7. Control Access
Access control systems are often the first point of challenge; they represent the boundaries between private and public areas. The level of security in your access control system needs to be a balance between business needs and effective security.
Your personnel security policies and procedures should limit the risk of staff or contractors exploiting their legitimate access to assets or premises for unauthorised purposes. When considering access control security measures security managers need to think beyond an organisation’s premises – think also about who else has access to your organisation’s information/ databases or other valuable assets, and the locations involved.
Questions to ask:
- Does your organisation have clearly defined access control guidelines or policies? If so who owns them?
- Where are the access points in your organisation (staff, visitors and vehicles)? How are they monitored and protected? How does access control differ for different visitors: staff (are they pass holders), visitors (is security clearance needed), people making deliveries?
- Is the level of protection proportionate to your identified threats (insider threat, terrorism, crime)?
- Are there areas requiring greater or fewer security requirements (secure and non-secures areas)?
- How are security passes and clearances processed – and what checks are required?
Guidance on access control systems and other relevant information is available on:
- Perimeters and access control – guidance on doors, windows, gates and video analytics systems
- CCTV – range of guidance including human factors in control rooms
- Security lighting – guidance on operational requirements and performance
There is also guidance on the GOV.UK website on controlling access.