 1 doors on an entire site or building, or could be very specific, such as 6 IT professionals who should have access to the Datacentre door.