Access Control Advice

Some criminals won’t go to the trouble of breaking into your business premises, if they can just walk straight in.

Bogus callers come in many shapes and sizes. They could be men or women, dressed in overalls or suits.

Not having correct access control not only compromises the security of tangible business assets, but it could also:

  • have the potential for making staff prone to violent attacks;
  • place staff possessions at risk from theft: How often are jackets left on a chair in an office with a wallet in the pocket?;
  • increase the opportunity for persons to hide on the premises until the building is closed and increase the opportunity for terrorist attack.

External Entrance

It is good practice to limit the number of outside access / egress points to as few as possible (see Fire Doors in the Physical Security section). This would limit the areas to be controlled, thereby reducing the cost.

Reception Areas

In most situations the reception area will need to be staffed, either by a receptionist, concierge or security guard. However, consideration should be given to when the person tasked with security in this reception cannot be present for any reason from a refreshment break to holiday periods.

Whereas personal identity cards may be necessary for employees, no one receptionist could possibly check the identity of every employee entering a large building. They cannot be informed of every lost card, personnel suspensions and dismissals, etc.

It is therefore preferred practice to have a physical device to control access (a turnstile, self-closing door, etc) overseen by a member of staff (to prohibit by-passing the barrier).

There are many manufacturers supplying aesthetic physical controls. Turnstiles, glass screens and doors have become discreet, non-oppressive in design, without compromising their function of access control.

Control Devices

In situations where there are few users requiring infrequent access, a key controlled lock is cost effective. But for situations with more staff and frequent use, other solutions are available:-

Coded Lock

A coded door lock can be mechanical or electrical. These require a pre-determined code (letters or numbers) to be pressed before the door becomes unlocked.

These systems tend to be effective only in limited use situations not demanding too much pedestrian traffic.

With any lock where all the users share the same code, there will always be potential problems associated with people leaving. Every legitimate user then has to be informed of the new code.

It is not uncommon for the code in a large business to be well know by everyone, employees, paper-boy, window cleaner, office cleaners, etc.

Consecutive or repetitive numbers should be avoided. Codes should be regularly changed.

Card Swipes

Systems in which a personal identity card is used electronically to afford entry to a building are becoming very affordable and a cost effective option for a business.

The action of using the card swipe can be used to control a variety of security procedures, from simple door locking mechanisms to turnstiles and alarm system control.

The systems available range from the simple to the elaborate. An inexpensive type uses pairs of cards. One is issued to the employee and the other is retained by the employer. The act of swiping the employer’s card through the doors for which that particular employee is permitted automatically authorises that employee entry.

More advanced systems are computer controlled and can be used for interrogating the system for a variety of reasons (eg time keeping).

In a situation where a greater level of security is needed, a coded lock and card swipe system are relatively common.

Many systems now have had incorporated into them an “anti pass-out” facility, which means that whilst the employee is recorded as being in the building their card cannot be passed to someone else for them to also gain entry.

Advanced systems

As technology has increased rapidly over recent years, so has the number of systems for controlling access.

Automatic authorisation systems that read people’s eyes, scan fingerprints, read identification badges from a distance (proximity readers) are no longer confined to science fiction.

If a higher level of access control is considered necessary, then the specialist manufacturers can assist.


There may be a requirement under various laws (Health & Safety, Fire, etc) for your business to record every person visiting the premises, in addition to the common sense need for security and fire safety reasons.

All visitors’ details should be recorded and verified, before issuing a visitors’ badge which should be easily identifiable from employees’ identity badges. On leaving, visitors should surrender their badges and be booked off site.

Visitors should be escorted throughout the building, especially when leaving, rather than be left to wander on their own. This also applies to delivery workers, service repair visitors, etc

Internal Access

Visitors and employees should be excluded from certain designated areas inside the premises. These designated areas (eg computer rooms, data storage areas, wages department, stock rooms, etc) may be identified because of the risk from sabotage (a disgruntled employee), casual and determined staff theft, or sneak- in type offenders.

This article is from ‘A Guide To Business Security‘ produced by Greater Manchester Police.