Sarah nervously approached the building to start her first day at the new job. The email from the HR manager told her to use the intercom at the front door, and someone would escort her to HR to fill out the new hire paperwork. As she walked up to the front door, an employee saw her and smiled. She smiled back, and they exchanged greetings. He swiped his access card and held the door open for her. As she entered, he gave her directions on how the find the office of the HR manager. She thanked him, and as she made her way through the maze of cubicles and offices, she noticed the friendly interaction between employees. She also noticed that only some employees seemed to be wearing badges, which was a change from her previous employer. The HR manager was not in his office, so she sat down to wait for him. Sarah realized she had several opportunities to make a difference as the new security manager.
In this example, the company has spent valuable resources to put in place security technology to manage their access control, yet the technology is not being used effectively. Having the technology in place is only one component of a successful security program. The other components are people and processes.
The company must have the appropriate policies and procedures to direct the behavior of the employees and the assets that they are trying to protect. Behaviors are learned and reinforced by the culture of the organization. The most effective security programs are those that have management support and recognize that security is a part of everyone’s job description. In addition, employees can only comply with security policies and procedures if they are aware of them, which requires both initial training and training reinforcement. New employees should be provided with training, and existing employees should have refresher training and periodic reminders such as security bulletins. Also, if the company policy is to wear a badge, then all employees, especially the CEO, president, security manager, and other authorities, should wear their badges.
Processes include not only specific policies and procedures but also training and retraining of employees on those proper policies and procedures. They need to know what to do if you want them to do it. In this example, employees should be reminded to prevent piggybacking, to escort visitors, to wear badges if assigned, and to secure sensitive areas when not in use.
The application of access control concepts provide the first line of defense in protecting people, information, quality assurance and property assets. At the most basic level, the objective is to allow easy pedestrian flow for those who are authorized and restrict access to those who are not. Without people and processes, the technology will fail to provide effective security.
Plan. Protect. Prosper.
Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.