Printer Friendly

Maintaining integrity.

EVERY YEAR CORPORATIONS spend significant time and money evaluating, planning, and installing access control systems. What is often overlooked, however, is the ongoing management of the equipment.

Few security organizations truly manage their access control system. Operators using the hardware and software rarely understand completely why particular features exist, the purpose of the system, and how problems are managed. To oversee a system responsibly, an administrator must develop processes that ensure the system's integrity, establish proper administrative and operational controls, and monitor performance. An administrator's success may depend on how well policies are communicated to the system's various users--management, system operators, and badge holders.

One way to relay the information is to prepare a set of in-house guidelines. Managers interested in developing a written systems management policy can begin with the following highlights.

System overview. Knowing the access control system's configuration--the central computer, communication lines, modems, distributed intelligent panels, operator consoles, printers, and input and output devices--the administrator can prepare an illustration of the system, equipment, and its placement at a site. Having these diagrams helps operators visualize how the system is set up and quickly pinpoint potential trouble spots. These diagrams should identify how equipment is interconnected and which components control other components.

If the equipment at remote sites is monitored over leased telephone lines, the alarm and access implications of operating the remote site in degrade mode must be understood, in case the communication lines fail. All leased telephone lines should be listed and identified.

A brief overview of the system and its objectives, selected features, and general operation should also be included in this section.

Software settings. The defined software features set operational parameters on the system, its components, operations, and badge holders. Before new features are implemented or existing features are adjusted, some limited testing should be performed. The testing can identify the impact that the new software setting might have on system devices, badge holders, or both. A means to return the system to its original setting should be allowed. Following are a few examples of some not-so-obvious mistakes.

Staggered connection times. Periodic communications between the host and remote equipment can occur as the result of alarm conditions or a scheduled activity. Scheduled connection times should be staggered to prevent engaging all dial-up lines at the same time. If all dial-up lines are engaged, alarms at the remote site will not report, if at all, until a dial-up line is released.

Time zones. Time zones may be assigned to system devices and operators as well as access levels. Critical equipment should be assigned a time zone that is continuously enabled or a default time zone that will prevent accidental shutdown. Time zone values should not be shared among different types of software settings, for example, operator names and equipment. Someone could inadvertently adjust a time zone without realizing the effect this might have on devices, operators, and badge holders.

If an access control system cannot account for differences in geographic time zones, unique time zones may need to be created that coincide with the business operations in those areas. For example, a host computer may be located in Detroit (eastern standard time), while the monitoring equipment is in Chicago (central standard time). Improperly assigned time zones might inadvertently open or lock doors or disable consoles and printers when they should be operating. This may also present problems for security when requesting reports of access history.

Antipassback. Antipassback is a software feature designed to prevent an authorized badge holder who has gained access to an area from passing the badge back to another individual attempting access to the same area. However, the term has evolved to describe the placement of any access restrictions on a badge that limits its continued use in a single reader. These restrictions are typically implemented in two ways.

One method is a time-based restriction. Such a restriction will not permit re-use of a badge in a particular reader for a specified length of time. The other method requires use of a badge in a sequence of access and egress readers. In the latter case, appropriate hardware must be installed to support antipassback control. If the hardware is not installed properly, badge holders will inadvertently create situations where they are on the "wrong side" of the door. Complaints will pour in, and badge holders will become frustrated with the system. With either method, it is important to understand how to reset individual badge records and how to deactivate the antipassback feature, if necessary.

Alarm management. Alarms are the access control system's way of saying that something is wrong--for example, a piece of equipment has been tampered with or a trouble situation has been detected. Alarm management ensures that operators receive the alarm and respond properly.

When assigning priorities to alarms, growth for new alarm categories should be allowed. This lets the user add priorities for new alarms without having to adjust existing priorities on current alarms. For example, the user can specify a range of priority numbers to a category of alarms.

