BY LOWELL ADKINS,
DUVALL GROUP CONSULTING, INC.
This is the second in a series of articles about access control and security on campuses. In the first article, I focused on the card itself – and primarily on the issues surrounding the issuance of a card. In this article, I want to begin to move the discussion to the users of a card access control system.
Identify all system users
Campuses aren’t just for students and faculty anymore. In the course of any given day, there are many people who have a legitimate reason to be on a campus. If you have a card access control system, even a limited one, these people will likely encounter it. You need to thoughtfully determine how that encounter will occur.
A great example is delivery people. Whether they work for one of the major international package delivery services or for the local pizzeria, delivery people are going to make their delivery – through, around, or over an access control system.
The most obvious way to accommodate those who will encounter your access control system is to issue them a card – using the same diligence as required in all other issuances. Even when people do not have an immediate need for card access, it may make sense to issue them a card. If everyone who is more than a casual visitor on campus is required to carry a card, it becomes an accepted standard for the right to spend time on the campus. Policies and procedures can be established that everyone, regardless of rank or position in the campus food chain, may be required to produce a current card upon request.
Issuing people a card makes them a part of the system and keeps the institution in control. For example, if all delivery people have a card, then the institution can negotiate who, when, and where deliveries can be made. When everyone understands the rules, including the potential delivery recipients, then there is a far better chance that everybody will work with the card access control system.
Many campuses issue a non-photo, generic “Contractor/Vendor” cards. I strongly recommend that all parties be issued a card with a photograph and that these generic cards be eliminated. Issuing photo cards allows for a uniform standard for those who spend time on campus. It also avoids generic cards that can much too easily be passed from one individual to another and for which there is no audit trail should that become necessary. You can vary the design by classification, color code them according to function, or provide different text information, but all cards should have a photo.
Issuing an individual a card does not meanthat you have had to make decisions about that person’s access rights. It just means that you have a standard for identity that is uniform and an in-place device for assigning whatever access rights you chose to grant when you are ready to do so.
Work for a culture of buy-in but know that your system will have some less cooperative users
The good news is that the vast majority of us follow the rules. There is in every situation, however, a subset who do not. The card access control system needs to be prepared for these people.
As I noted earlier, my personal belief is that getting people to follow the rules starts with getting buy-in that everyone has ownership of the system. Life is better for everyone when the largest possible number feels that they are a part of the system and that the system works for them. This, in large measure, means creating a culture. That culture includes maintaining high levels of customer service in the card issuing office for new and replacement cards; having reliable cards and card reading devices; assuring that everyone is properly assigned access and that that access is quickly changed/corrected when necessary. Creating a culture also means “talking up” the card system in various campus publications, at student orientation events, and in workshops/seminars on campus safety and security.
Creating a culture of ownership in the system will produce very positive results. It will be all the incentive most individuals need to cooperate with the system. For those who need other incentives to cooperate with the system, here are some thoughts.
Lost cards – The most effective motivator to encourage people not to lose their cards is to make the cards too valuable to lose. In the case of a card system where the card is more than a means to interface with the access control system, where it is also the interface to various business and activity functions, this is usually value enough. Indeed, the more activities that are on the card, the more value the cardholder assigns it and the harder he/she will work to avoid a loss.
In addition, make the card valuable in the sense of the financial penalty required to obtain a replacement. Often card replacement fees are cost based; that is, the fee is based upon how much effort and expense is required to replace a card. Perhaps the card replacement fee should be based upon the message to cardholders that that these are far more than pieces of plastic and that losing them has serious consequences.
Loaned Cards – There should be a strong, written, and well-publicized policy outlining the reason why the loaning of cards is unacceptable behavior. There should be zero tolerance of this behavior with potent penalties.
Propped doors – Again establish a strong policy against this behavior but”add even greater penalties. Remember, a propped door was an element in nearly every landmark legal case in campus access control/security history!
Tailgating – A group of students, all friends, walk together across campus and all need to get through the same door. One student uses his/her card and everyone enters on that one use. This is called tailgating and it is an everyday occurrence. A much higher risk activity is when a person uses his/her card to enter a door unmindful that a person unknown to him/her, tailgates on the same card use. Avoiding this dangerous behavior involves solid education and working to establish “street smarts” among your cardholders.
Another high-risk behavior that needs to be the subject of education and training is the simple practice of opening a secured door for others. When I was responsible for the card system at Duke University, I would sometimes be on campus late at night to check a problem at a door. Standing at the door looking a little frayed around the edges, a helpful student would offer to let me in. While one can appreciate this gracious attitude, you need to explain that assisting an unknown person to enter a door is inappropriate behavior.
In summary, when dealing with the various users of a card access system, strive to make them a part of the system and create a culture of buy-in and ownership. But, be prepared to deal with those choose not to cooperate.
Mr. Adkins is a respected member of the higher education card and security community. Contact information: Lowell E. Adkins; Duvall Group Consulting; 1270 E Voltaire Avenue; Phoenix, AZ 85022; 602-896-0107; [email protected]