Visitor Management

In Security Editor Case Studies

Visitor Management

Author: Rafael Schrijvers, Access Control Product Marketing Manager EMEA, Building Technologies & Solutions, Johnson Controls

There has been a steady evolution in the world of visitor management—from logbooks managed by a greeter at the reception desk to stand-alone electronic systems that can issue paper or card-based credentials to ones that are integrated into access control and security management systems.

Each step along the way, security has improved and knowing who is visiting a building and what they were doing within the facility has became clearer and easier to identify. But these integrated systems are not without their issues: among them being that with disparate systems being brought together there can be problems regarding maintenance, the ease of and limitations to integration and one of the biggest concerns to-date, cybersecurity vulnerability.

A visitor management system is only as good as its database. Having up-to-date information on visitors as well as those they are coming to visit can be compromised when relying on multiple platforms for information.

A company may have one database that it uses for its access control and internal security system, but its bolt-on visitor management system usually has a separate database that requires separate maintenance and support. To keep the data current now requires double the effort. And failing to keep it up-to-date means creating opportunities for miscues—such as listing a person as still active in one database, while he’s been terminated from the company and thus eliminated within the other one—which can lead to building-wide security issues.

Although more seamless integration through the use of standardized interfaces is becoming the norm, using a third-party system still requires some level of effort for security personnel, whether it’s setting up log ins to grant access to the client or staying aware of software updates and corrections to that part of the system.

Integrators are also taxed by the two-system model, having to become experts on multiple systems for both installation and maintenance purposes. This can be especially challenging for those integrators for whom visitor management isn’t a day-to-day installation.

And, of course, with cybersecurity top-of-mind these days, having multiple systems to manage can increase the opportunity for weak spots through which cyber terrorists can enter and take advantage of vulnerabilities within a system, often because different providers may have different levels of testing and vetting related to cybersecurity.

Fortunately, the answer that the industry is providing comes in the form of embedded visitor management programs that are part of the larger security platform. Designed and supported by the providers of the access control system, these systems help to plug the holes an integrated system can create.

Gone is the need for multiple databases or learning and maintaining more than one system. Having one database is the key to an efficient visitor management system, not only making it easier to identify the status of personnel, but also for creating reports, updating information and the like.

How does such a system work? Using the security and event management platform as its core, with a web portal set up for visitor management, an employee can log on and create a visit, add one or more visitors, include specific instructions, and attach a document (such as a map with directions) to the invite. Once saved, an invitation is sent to the potential visitors, including an Outlook calendar invite, and a QR code. As each visitor shows up for the visit, he or she presents the QR code to the check-in kiosk, which streamlines the check-in process and triggers an email to their host, who now comes to the lobby to meet them. From there, the visitors can be provided with temporary printed badges, or, they can be provided with active badges at the reception desk that will work in conjunction with the access control system but only for specified areas that are needed for the visit.

Even before the visitor arrives, however, the host is able to set up a series of parameters for the visit using customizable access control workflows, ranging from start and end time of the visit to assigning the clearances to appropriate areas within the building.

Having everything within one system eliminates the need for entering the information multiple times, checking more than one database, or relying on information to be shared among disparate systems.

Depending on how a system is configured, the QR code could also serve as the credential for some access system readers or within parking garages. And the visitor’s active badge along with the host’s own credential could be used with the access control system so a visitor’s movement could be tracked within the building and, for specified areas, escorted access operation can be enforced, such that after a visitor’s card is presented, the door will not unlock until the host presents their badge. And, in many cases, visitors will not be able to gain access to areas that are off-limits.

In addition to streamlining visitor management and using information that is current, such systems save on personnel costs. Using a kiosk to sign in and having all the data preloaded means fewer people are needed at the reception or security desk to handle visitors, allowing them to focus on their primary job.

The information about the visit is also captured in the access control system, providing an audit trail, which is important for certain compliance situations.

Especially for small to mid-size companies looking to explore the next level of visitor management, an embedded option that takes full advantage of a business’ existing security and access control platform and addresses the key issues of maintenance, integration and cybersecurity may be the answer.

For further information please visit www.jci.com.