During setup of an alarm, the user may have the option to reset or build in automatic repeat times if the source of the alarm will not reset. Too low a value should not be specified, because alarms that repeat too frequently can force the system into a loop where operators cannot acknowledge the alarms fast enough before they are presented to the operators again.

Alarm bumping is a feature that allows the user to optionally define a period of time after which the system may route the alarm to another console if it has remained unacknowledged by the operator. While this may be a desirable feature, without proper planning it can lead to unanticipated consequences. For example, the local operator in Chicago views alarm messages during the day. Perhaps an emergency develops at the site, and the operator responds. The alarm instructions tell the operator to call 911, meet the emergency response units, and escort them to the alarm area.

After calling 911, the operator leaves to assist at the scene but neglects to acknowledge the alarm message. If the alarm bumping time limit expires, the alarm is routed to the Detroit control center. Will that alarm appear to the control center operator with the same text--Call 911--or does the system allow the user to set up alternate instructions?

Similarly, if the company has several remote sites, alarms might be monitored at each site during the day but at a single central control center at night. If this is the case, alternate response instructions should be considered if the alarm is bumped.

Security may want to consider keeping on the screen an alarm involving an inoperative device, for example, a door contact. The visual element will remind the user and other operators to check on the unit's repair status. Typically, administrators place this alarm in a maintenance mode or disable the input to remove it from the alarm screen. Unless the system allows the administrator to present an alarm maintenance status screen periodically, there is no guarantee that an operator will remember to enable the alarm input after it is repaired.

Passwords and operators. Password protection or other log-in protocol is essential for an access control system. Many systems require an operator name, a password, or both. In addition to logging on, operator names are typically used to send system messages between operators. Therefore, the operator name is often known and published within the group. Passwords, however, should be protected by the operator and not shared with anyone. Operator privileges are defined based on work responsibilities and assigned accordingly.

If job responsibilities differ for operators on various shifts, an access control system may enable the user to assign operators passwords with time zones. If this is done, some operators may work overtime and need a time zone that accommodates both shifts.

Managers should consider allowing nonsecurity personnel to log on to the access control system. If the user sets up an operator name with minimal privileges, these operators, such as maintenance staff, could investigate alarms involving equipment before they become security issues. The importance of logging on and off the system each time an operator begins or completes a work session must be conveyed to each user and enforced by management.

Access control reports. Developing, providing, and reviewing reports are critical aspects of the access control system management process. Regularly scheduled reports provide the management team with the information needed to audit and maintain the system's data integrity.

How the personnel and payroll departments update their systems for terminations, promotions, leaves of absence, and new hires should be determined as well as how such information is to be entered into the access control system.

Management reports should also list promotions and demotions from company management. New managers may need an access level added to their badge that permits access during strikes. Similarly, demoted employees may need this access level removed. This is particularly important in union companies.

Badge reports should list all permanent employees who are assigned badges. The total number of permanent badges listed on this report should equal the number of people employed in the company. Any discrepancies between these figures should be accounted for.

Contractor reports should identify all badges assigned to contractors. The reports should list the contractor's name, badge expiration date, access levels, and sponsoring manager. Secured area reports should list all badges that have access capability. The manager of the controlled area should review, revise, sign, and return the listing to security where updates will be made. Security access level reports should also list all badges assigned to security personnel. Because the security access level provides access to virtually all site locations at all times, it should be reviewed by management at least once a month.

Operator reports should list all system operators, passwords, and authorization levels assigned to each operator. Security management must review this report for changes, deletions, or adjustments, then sign and file. Operator activity reports should list any system operator violations. This report should be reviewed for repeated violations and determine if an investigation is warranted.

Reports should be run to review system communication performance. At this point the user should determine whether excessive communication failures to the intelligent panels caused file corruption and what the source of the problem is. System database error reports should also be run. If errors occur, their frequency should be determined and the user should refer to the system's technical manuals to determine what, if any, action needs to be taken.

