No one wants to hear, “Our facility was breached,” yet physical breaches can and do happen. Whether it was hackers who took personal information from your corporate server, an employee who stole customer information, or valuable products stolen when a door was inadvertently left open, you are probably wondering what to do next.
There are many steps that will need to be taken, and an important one will be to ensure that your company still complies with any industry regulations. Most companies are required to adhere to regulations such as NERC for the electricity generation and distribution industry, HIPAA for medical records, FSMA for the national food supply, and PCI regulations that affect nearly every establishment that accepts credit cards or processes payment data.
Non-compliance with physical security regulations can lead to steep fines. For example, if the FDA finds a firm non-compliant with the FSMA, it can impose expensive product recalls, or even suspend the processing facility registration, effectively halting business until the suspension is lifted. The FSMA also creates criminal liabilities for violations, with misdemeanors punishable by up to a year in prison and fines up to $100,000 for individuals. If a food contamination incident results in death, the individual fine can go up to $250,000.
Even more, after an audit in February 2016, NERC levied a fine of $1.7 million on an energy company when it found a number of violations, including three perimeter doors with locks that had been disabled “so people could enter without the burden of security,” among other issues.
For the PCI regulations, fines for non-compliance rise over time, typically from $10,000 per month, up to $100,000 per month for high-volume businesses with months of non-compliance.
After a physical breach, you will likely need to show regulatory organizations that you have taken immediate and effective steps to ensure that a breach will not happen again. This can be accomplished through a physical security plan that includes processes, procedures and security technology all working together to ensure your facility is secure.
One key security technology to mitigate future breaches and to show compliance to physical security regulations is the use of security entrances.
Security entrances are distinct from standard swinging doors in their ability to secure a facility. No matter the type of credentials that are used to unlock a swinging door, once the door is open, access is no longer controlled. It is also nearly impossible to prevent employees from presenting a credential at a swinging door and then holding it open for others to enter. Therefore, swinging doors cannot be made secure.
Security entrances are the ideal solution to secure your facility and also establish a “defensible stance” towards compliance; they provide a full range of security levels, from high-volume, lower security-level needs at main building entrances to high-security, multi-factor authentication for highly sensitive areas. They also integrate with all types of access control systems to enforce appropriate permission-based access.
Security entrances at higher security levels are equipped with sophisticated sensors to ensure that only the authorized person is admitted. This includes anti-piggybacking and anti-tailgating sensors. Additional biometric identity solutions can be integrated to confirm identity. At high security levels, security entrances can not only confirm that access is successfully controlled, they can also operate effectively on their own to prevent unauthorized entry, even when security officers are not present.
In conjunction with access control systems, security entrances collect useful operational data (on failed entry attempts, for example) that can provide input to training programs, or alert management to unused permissions or unusual usage patterns. Because they can be networked and integrated with access control systems, as soon as any person has revised access permissions, those permissions are instantly updated and implemented across your facility.
If you have experienced a physical security breach and are being challenged to prove the effectiveness of your current physical security strategy, the key to a solid response is through the implementation of an access control entry solution such as security entrances. They are the most effective way to control physical access and mitigate future security breaches.