Security up front.
To match this ambience is an inviting receptionist protected by a desk, a telephone, and a visitors' sign-in book. Through the usually large reception area pass clients, salespersons, stockholders, consultants, VIPS, executives, and full- and part-time employees. Other people such as office equipment technicians, messengers, employees' spouses and children, ex-employees, and interview candidates also pass through this space. If the reception area is the only entrance, add janitorial staff and construction workers to this mix.
Yet entrance areas also provide the initial impression of the level of security in an organization. For a small businesses whose employees, operations, information, and products are not at risk, identification and control of those who pass through the entry presents little problem. For larger businesses with valuable products, trade secrets, and confidential or sensitive company information, controlling access from the lobby to the rest of the facility is a real necessity. Methods and processes to accomplish effective security must be carefully planned if the architect's vision of how the lobby should look is to be maintained.
Unfortunately, the security professional is often presented with a fait accompli, a final design that is nonnegotiable, or with an existing lobby that is expensive to restructure. Early involvement of the security manager with the architect is the best cure for such headaches.
To create a secure working environment - secure for employees as well as for other corporate assets-the most fundamental precept of access control must be applied: Everyone entering the facility must be identified and have a legitimate purpose for being there. People are processed most easily if employees with readily identifiable credentials can be physically separated from non-employees. A post with an automated credential-reading system or a separate employee entrance with a security officer who can recognize faces or check badges is the most effective solution.
Depending on the size and nature of the facility, a third processing point for service representatives, janitors, and other contract staff may be considered. Alternatively, such semipermanent visitors could be issued badges to use at the employee entry point or points. Take special care to ensure such badges provide only limited access.
Address three major issues to ensure harmony among security, architecture, and actual use. These are architectural design criteria, systems considerations, and procedural elements.
Architectural design criteria. Ultimately, the entry area layout and design must rest with the architect. The following design criteria or constraints the architect should consider to maximize security are keyed to the accompanying exhibit.
1. Reception desk: Position the desk to provide the receptionist with the best view of doorways and persons who have not been processed. Include a flat surface at a suitable height for visitor sign-in.
2. Employee entry: If controlled by an automated credential-reading system, position the entry as far away as possible from visitor traffic, preferably at a separate entrance. If no systems are used, a guard post may be needed for employee identification.
3. Visitor entry: Psychologically, a receptionist is more likely to challenge a visitor passing to the secure side of the premises who does not have prior authorization if the receptionist does not have to raise his or her voice. Therefore, visitors should be funnelled to the reception desk and should not be able to access the secure side without passing close to the desk. Ideally, the receptionist should be able to unlock a gate or door to control the passage of processed visitors.
4. Visitor amenities: Telephones, restrooms, and waiting areas should be kept on the unsecure side, especially if visitors must be escorted once they are on the secure side. Pay phones should be within the sight of the receptionist.
5. General traffic: Traffic unrelated to the reception function should be kept away from the entry processing area.
6. Barriers: These may be solid walls, planters, or velvet ropes depending on the degree of security needed.
7. Conference room: For short meetings a small conference room in the visitor reception area negates the need to process visitors or to allow them into sensitive or secure departments.
8. Messenger center: Arrange a separate drop-off counter for packages, lunches, and other small deliveries.
Systems considerations. The use of control and monitoring systems for the main entry lobby or the remainder of the facility depends on the security level an organization needs. Assets at risk and the volume of pedestrian traffic dictate this level. The systems details described here are also keyed to the exhibit.
1. Reception desk: Unless traffic is minimal or the level of systems monitoring is very low, the desk should not be the location for central systems monitoring and control equipment during regular working hours. A receptionist or security officer cannot perform both the monitoring and visitor processing functions at the same time.
An emergency assistance call button located under the lip of the desk should be considered. With this button, the receptionist could summon help if belligerent visitors or disgruntled customers became a problem. An alarm-switched CCTV camera that views the desk activities would allow the central console operator to assess incidents and dispatch effective response.
2. Employee en : Controls on doors are effective only for a trickle of people. With higher traffic volume, piggybacking is prevalent and controlled turnstiles or motorized revolving doors are the only means of entry control.
Waist-high turnstiles are aesthetically more acceptable than revolving doors or turnstiles. However, these waist-high systems require additional surveillance such as CCTV or another security officer to detect jumpers. A video intercom unit is useful for identifying those employees who have forgotten or lost their credentials. This unit should be located to the side of the main traffic stream.
3. Visitor entry: Normally these doors would be open during regular hours. During off-hours, electric door locks controlled from the reception desk may be appropriate. An intercom (with a camera if visitors cannot be seen directly from the desk) will allow visitors to be identified and to state their purpose. Doors and gates should be fitted with door position switches to detect unauthorized intrusion or doors left ajar.
4. Visitor amenities: Call buttons in restrooms should be considered for emergency situations.
Entry doors are usually a major path of emergency egress, and free entrance or exit must be permitted in a panic situation. Electric locking devices on controlled doors, gates, and turnstiles must be capable of being released directly by the fire alarm system and must meet code requirements.
