Today’s access control technology offers far more than a way to simply control access into and out of commercial premises. Our chief executive officer, Alistair Enser, explained to Professional Security Magazine how it can gather data that provides valuable operational intelligence and insight into occupant behaviour.
The digital revolution has had a dramatic effect on the access control industry, allowing the development of new technologies that would have been unimaginable not so long ago. The latest state-of-the-art systems offer an entirely multifaceted access control experience which, if implemented correctly, can extend far beyond security and provide wider and very positive business benefits.
More than meets the eye
In addition to protecting people, property and assets within a commercial environment, the data that can be obtained by access control technology forms a fundamental element of a business intelligence (BI) ecosystem when linked with other data sources.
With more accuracy than other building and security technologies such as room occupancy or facial recognition, an access control system, especially one that utilises biometrics, can provide robust and positive identification of personnel. By collating, deciphering and presenting transactional data and implementing BI to analyse usage, traffic flow and occupancy, businesses are able to operate more securely and efficiently, maximise space utilisation, control energy management of unoccupied space, plan for typical peak and off peak demands and ensure that every available square metre provides a return on investment (ROI). Access control technology is helping to create truly intelligent buildings.
However, the value of any data collected is only as good as the information and insight that it produces, and it is especially important to only collect, retain and use what is appropriate and necessary. This is not only from a data protection perspective, but also for trust, transparency and ‘people’ motivation. Organisations need to have a clear operational objective, understand their business needs and challenges, identify where access control data can assist in analysis and decision making for the good of the business, and ensure this usage is truly valuable, reasonable and appropriate.
Location, location, location
From a security perspective knowing exactly who is in a building, where they are and which areas, they can access is imperative to the security risk. In fact, in many cases this may extend beyond security and be a legal or compliance requirement. However, by understanding their profile, their expected use patterns and their movements it is possible to predict, identify and reduce future risks. There are many analytics engines already emerging for CCTV behavioural analysis, but these can equally be used to provide insight into access control data.
Organisations often have many employees and visitors on-site, which makes administration management and security a major challenge. At the same time the system needs to keep flow as open and seamless as possible to avoid frustration and bottlenecks. It is important, therefore, that streamlined processes such as the real time linking of user rights to human resources records or visitor/contractor databases are employed, so that access rights can start or expire automatically when a contract ends, or when an employee or visitor starts or leaves.
Surely if someone has access rights, it is not necessary to understand how, why or when they accessed certain areas? Not necessarily.
Changes in behaviour can help predict a future security risk. There are various BI and analytics engines emerging which can data mine usage logs and make suggestions about ‘unusual activity’. For example, studies have shown that employee activity will often change prior to an individual handing in their notice. A recent study in Harvard Business Review identifies 13 signs that someone is about to quit. These include leaving the office early, work productivity dropping and doing the bare minimum. Tie these into when and how an employee moves around a building or campus using access control data and you can obtain behavioural insight, which helps to improve staff retention or identify a security risk.
Furthermore, in order to enhance cybersecurity, the combination of multiple technologies makes it possible to predict and recognise potential attacks. A simple example is to determine if personnel are logged into a computer at one location, but their access control usage is logged somewhere else – something that could signify a potential breach.
Historically an access control system would grant or deny access to specific personnel at different times for specific approved areas, such as plant and machinery, making it useful for health and safety management as well as security. With database sharing it is now possible for a system to be automatically configured so that an employee without a valid forklift license does not have access to the forklift keys, without an administrator having to manually change their rights. Likewise, it could provide alerts or even restrict access to areas if a worker has not had the required rest break times.
Access rights to controlled areas can be automatically linked to valid training and certifications – something that is particularly important in high risk areas such as where chemicals and other hazardous substances are present. Equally, if human resources and fleet management departments are networked to the DVLA, access rights into pool cars or a parking garage could be updated depending on the validity of a driving licence.
Watch this space
With the price of commercial space in many towns and cities at a premium, by developing a sound knowledge of an estate and gathering intelligent information, it is possible to enhance operational effectiveness and employee productivity. In addition to performing a time and attendance function, the analysis of movement around a building or estate highlights where people spend time, which departments use which areas and when, or the routes they take around a building.
This can highlight how space is being utilised and questions can then be asked about whether it would it be more cost effective and productive to change the configuration of rooms, relocate equipment such as photocopiers, provide fewer but larger workspaces, turn under-utilised desk space into meeting areas or cross charge different departments according to actual usage.
Likewise, financial directors can use this information to improve an organisation’s energy efficiency. All too often commercial buildings are lit up after hours, with only a small number of maintenance and cleaning professionals left in the property, most of who are concentrated in the same space. Collecting and analysing building occupancy data can greatly assist in determining where building services are needed, without wasting energy in unoccupied spaces. The same principle applies during office hours. In toilets and utility areas, for example, traffic is typically a lot lower than in the actual office space. Understanding the level of traffic in specific areas can even benefit a facilities management team as, for example, if people haven’t used a room then it won’t need cleaning.
Although the information gathered by an access control system clearly has numerous advantages in terms of BI, the use of personal data comes with significant responsibilities. The General Data Protection Regulation (GDPR) gives citizens control of their personal data and requires any organisation that operates in the European Union (EU), or handles the personal data of people that reside in the EU, to implement a strong data protection policy, encompassing access, secure storage and destruction.
The GDPR also states that there must be a lawful basis to process personal data for specific purposes. Therefore, an access control system that collects and manages data needs to be appropriate and there should be defined and clearly communicated policies around what type of data is being collected, why it is necessary, what it is being used for, who has access to it and how long it will be held for. This should be both transparent to employees to ensure engagement, while achieving organisational and legal compliance.
Making a difference
It is important to have a clear and specific strategy about how access control will enhance security, while keeping traffic flow as seamless as possible. Therefore, analyse and understand how data can provide beneficial insight, determine what is valuable and appropriate in terms of cost and acceptability, and then make a clear detailed plan. In addition, work with an expert security technology integrator to ensure that there are policies and procedures in place to support the implementation and, importantly, provision regular service updates to maintain the value, integrity and security of the system. This will deliver higher security, lower risk, potentially lower operating costs, facilitate better space utilisation, improved resourcing and improved productivity – giving you a competitive advantage.
For further information please email email@example.com or call 0845 121 0802