INSIGHT: A modern approach to access audits, by Derek Arcuri, Product Marketing Manager at Genetec

A key responsibility of area owners and supervisors is to oversee, and be on top of, everyone that has any access to a building and the rooms that lie within. That might initially sound like a simple task, but upon closer inspection it is one that becomes labyrinthine over time. As a part of their role, operators must manage visitors and employees, issue badges, monitor alarms, and run reports. On top of that they must deal with following processes that ensure compliance with regulations like GDPR and keep audit logs up-to-date. Their final, but in no way least important responsibility, is to find the right balance between restricting access, lowering risk and ensuring convenience. At the extreme, everyone has access everywhere because it’s more convenient to give all cardholders 24-hour access to all areas. Convenience has always been seen a compromise to security and therefore productivity.

With all of this in mind, it is incredibly important that area owners have a full overview of the access control systems to ensure that only the right people have access to their areas. Adding access and revoking access is a manual process. Employees often inherit access because someone forgets to revoke that access. As such, many organisations fail to take stock of who has access to what – whether that is down to a lack of attention or a systemic inability to manage security.

One of the main reasons why this is such an issue is due to the way that access rights management has traditionally been handled. Historically, there has been no efficient and consistent way to manage access rights and automate the process. Area owners need to call or email security operators and access for a report of all of the individuals that have access to their area in order to prepare for the audit. Security will email it over; the area owner will highlight the individual’s access that need to be revoked and then email it back to Security. The area owner, may also want to follow up and ensure that access has in fact been revoked. This can be an incredibly time-consuming process, and inherently leads to inefficient and poor management of accounts because the area owner doesn’t have direct access to the access control system.

The most efficient way to rectify these problems is to employ a self-service solution that give area owners the visibility to see which individuals have access to their areas and the power to revoke access directly from their self-service portal. From there, all the different access points can be managed, rights to each is easily visible, and adding or removing individual privileges becomes far more streamlined.

Consistency is key for successful access control management, and only by changing the way that it is approached can organisations see success in the modern day. Their goal should be to remove the friction employees and guests face when requesting and receiving access to secure areas, while also ensuring security. By adopting a more unified approach, facilities managers can be safe in the knowledge that this goal is being achieved.

Derek Arcuri_F_LRG

Author: Derek Arcuri, Product Marketing Manager at Genetec