For high-security installations, walk-through metal detectors, package X-ray machines, and explosives detectors protect against visitors or employees intent on industrial sabotage or criminal activity.
Procedural elements. The degree of visitor processing depends heavily on the level of security. At one extreme, anyone who is not carrying an axe in his or her hand or who does not look like a hobo can walk past the desk. At the other extreme, visitors must have made prior written request, must provide positive identification, and may have to leave a driver's license or other valuable identification at the desk. These visitors may also be subject to personal and package searches and must be escorted at all times. The requirements of most facilities fall between these extremes.
The following are some suggestions to make visitor processing effective: * Even if visitors are required to sign in a book, the information is worthless unless supported at least by a business card. Reports of unchallenged sign-ins by Mickey Mouse, Donald Duck, and Bozo the Clown are numerous. * Issue visitor badges that indicate the date, department or person being visited, and the visitor's name. However, if employees are not required to wear badges, visitors only have to remove theirs to look like other employees. Visitors should be required to return their badges to the reception point when they leave, preferably signed by the employee being visited. * Call the person being visited to confirm the appointment, and if policy requires it, ask for someone to meet and escort the visitor. A signature by the escort when the visitor is collected will remind the employee of his or her security duties. * Receptionists should be trained to observe signs of drug dependence-the visitor may deal in more than just the company's products. * If badges are the selected means of employee identification by a security officer or by a badge reader, those who arrive without them should be directed to an alternate entrance. If security officers are distracted because they must examine other identification or issue temporary passes, it is simple for others to enter unchecked.
Different business settings or building structures such as high-rise office buildings provide the biggest challenge to effective entry control. Since high-rises are located mostly in high-density, urban areas, these buildings are at higher than normal risk from crime.
If the building is occupied by a single tenant, street-level, lobby-entry processing coupled with additional controls (either receptionist or automated systems) on sensitive floors is relatively easy to implement. A separate area for visitor processing is preferable as is a messenger center for packages, lunches, and unusual deliveries. Messengers should not be permitted to roam the building freely.
Multitenant buildings are more difficult to secure. Building management may provide security officers with sign-in sheets for off-hours. The officers may challenge anyone carrying out a package without a property pass. However, these controls are usually worthless. Anyone, even a person who looks like a derelict, with an envelope or a box of sandwiches along with a company and employee name perhaps taken from the building directory has access to the elevator banks.
A tenant that occupies multiple floors and enjoys a dedicated elevator bank can provide effective security at the elevator bank lobby. Once again, if space is available, lobby-level visitor and messenger centers make entry processing more controllable.
For tenants who occupy a single floor, their own elevator lobby is an obvious control point. If two or three contiguous floors are leased to a single tenant, using internal stairs and programming the elevators to stop on only one floor especially during off-hours allows for economical single point control. Where there are multiple tenants on each floor, tenants must control access at their own company's front door.
Except where the building has a sole occupant, beware of fire stairs and back doors. In a multitenant environment, no occupant has control over who is using the stairways so someone may be allowing free access to that space. Stairwell doors should be secured against reentry to the greatest extent possible within fire codes. The regular use of fire stairs by multifloor tenants should be carefully examined and appropriate controls implemented.
In a campus-style environment, the pastoral setting of multiple buildings spread across green and wooded acreage in a rural area appears to be a far cry from the urban high-rise. But from a security viewpoint, it may have as many holes as a sieve. The multiple entry points for each building compound the control problem.
Ideally, the campus should be secured at its perimeter. But zoning restrictions, aesthetics, ineffective barriers, and the costs of both implementation and operation often force the controls inward to the buildings themselves. If buildings are linked by pedestrian tunnels or enclosed walkways and are all within reasonable walking distance, one centralized, controlled entry lobby for visitors is most effective. Card readers can be installed on other building entrances for employee use.
If buildings are spread out and distances greater, multiple visitor reception points may be needed. A small lobby with a receptionist or security officer controlling access to the interior of the building is typical. If personnel economies are needed, a telephone in a secured lobby may be all that is required-the person being visited greets and escorts the visitor.
Security is a subjective discipline. The selection and application of protection solutions are often controlled by perception, corporate culture, public image, and the wishes of the company's top management. The guidelines discussed here cannot be implemented in a vacuum but must be customized to suit the security needs and operating style of each facility.
First impressions are important-the entry lobby not only sets the tone for a company's image but also provides the opportunity to project to both visitors and employees the organization's security posture and expectations.
Access control need not hamper or menace daily operations. Through a close working relationship between the architect and the security consultant, the process should seem natural, businesslike, and efficient. About the Author . . . David G. Aggleton, CPP, manages the Security Consulting Group of Electronic Systems Associates and has helped design security solutions on approximately 65 projects and with more than 30 architectural firms over the last five years. He is a member of ASIS.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||security considerations in company floor plans|
|Author:||Aggleton, David G.|
|Date:||Mar 1, 1991|
|Previous Article:||High-tech touring.|
|Next Article:||Environmental design at work.|