Physical Identity and Access Management (PIAM) Processes
For security professionals, managing an organization’s Physical Identity and Access Management (PIAM) is critical to protecting people, data, and company assets. Achieving and maintaining the highest level of physical security is dependent on the facility’s ability to manage physical security. These processes must effectively and efficiently establish accountability, ensure compliance, and have the ability to analyze current processes and procedures.
Data collected through a modern visitor management system helps companies develop a thorough understanding of their physical identity and access management (PIAM) needs. Every organization—regardless of size or industry—must consider the 5 Ws of PIAM: The Who, What, When, Where and Why.
When your organization is ready to review its physical identity and access management processes, the following questions need to be asked and addressed:
WHO is authorized access to your facility and/or specific areas within?
The crucial first step toward understanding your organization’s PIAM process is identifying who is authorized to access your facilities or specific areas within your facilities. Questions to ask in determining access authorization include:
1. What, if any, employees outside the IT department staff need access to the data center?
2. What visitors, if any, should be granted access to R&D labs?
3. What visitors, if any, should be allowed on particular floors?
Your response to these questions will help you set the policy framework for your organization’s PIAM program. Implementing a visitor management system provides a printed badge system for all visitors and vendors. Our software currently allows up to 12 different visit types. This customization makes it easy for your company to print badges that signify different areas of access. For instance, if a company has numerous floors, a visitor badge can help employees and personnel be aware of when someone is not in an authorized area.
WHAT types of identities should you designate?
The next step is to classify them, such as employees, visitors, vendors, contractors, etc. This step is important because identity establishes the level of trust and therefore access rights they should be granted. For instance, a person identified as an employee should be given a much higher trust level than a visitor; Although, not all visitors should be treated the same. When comparing visitors that are checking-in for a hiring process or those that are clients, you might want to have different levels of access for each of them. A traditional paper logbook doesn’t provide the ability to categorize guests, but a digital system makes it easy to give proper distinction.
WHEN are individuals granted access, and how long should credentials remain valid?
Establish limits for each identity type’s access—that is, the times they can access your facilities and how long their credentials should remain valid. Not only is it important to establish limits for employees, but it is also critical to establish limits for visitors, contractors, and vendors. Our visitor management system provides a check-out feature, which allows your employees to see in real-time, who has left the facility and who remains. We also can provide expiring badge options which over time the word ‘VOID’ will bleed through at either the 8, 12, or 24-hour mark.
WHERE are individuals allowed to enter a facility, and where are they at any given moment?
When reviewing your PIAM program, make sure to analyze data regarding identity lifecycles to establish where individuals enter and where they are within your facility at any given time. With our pre-registration feature, you can customize the email invitation to be sent out with specific instructions on which entrance the visitor or contractor should use upon checking-in. Global Admins also have up-to-the-minute dashboard access allowing them to see who’s on the location at any given time. A paper system lacks the security transparency a digital system can provide.
WHY have individuals been given access privileges—who approved these privileges?
Organizations should establish a “least access privilege” policy, which means giving people access to only the areas needed for their roles. Create an approval process workflows that include “required access guidelines” and “designated area owners” to approve access requests. This establishes a clear set of requirements for access and delegates responsibilities for approving that access.
Once your organization has answered the 5Ws of PIAM, you will be better able to provide consistent control and management of everyone who enters your facility. Contact our security professionals today at 1-888-718-0807 or schedule a demo to learn more about how visitor management can satisfy your PIAM needs.