Visitor Management System Features
Visitor Management has advanced a great deal in the past 20 years. For decades, except for the most secure locations, at best, visitors signed in on a clipboard and that was about it. One of the military bases that we worked with a few decades ago went to lengths to make sure that everyone entering the facility, especially during times of meetings, had an up-to-date security clearance…unless you were part of the cleaning crew. Then you were allowed in without question including at times when classified meetings were in progress.
My first taste of an insecure bifurcated policy came while I was contracted to the US Navy. The Navy research vessel was moored inside the industrial area at a Navy Base. Nobody got in without at least an active Secret Clearance. A group of us were working late and realized we had not stopped to eat dinner. So, it was decided that we would order pizza. A short time later, one of my employees, a former Navy troop himself, brought my pizza to me. I was surprised that it was delivered so quickly as I didn’t even know he had left the ship to go and pick it up at the front gate. I found out that pizza delivery people, even though we were at FPCON Bravo at the time, get a free pass. The pizza was brought directly to the brow of the ship, an area that required an active Secret Clearance.
Shortly after the events of 9/11, government and commercial facilities started to rethink their security policies. There is no sense in running exhaustive checks on the people that are supposed to be allowed in if you just go ahead and let the bad guys in the front door anyway! The threat of terrorism had a big impact on how we were to control visitors and what adequate safeguards would include.
Since 2020 in addition to threats from nefarious humans, the threats now include dangerous microbes.
The policies enforced by the Visitor Management System (VMS) should be configurable so that the VMS enforces and enhances the facility’s policies. The facility should not be forced to abandon good, well thought out, and effective policies because the VMS system policies are too rigid to adapt to new policies.
There are lots of new elements that have been added to the overall process of visitor management. The features that are needed will depend on several factors. Such factors include but are not limited to:
- The types of activities that take place within the facility to which the visit will take place whether or not the visitor is involved with them.
- The specific activities with which the visitor is involved.
- The visit records include the name of the sponsor of the visit.
- Does the visit require approval by a person authorized to approve visits?
- Will the visitor bring in classified or sensitive information? Will the visitor take away material or data that is sensitive or classified?
- Does the visitor require a security clearance or certifications?
- Has the visitor visited this facility or any related facility in the past? Were there any negative experiences with this visitor at this or any related facility?
- Is the visitor attending a public event held at the facility or has the visitor been requested for a specific purpose?
- Is the visitor a US citizen, a green card holder, or a foreign national? If they are a foreign national, are they visiting from a country that has been designated by the US government as hostile? If they are a US citizen, are they representing a foreign-owned company or government?
- If they are a foreign national, are they required to have a visa? If they are required to have a visa, is it a type that is acceptable for the type of visitation that is about to take place?
- What type of ID will the visitor use at check-in time? If it is a driver’s license, will it be from a state that produces a license that is Real ID Act compliant, and is that of concern? If it is of concern and their driver’s license is not compliant can the visitor bring an alternate acceptable form of ID such as a passport or government-issued photo ID card?
- Is the ID determined to be genuine when they check-in for their visit? If it is genuine, have we determined that has not been tampered with or altered?
- Is the visitor required to have an active NDA on file? And if so, is there already an active NDA on file, or do we need to have the visitor sign one when they arrive?
- Have we taken steps to ensure that the visitor is not infected with COVID-19?
- Do we need the person to attest to other restrictions associated with the visit? For example, if the visitor is going to drive on-premises, does the visitor have proper vehicle insurance? Will the visitor attest that they will follow any rules to be applied to the visit? Will the visitor, unless they are law enforcement, attest to not bringing in any firearms?
- Does the visitor require an escort while on the premises? If an escort is required, has the escort been identified?
- Has the principal location of the visit been identified? Have any additional locations where the visit will take place been identified?
- Can the person issuing the visitor pass be the same person that sponsored the visit and/or approved the visitor? Is there a “separation of duties” requirement in place?
