There are four major classes of access control commonly adopted in the modern day access control policies that include:

• Role Based
• Mandatory
• Rule Based
• Discretionary

Normally, there are five major phases of access control procedure – Authorization, Authentication, Accessing, Management and Auditing.

Any modern access control system will have a detailed checklist of protocols to ensure each of the above phases are passed with flying colors, guaranteeing the greatest safety and most efficient access to the space you are trying to secure.

Authorization

Cloud-based access control systems (like Kisi) allow an administrator to authorize the user (whoever needs access to the space) with a specific level of access to any door connected to the required reader and controller. Conversely, authorization can be easily changed or revoked through a cloud-based administrator dashboard, meaning that all the data and user credentials are stored and managed securely in the cloud.

Authentication

When a user attempts to open a door they've been granted access to, the reader and controller installed on the door communicate via Bluetooth (or NFC depending on what type of access token is being used) to determine whether the person is indeed allowed access to that particular space. Authentication happens when the hardware connected to the door send a signal to the cloud database, essentially connecting all the dots within seconds to grant access to the user.

Accessing

Once the necessary signals and user data has been authenticated in the cloud, a corresponding signal is sent to remotely unlock the door for the person requesting access. The door temporarily unlocks just long enough for the user to enter and then locks automatically once the door closes again. The beauty of a cloud-based access control system for this purpose is that users can access the space without the need for a traditional key or token. Kisi allows users to enter a locked space with their mobile phone or any device that has been authorized by the administrator, whether it be a traditional NFC card, Bluetooth token or mobile device.

Management and Auditing

In terms of management, with a cloud-based access control system, it is extremely easy to manage access remotely as well as view the recorded data for each door and user in the system. Administrators are provided a clean interface (accessible from a desktop or on a mobile device) where they can track every detail of each unlock event for their users. A cloud-based access control system also means that software and firmware updates are seamless and require no effort from the administrator.

How and what criteria, conditions and processes should be implemented in each of those access control phases is known as a robust access control policy. This unified ACS policy will also cover the major component of the policy known as physical access control policy.

Importance of Physical Access Control Policy

Let’s imagine a situation to understand the importance of physical security policy. Every server and bit of data storage, customer data, client contracts, business strategy documents and intellectual property are under full scale logical security controls. However, a hacker is able to reach your IT room through some lapse in your physical security system. Perhaps the IT Manager stepped away from his computer during and important update, or an employee accidentally revealed where the key to the server room is kept. In the event of a hacker situation, will your logical security mechanism work as robustly as it is required to? The answer is never, which means physical security policy is a very critical, comprehensive element of access control that guards the assets and resources of the company.

The main points about the importance of physical access control policy include:

• Protects equipment, people, money, data and other assets
• Physical access control procedures offer employees/management peace of mind
• Reduces business risk substantially
• Helps safeguard logical security policy more accurately
• Helps getting the compliance of physical access control rules by ISO, PCI and other organizations
• Helps improve business continuity in natural disasters or destructive sabotage situations
• Improves effective tracing of culprits
• Reduce financial losses and improve productivity
• Fast recovery from any loss of assets or disaster
• Helps to take preventive measures against any possible threat

For more information about access control systems, you can consult our overview guide or learn more about Kisi security platform.