Visitors can present a potential risk to any organization, and managing that risk is an important component of security. An effective visitor management system monitors who each visitor is, who they came to see, when they are on site and what areas of a facility they are authorized to enter. Effective visitor management also involves confirming the individual’s identification and compiling other relevant information about them that could impact the specifics of their visit or the organization as a whole.
Here are three factors that successful visitor management systems typically deliver:
Policies are centrally defined and managed.
Centralizing the various aspects of visitor management is the first step toward controlling them. All policies and procedures for visitor management should be centrally defined and automated throughout the lifecycle of the visitor's association with the organization. Visitor management can begin days before a planned visit when information about the expected visitor is compiled. The process continues through various required security or background checks and ID proofing prior to check-in. Visitor management also includes the approval workflow for unescorted access, notifications, escalations and reminders.
Visitor management doesn't just begin and end with the visit – it has an impact that can extend several days beyond the visit and must be accommodated by various aspects of the organization. Automation of the entire lifecycle of a visitor's association with an organization ensures that preparatory and follow-up functions are accomplished as required. Automation also ensures that all aspects of a visit comply with the policies and regulations that govern access to and within the organization.
Visitor data is integrated with other systems.
Visitor management systems and policies must be compatible with the broader identity management and access control systems in the organization. Incorporating visitor management as part of an overarching identity management system ensures that visitors are controlled and managed to the same degree and at the same level as all personnel.
To ensure that visitor management is not the weak link of security and identity management, visitor data should be integrated with all physical access control and logical security systems including human resource management systems (HRMS), identity management systems (IDMS) and Active Directory. Visitor management should also be integrated with external watch list databases and training systems for real-time background checks. When centralized and integrated in this way, visitor information is cross-checked and confirmed, and it operates in harmony with other systems aimed at ensuring security and managing identity.
The system is easy to install, use and maintain.
Simple operation ensures that a visitor management system is utilized to the fullest to address the requirements of a global organization. When a visitor registers, a system should capture information from their identification (government ID, driver’s license, passport, green card etc.) to populate fields in an enrollment screen. The system should also capture a photo from the visitor's ID, or a webcam at the registration site can take a photo.
Like politics, all security is local, so the successful functioning of a worldwide security system really comes down to how it performs in day-to-day operation at the local level. Effective visitor management systems should also have the ability to expand and adapt to the growing and changing needs of the organization. Visitor management should be fully scalable and equally effective at all levels of implementation.
Security is only as strong as its weakest link, and thoughtful and thorough implementation of multiple functions ensures that visitor management is not the weakest link. Visitor management should not be thought of as an isolated or low-tech function but should be embraced as integral to an organization's total identity management system. As such, it should be centralized and integrated with a range of functions and related systems.
An effective visitor management system includes capabilities for visitor pre-registration, registration, security checks and access authorization, check-in/check-out, credential printing and centralized reporting, and audit trail functions. Embedded workflow capabilities include approvals for visitors, notifications, delegated administration, escalations and reminders along with a full audit trail.
Incorporating effective visitor management as a critical part of a broad-based identity management system ensures the required level of attention to this function, which also potentially represents a substantial risk. A system's policy engine must ensure that all visitor management activities occur according to the organization's policies and procedures, which are infused into the system. Good security requires attention to every detail of operation – and integration of every detail into a system-wide approach that leaves nothing to chance.