In addition to the factors that affect our security, we also owe it to our visitors to protect their identity. We hear all too often in the news where somebody’s database has been hacked and their Personally Identifiable Information (PII) has been leaked. We don’t want to be the next victim of such hackers!
Critical Points of the Visit
There are three points in time-critical to the visitation process:
- Arrival and Sign-In
- During Visitation and Management
Some organizations always require visitors to be preregistered, others allow pre-registration, or they will also allow walk-ins. Still, others have no provision for pre-registration. The greater the amount of security that is required, the more beneficial pre-registration can be.
We know a US Army base that always required pre-registration but sometimes pre-registration only preceded sign-in by a few minutes. They wanted to achieve the security benefits of going through the preregistration process.
The Visitor Management System (VMS) should have a module dedicated to the purpose of pre-registering the visitor(s). There are two types:
- Visit Request type – This type is filled out by the sponsor of the visit. All of the visit information and the identity of the visitor must be entered by either the sponsor or his/her designee.
- When this is a visit request, the sponsor or requestor must enter information that positively identifies the visitor. This will include the visitor’s name and an ID number. ID Numbers are generally a driver’s license number and state of issue, or a green card number, or a passport number and country of issue.
- Social Security Numbers may still be required in very secure facilities which are used to vet the visitor through a federal law enforcement database such as the National Crime Information Center. Other than those specific cases, we recommend not storing Social Security Numbers.
- Visit Invitation type – This type is similar to the Visit Request type except that less information is entered by the sponsor. The sponsor does enter all of the information about the visit, such as dates, days of the week, and time of day, location of the visit, purpose, etc. The sponsor enters only minimal information about the visitor. The sponsor enters enough information that will allow the system to send the visit invitation to the prospective visitor but none of their Personally Identifiable Information (PII).
- The prospective visitor receives the invitation and fills out the response form and returns it. The response form will contain fields in which to enter the type of ID, the ID number, and the issuing authority. Other fields might be present for things such as citizenship, visa number, and type
- Information Common to both Visit Requests and Visit Invitations – Regardless of whether a visit registration starts as a Visit Request or a Visit Invitation, the following should be available features:
- The name of the visitor(s).
- The name of the organization employing the visitors.
- A flag to indicate whether or not the organization is US-owned or foreign-owned.
- The name of the sponsor.
- The name of the requestor filling out the request or invitation on behalf of the sponsor when they are different people.
- The date that the visit is to start, the date that the visit is to end, the days of the week that the visit will take place, and the starting time and ending time of each day that the visitors will be on site.
- Whether or not there will need to be an escort.
- It is also desirable for the VMS to include some number of definable fields. Different business types will sometimes need special fields for information that is unique to that business. Such fields are not likely to be present in an off-the-shelf VMS.
Vetting – The VMS should be capable of vetting the visitor at two points in time when the person is first identified as a person who a sponsor wants to visit and the second point in time is when they arrive. The reason for this bifurcated approach is that there is no sense in scheduling a visit for a person who is ultimately going to be refused entrance. The reason for the second check is that just because a person passes vetting the first time does not mean they will pass it when they arrive.
Some of this will depend on the time lag between when the person is invited and when the person shows up. Government agencies that update watchlists do not necessarily do so in a timely manner. Ideally, they would but budgets and manpower constraints don’t always favor a responsive update to the database.
On the other hand, if the VMS is coupled to a watchlist that is fee-based, then limiting the number of checks may be a good idea. For example, there is probably no likely advantage to vetting a visitor the day before the visit, the day of the visit, and again on the day of the visit when they return from lunch.
The VMS should have a way to set the policies to recheck on a schedule that makes sense to the organization.
Overrides – Another important feature is the ability to override an otherwise negative vetting response. A person may commit a crime at an early age for which causes a record to be created in a watchlist. But the crime was extremely minor and is not a prelude to any harm to people, organizations, or their property. But because it is a database, their entrance will continue to raise a flag. And once raised, security will have to deal with it yet again. A good feature is to allow security personnel to enter an override against that visitor’s profile record. Overrides will generally be for a finite period of time before they expire. But during the override period, the flag will not be raised, and they will gain entrance. Overrides need to be configurable so that they will work in conjunction with the facility’s internal policies.
