After the Breach: Damage Control and Complying with Regulations

No one wants to hear, “Our facility was breached,” yet physical breaches can and do happen. Whether it was hackers who took personal information from your corporate server, an employee who stole customer information, or valuable products stolen when a door was inadvertently left open, you are probably wondering what to do next.

There are many steps that will need to be taken, and an important one will be to ensure that your company still complies with any industry regulations. Most companies are required to adhere to regulations such as NERC for the electricity generation and distribution industry, HIPAA for medical records, FSMA for the national food supply, and PCI regulations that affect nearly every establishment that accepts credit cards or processes payment data.

Failure to Comply with Regulations Will Cost You

Non-compliance with physical security regulations can lead to steep fines. For example, if the FDA finds a firm non-compliant with the FSMA, it can impose expensive product recalls, or even suspend the processing facility registration, effectively halting business until the suspension is lifted. The FSMA also creates criminal liabilities for violations, with misdemeanors punishable by up to a year in prison and fines up to $100,000 for individuals. If a food contamination incident results in death, the individual fine can go up to $250,000.Fined

Even more, after an audit in February 2016, NERC levied a fine of $1.7 million on an energy company when it found a number of violations, including three perimeter doors with locks that had been disabled “so people could enter without the burden of security,” among other issues.

For the PCI regulations, fines for non-compliance rise over time, typically from $10,000 per month, up to $100,000 per month for high-volume businesses with months of non-compliance.

Mitigating Breaches Now & in the Future with Security Entrances

After a physical breach, you will likely need to show regulatory organizations that you have taken immediate and effective steps to ensure that a breach will not happen again. This can be accomplished through a physical security plan that includes processes, procedures and security technology all working together to ensure your facility is secure.

One key security technology to mitigate future breaches and to show compliance to physical security regulations is the use of security entrances.

Security entrances are distinct from standard swinging doors in their ability to secure a facility. No matter the type of credentials that are used to unlock a swinging door, once the door is open, access is no longer controlled. It is also nearly impossible to prevent employees from presenting a credential at a swinging door and then holding it open for others to enter. Therefore, swinging doors cannot be made secure.

Tailgating Video - 3 clips

Full Range of Security Levels

Security entrances are the ideal solution to secure your facility and also establish a “defensible stance” towards compliance; they provide a full range of security levels, from high-volume, lower security-level needs at main building entrances to high-security, multi-factor authentication for highly sensitive areas. They also integrate with all types of access control systems to enforce appropriate permission-based access.2018 Product Line Up-2

Security entrances at higher security levels are equipped with sophisticated sensors to ensure that only the authorized person is admitted. This includes anti-piggybacking and anti-tailgating sensors. Additional biometric identity solutions can be integrated to confirm identity. At high security levels, security entrances can not only confirm that access is successfully controlled, they can also operate effectively on their own to prevent unauthorized entry, even when security officers are not present.

Click here to read a blog post that provides a "compliance grade" for each type of security entrance.

Data Collection and Analysis

In conjunction with access control systems, security entrances collect useful operational data (on failed entry attempts, for example) that can provide input to training programs, or alert management to unused permissions or unusual usage patterns. Because they can be networked and integrated with access control systems, as soon as any person has revised access permissions, those permissions are instantly updated and implemented across your facility.

If you have experienced a physical security breach and are being challenged to prove the effectiveness of your current physical security strategy, the key to a solid response is through the implementation of an access control entry solution such as security entrances. They are the most effective way to control physical access and mitigate future security breaches.

The Role of Security Entrances in Regulatory Compliance

Greg Schreiber
Greg Schreiber has been with the company a total of 19 years and currently is the Senior Vice President of Sales. Greg’s career spans over 24 years in the security entrance and door industry in a variety of sales management roles, including National Sales Manager for Boon Edam since 2007, after the acquisition of Tomsed Corporation. Greg has successfully steered the North American and Latin American sales teams to produce double-digit sales growth in each of the last 4 years. A native of Pittsburgh, Greg graduated from the University of Toledo with a degree in Business Administration and currently lives in Venetia, PA.