|
Access Control
Access control is a simple objective that increases in
complexity the larger the company.
This subject concerns two specific areas:
access by employees and access by non
employees that is facilitated by employees.
External Access Control
-
Employee Access. Start your
review process from the outside in.
In other words go to the furthest point
that requires authorized access.
Authorized access can be a key, a card,
a pass code, or some other accept/deny
point. The points could be gates,
parking lots, exterior doors and alike.
Everyone has some level of approved
access. Access can be controlled
by something as simple as a door lock or
as complex as some type of biometrics.
Regardless maintaining proper control is
really a function of keeping things
current. Vehicles and people can
easily gain entry through unmanned
gates/doors by simply "drafting" (going
through after someone else before the
door closes). These are weak areas
of security.
Entering a building with a key is good
security because only that person
can/should enter. However, how
current is your key control. What
happens when a key carrier leaves the
company? What happens to the alarm
code when someone leaves the company?
The security of the security is
extremely.
TIP: If your building has a
burglar alarm that is monitored by a
central station (i.e. ADT) generally
there are mailed or on line reports
available to check open and close times.
Someone should be reviewing these
reports to determine if there are any
odd-hour entries by authorized
personnel. If someone enters the
building at 2:00AM on a Saturday, what
was their purpose. Alarm companies
will generally notify someone if a door
is opened at unauthorized time.
Check with your alarm company.
-
Non employee Access. Employee
theft does not necessarily need to be by
the employee themselves. Collusion is a
very high possibility. This is
especially true with robberies in all
business sectors. The "inside job"
is more frequent than one might
consider. CCTV as a second layer
of security will, at least, provide
possible identification of the parties
involved. Collusion can be used
for burglaries, corporate espionage,
theft of trade secrets and vandalism
(among others).
Internal Access Control.
-
Employee Access.
Once inside a building the security
should be more restrictive. The
most sensitive areas can be anything
from a vault to employee record storage
to the IT Department. Value cannot
be determined by simply assigning a cash
value to it, there are costs associated
with theft that extend far beyond the
actual property. There are
potential costs of liability, customer
good will, interruption of the business
operation, etc. If an employee
steals a laptop computer containing
business records that are not backed up,
the cost of the loss can be devastating.
In short, anywhere an employee has
access, theft can and will occur.
-
Non employee Access. The person
acting in collusion with an employee can
only have access to areas that either
have weak security measures (locked
doors propped open) or are actively
working with the employee. Getting
into a business with the assistance of
an employee is virtually risk free.
Tip: Even if you just use
locks with keys, segregate the level of
access everyone has to specific areas.
Managers and supervisors with keys have
to allow people to have occasional
access somewhere. This is annoying
to some. Their misguided remedy
may be to disable the lock or give
everyone a key by hanging it on a hook
somewhere. This makes the security
as rigid as tissue paper and defeats the
purpose. If an area needs to be
secure then limit access.
Conducting an apartment
security survey in Houston? Crime stats at
www.apartmentcrimelocator.com. |