Approvals – Once the visitor pass has been entered and the visitor information has been entered, and vetting has been completed, a person in authority must approve the visitor pass. This may be the same person as the sponsor, but it may be someone else depending on local policies. It is common to have a scheme that separates duties. The same person cannot request a pass, approve a pass, or issue a pass. This prevents too much authority from being placed on one individual. However, duties are separated, the VMS must be able to enforce these policies.
Arrival and Sign-In
The arrival and sign-in take place when the visitor arrives at the reception area. This could be a visitor center dedicated to processing all visitors to ensure that they are to be allowed to enter. In other cases, it may be a lobby where a reception desk handles all visitor sign-in processes. Sometimes in a campus-like setting, the visitor reception may be spread out over multiple buildings so that visitors are entering the facility near where the visit is to take place.
Without a VMS, busy reception areas with varying check-in processes are likely to get it wrong some of the time. Different policies may be in effect depending on the ultimate destination of the visitor, the citizenship of the visitor, the reason for the visit, etc. And getting it wrong is a security risk since those who have nefarious ideas can exploit confusing reception processes.
To reduce security risks, those handling the visitor reception must get it right each time. An important feature of the VMS is for it to know what policies apply to the sign-in process and to guide the reception personnel appropriately.
The sign-in process will locate any existing pre-registrations that have been approved for this visitor. This is also the starting point for organizations that permit walk-in visitors without pre-registering first.
Search and ID Proofing – The VMS must provide an easy way to locate any preregistered visit records. This can be done by entering the visitor’s ID number used when the visit is preregistered. An even easier way is to scan the credential used at preregistration time either with a barcode scanner or with a document authenticator. This will be covered in more detail a little later in this blog.
An important feature is “ID Proofing.” That means the VMS should be able to ascertain with reasonable accuracy if the visitor is who they say they are. It doesn’t do much good if all of the vetting for the visitor is against someone other than the person who is actually showing up.
An excellent way of ID Proofing is by requiring a visitor to use a state-issued driver’s license that complies with the Real ID Act. States that issue driver licenses that adhere to the Real ID Act have gone to great lengths to check birth certificates and other documentation. When accepting such licenses, you are leveraging off of the ID Proofing already performed by the state.
All states now issue driver licenses that are compliant with the Real ID Act but that doesn’t mean all driver licenses are compliant. Driver licenses that comply will have a small star insignia imprinted at the top of the card.
Document Authenticator – A desirable feature in VMS is its ability to interface with a document authenticator. Document Authenticators scan the driver’s license and compare the graphic elements to a database of templates. Document authenticators can detect that the license meets the graphic layout of the issuing state, that all of the graphic elements are correct. The document authenticator can detect if the license has been tampered with in any way.
Another feature of the document authenticator is its ability to detect if the license adheres to the Real ID Act. This will prevent non-Real ID Act compliant licenses to be used.
Document authenticators can also read the data and copy the ID photo directly from the driver’s license and input those values directly into the VMS. This relieves the guard that is processing the visitor from the need to key in the data and thereby reduces the chance of introducing keying errors.
The identity as identified by the document authenticator or as having been manually entered will locate any active preregistrations. This process will also locate an already valid visitor pass if the visit was for multiple days.
Vetting – The sign-in process, depending on local policies will resubmit the identities of the visitor back through the vetting process to ensure that nothing has changed in the background of the visitor that would preclude them from being admitted to the facility.
COVID-19 – It is now commonplace for organizations to reduce the chance of someone suffering from COVID-19 gaining access to the facility. At a minimum, the VMS should be able to present a questionnaire to the visitor, who must then answer it correctly before being allowed to enter. The system should be able to limit the need to answer the questionnaire based on frequency. For example, a visitor will answer the questionnaire in the morning, but not be required to answer the questionnaire again when returning from lunch.
