It is important that all access control system data are backed up on a periodic basis. This is typically done automatically. However, it is good practice to ensure that the data are backed up in a manner that allows for effective and efficient recovery in case the primary information source is compromised.
Access control systems allow users to program building doors to be locked and unlocked based on time schedules. For example, some doors may be programmed to be unlocked from 7 a.m. to 7 p.m., Monday through Friday. Building use changes over time, and facility managers should review these schedules to ensure that door scheduling is appropriate given the current operating requirements. Specific changes in operating schedules, such as holidays, daylight savings and planned shutdowns, should be coordinated in advance and the door schedules should be updated appropriately.
Oftentimes, cardholders are given access rights based on predetermined permission categories and groups. Personnel frequently change positions within an organization and as such, their access requirements may change. Additionally, department location and access requirements are subject to change. It is important to review these access permission categories and groups carefully to ensure that access is being managed appropriately.
Most access control systems are purchased from security systems integrators that offer service and maintenance agreements, as well as predetermined pricing for additional parts and labor. During the inspection, records of service and maintenance should be compared with the original purchase contract to ensure that the vendor is adhering to the agreed upon terms. Invoices should also be compared with the original agreement to ensure that parts and labor are being billed at the appropriate level.
Facility managers should inspect and check all access control system devices on a periodic basis. This includes all doors, windows, panic alarms, motion sensors and other devices. This test typically involves one person creating each alarm event while another person monitors the alarm notification and associated functions in the security operating center.
Following this access control system checklist requires discipline and time management. However, it will also ensure that the access control system is operating efficiently and effectively, thus improving overall security. It will also save money and increase the life expectancy of the access control systems.
Daniel O'Neill is president of Applied Risk Management (ARM), a security consulting firm based in Boston. Roger Rueda, PSP, Tom Newton and Joe Reardon of ARM also contributed to this article.
Checks 1-5: Audit and Upgrade Access Control System
Checks 6-10: Review and Test Access Data and Devices