Badges. Badges come in a variety of types and, when properly encoded and assigned, can provide a wide range of information. The following issues should be considered when setting up badges for an organization.

The company address should not be printed on the badge; instead, a post office box number should be provided. Eliminating the street address may discourage someone who finds a lost badge from bringing it to the site and using it.

Automatic badge expiration dates should be staggered. They might, for instance, be tied to the last day of the employee's birth month. Users have been known to enter the same date for hundreds of badges. This oversight becomes painfully obvious when hundreds of people cannot enter the facility on the expiration date.

It is important not to punch a hole for a clip without physically running the badge through the badge reader. Misplacing a punch hole for a clip may keep the badge from sliding though a badge reader, making it useless.

The use of artwork, insignias, or colors in ID backgrounds should be reconsidered. While this has some appeal, it requires the employee be issued another badge if transferred to another department and creates another item that must be audited for compliance.

Employers may also consider placing an expiration date on all company badges. Should a terminated employee retain a badge, it will eventually become outdated. The frequency picked for expiration--for example, every two years or five years--should not burden the employees of the company unnecessarily.

System backups and maintenance. Most access control systems provide an economical and practical means of backing up data files. Such backups should be made on a scheduled basis and whenever significant changes to the database take place.

Backups may include the operating system, the database manager, the application software, or specific application data files. The scope of each backup must be delineated, and storage and protection of the tapes should be considered. Users should also learn how to back up and retain the transaction log.

Access control system manufacturers cover equipment with various types of service agreements. The user should be familiar with the warranties for all software, including the operating system and the database software as well as the access control application.

System problems are highly visible and potentially disruptive to a business. Problem management is critical if executives, operators, and badge holders are to accept the system. The proper controls are in place if all operators and badge holders know who to contact when problems arise, problems do not remain unresolved for long periods of time, and recurring problems are identified and resolved.

Disaster recovery program. Disaster recovery programs encompass both planning for contingency responses and managing emergency operations. A plan should include the necessary information required to rebuild or replace the access control system and the temporary controls to be implemented until the restoration is complete. The security department is responsible for planning procedures that provide access control service to the organization in the event of a system failure during a disaster.

A disaster recovery plan should be developed that addresses how to handle operations under many circumstances, including acts of God. Disaster recovery at remote locations should also be considered.

If operators periodically change passwords, a report should be obtained of all previous operator names and passwords. This confidential report should accompany any data back-up tapes or disaster recovery tapes to a secure storage place. If the user needs to restore data using these recovery tapes, these operator names and passwords enable the user to log on using an operator name and password current with the data on the tapes.

If the system requires a badge to log on, a badge should be included with the disaster recovery tapes. The badge must be active on the recovery tapes. After backing up, this badge should be deactivated.

The security organization is responsible for the integrity and performance of its access control systems. Few corporations can afford the expense of learning proper administrative controls via the school of hard knocks or piecemeal disasters. Security practitioners must learn to anticipate problems created by new product applications or environmental factors.

Earl E. Truncer is product support specialist for Sensormatic Electronics Corporation in Deerfield Beach, Florida. Maureen L. Magee is senior technical writer for Sensormatic.
COPYRIGHT 1993 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:System Administration; access information mangement
Author:Truncer, Earl E.; Magee, Maureen L.
Publication:Security Management
Date:Jun 1, 1993
Previous Article:The people problem.
Next Article:Security Officer's Training Manual.

Related Articles
Update on FTA EDI Audit and Legal Issues Task Force.
HHS proposes new standards for electronic transmission of medical records.
Medical privacy.
A New Australian Regulation for Electronic Tax Records.
Shared Data Clusters: Achieving Application Scalability And Availability With A SAN.
The power of PKI: PKI can be used to solve business problems, save provider organizations time and money, and streamline patient care....
The digital future: a look ahead: information management professionals will find new challenges, strategies, and approaches in store with digital...
Towers of integrity: rebuilding fraud free.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters