When implementing an access control system, there are many factors to consider. Security should be your top concern: hardware must be tamper-proof, software should be updated routinely to protect against potential vulnerabilities, and credentials should not be unencrypted, easily copied, or shared. Also, look for a system that enables modern security practices like multifactor authentication to ensure that administrative control stays in the right hands.
User experience is another important factor. Your access control system should be easy to configure for administrators, as well as convenient for employees and tenants to use.
In tandem with user experience, reliability is crucial. Look for a system with a proven track record of server uptime and a consistent unlocking experience. Vendors are constantly improving traditional access methods through biometrics, PIN codes and, more recently, smartphone credentials. However, many of these solutions are either unreliable or create too much friction. Best in class reliability calls for multiple forms of communication to authenticate an action. When Bluetooth, WiFi, and Cellular Data can be used simultaneously, the signal to unlock an entry is more reliable and the user can seamlessly enter a given space.
In addition, end users should seek a system that is flexible, which allows the user to configure the convenience and security of each door or entry per user requirements. In order to meet those security requirements, it should ideally have two-factor authentication or multi-factor authentication.
Another factor that is probably top of mind: Cost. Most electronic access systems range from $1,000 to $4,000 per door installed for hardware and installation. You'll need to decide how many doors and entries you want to secure: exterior doors, interior doors, parking gates, elevators, and so on. In addition, if you are going with a cloud-based solution, you may need to pay a monthly subscription cost, significantly reducing upfront costs.
Meeting a business's compliance needs is one of the biggest considerations in choosing access control. With many different requirements, it can be difficult to track which standards are most important. Here are some requirements you may be asked to meet:
PCI - Requirements 9 and 10 are common areas to address in physical and network security. Requirement 9 mandates organizations to restrict physical access to a building for onsite personnel, visitors and media. The business should have adequate controls to ensure that no malicious individuals can steal sensitive data. Requirement 10 relates to the need to track and monitor systems.
HIPAA - Although most think of this requirement within the healthcare context, employers also deal with a large amount of health information. For instance, when an employee requests medical leave, employers need to keep any documentation of that absence confidential. In order to meet this requirement, businesses can use access control to keep this information locked in a storage room.
SOC 2 - This auditing procedure enforces service providers to manage data to protect employee and client privacy. Companies in the SaaS space are eligible to receive SOC 2 certification by purchasing an access control system with two-factor authentication and data encryption. Any business dealing with customer data must protect PII (personally identifiable information) from unauthorized access.
ISO 27001 - This information security standard requires that management systematically examines an organization's security risks and audits all threats and vulnerabilities. It also requires a comprehensive set of risk avoidance or transfer protocols and have an overarching management process to ensure that information security continues to meet the business's needs on an ongoing basis.
MPAA - Organizations dealing with content, such as video and audio, seek security protocols to prevent pirating, theft and other types of breaches. Although the MPAA doesn't mandate compliance, sticking to this best practice helps members ensure content protection during production, post-production and distribution. Access control can help manage entry and exit points in addition to logging, monitoring and a variety of other systems.
CJIS - In 1992, the FBI created this organization to monitor criminal activities through analytics and statistics. Today, the organization has a few best practices related to security and authentication. From an access control perspective, this includes restricting access based on physical location or time of day.
Effective physical security practices require being proactive. By taking on these considerations, you can develop a basic framework for your company's access control needs to maximize security and ROI.