NDA and Other Consent Forms – If the facility depends on an NDA or other written consent forms to be on file, then the VMS must ensure that such NDAs and/or forms are already on file or present a generic set of forms for the visitor to sign before being given a visitor pass.
Sign-In Recap – To recap the sign-in process:
- The VMS system user (guard, lobby attendant, etc.) scans the credential (typically a driver’s license, passport, or green card, but maybe others). Alternately information about the visitor may be manually keyed in. Any preregistered visits are located.
- The VMS transparently vets the people as may be required.
- The visitor successfully passes a COVID-19 questionnaire.
- The system verified that an NDA is already on file or presents a generic NDA for the visitor to sign. Other required forms may also be presented for signature.
During Visitation and Management
Visitor passes must be managed once they have been issued. Visitor passes will have a start date and an expiration date. In their simplest form, a visitor pass may not be used before the start date and may not be used after the expiration date. Additional granularity may be required. For example, a visitor pass can be encoded as to what days of the week they may be used. For example, if a visitor pass is issued for multiple weeks, the visitor pass may be encoded to not be accepted on weekends. Even tighter security can be achieved by restricting the earliest time of day that the person may enter the facility as well as the latest time of day that they may be on site.
Mobile Devices – The use of mobile devices is becoming more and more prevalent. There are many reasons for this but in its simplest form, it is not always convenient to perform VMS functions only when near a computer terminal. This subject is beyond the scope of this blog. This will be covered in a blog that will be posted in the not-too-distant future. If in the meantime you would like more information, please reach out to [email protected] or [email protected].
In this day in age, nobody wants to stay shackled to their computer to do their job. All key operations send out email alerts to those people that are responsible for doing something. For example, a person responsible for approving a visit will receive an email alert telling him that he has in queue visits awaiting approval.
Many operating points will cause an email alert to be sent. This is not an exhaustive list but shows some cases where an email alert would be helpful:
- Notify a sponsor that their visitor has been approved
- Notify a sponsor that their visitor has been disapproved
- Notify user(s) with the authority to approve a visit that visits are awaiting an approval
- Send security managers an alert if a visitor is allowed to enter because of a security flag override.
- Send a copy of the COVID-19 questions and generic NDA to prospective visitors so that they will know beforehand what they will need to answer and sign when they arrive at the facility.
- Notify the sponsor when the visitor has been admitted entrance into the facility
- Notify the sponsor if the visitor has not been allowed to enter and the reason the visitor was denied entry.
There are some systematic details to consider. These do not add much to the visitor management functions, but they do enhance the security and operation of the overall systems.
Cloud – There are a great number of advantages to using an application that runs in a cloud as opposed to a local installation. Please refer to our blog ” Cloud vs On-Premises” for more information.
Encryption – VMS systems by nature of what they do, store a great deal of personally identifiable information that could be used for nefarious purposes if it were to get into the wrong hands. Therefore, all the data stored in the system (data at rest) should be encrypted to a NIST-compliant encryption algorithm such as AES256.
All data in transit must also be encrypted to prevent a man-in-the-middle attack. Encrypting data sent between the user’s workstation and the server using a hash algorithm such as SHA-256 which even if intercepted by an unintended party, cannot break the encryption, and return it back to its plain-text state.
Single Sign-On – Many organizations prefer to have the VMS tie into their corporate Single Sign-On (SSO) systems. Common systems include Active Directory and SiteMinder as well as others. The VMS ideally will be flexible enough to be configured to work with a variety of SSO systems. Natively the system should allow the use of usernames and passwords.
Reduced Touch and Antimicrobial Materials – The more operations that a visitor can do on their home computer or mobile device the better. This limits the amount of interaction with local equipment.
A growing number of equipment options are being developed using plastics with antimicrobial properties. Such materials limit the grown of viruses, including COVID-19 on their surfaces.
Visitor management has come a long way since the days of a paper-based sign-in log on a clipboard. Please reach out to us with any questions or comments regarding your visitor management requirements.