I recently carried out a security risk assessment on a very large site in Yorkshire. The primary purpose was to satisfy the customers need to know why his access control was so unreliable and why there were people on site that clearly had not fobbed through their designated access points, more importantly why was he suffering internal losses?.
Administered from head office.
The access control software is administered off site at their head office. The building in question is big place, the size of 3 football pitches with many entry points. At first it all went well, getting through the main gate was difficult. The guard wanted to know who I was what I was doing there etc. It was from there though that things started to unravel. The first door I tried opened without a problem. The reader indicated that it should be locked. I checked out the door furniture and found that the maglock was “missing”….not good! I carried on through two more unprotected doors and up to the main warehouse entry door. Not once was I challenged. I pushed open the door again this should have been locked, but the door itself was warped and would not close even if it was forced…another fail.
At the heart of the operation.
At this point I found myself in amongst goods of quite some value with not one sole seeming to care as I passed through the goods in area. At any point I could have picked up valuable items and carried them back out the way I came in. I continued on around the site and found that this trend of open doors and broken locks continued. It seemed wherever the staff did not have access they simply removed (by force) the maglock and there seemed no management structure in place to pick this up. Of course the locks and doors should have been monitored but apparently although this was originally designed into the system it was too annoying for the administrator who had other work to do as well so the alarms had been disabled. I was fairly shocked that a company willing to pay many thousands of pounds for a sophisticated access control system with top end software that could really do just about anything they needed, just had no idea how to use it! Having completed my site visit I returned to my car and headed out of the site. I was stopped by the barrier from leaving, at last some kind of security? No…The guard seeing my car simply opened the gate without even raising his head and waved me through. Surely he would at least search my car?
So in conclusion. My findings are winging their way to the company M.D as we speak. I am waiting to hear what the repercussions will be. Access control is a brilliant solution when used properly and a proactive security measure but I have seen exactly this scenario many times before. It seems to me that there are many factors that need to be addressed by end users who buy expensive access control packages consisting of biometric fingerprint readers, and very expensive software. Of all these factors it seems that the training and on going risk assessments carried out by their access control installers is poor to non existent. This article should serve to remind all access control users that a system is only as good as the people who look after it!