Regulatory compliance: how a lack of clarity around the entry leads to fines
April 13, 2018
Many organizations spend a great deal of time and financial resources in making the entrances to their buildings artistic and beautiful, with designs and materials that inspire awe. They may work with an architect, engineer, or building contractor and ensure compliance to NFPA safety and fire guidelines regarding egress, along with the desire for user convenience and an overall aesthetic design. Often, they select standard swinging doors to make it more convenient for employees, visitors and vendors to enter. For security, they employ security officers to stand guard.
Standard Swinging Doors Introduce Risk
Unfortunately, there are a number of troubling issues surrounding the strategy mentioned above. Security officers are human and subject to distractions, absenteeism, fatigue, being spread too thin or overwhelmed during busy periods. No security officer can reliably “prevent” an intrusion incident at all times and in all locations – in fact, the term “social engineering” was coined to refer to commonly used techniques for getting around security officers. That introduces risk to the enterprise.
And a standard swinging door is often the choice when organizational management is under-informed of the security implications of that selection. The decision makers may also not have any security background. Swinging doors do not, and cannot, prevent unauthorized intrusions, and thus they place an organization squarely in the chain of liability should an intruder cause harm or physical or data loss.
Failure to Meet Physical Security Regulations Results in Fines and Penalties
The lack of clarity around how an entrance is designed and secured not only increases physical and cybersecurity risks, it also places a company at risk of liability that can lead to crippling fines and penalties. Laws and regulations such as HIPAA, HITRUST, PCI Data Security Standard, NERC CIP, FERC, FISMA, ISO, FDA, TAPPA and others have maintained a cyber-heavy emphasis. However, today virtually all regulations mandate some form of physical controls that address unauthorized entry and the control of access into a facility. Non-compliant firms may be subject to significant fines and other actions. Below are a few examples:
As an example, electric utilities are subject to NERC CIP 14 5-6, which works to ensure the reliability of the North American power system. One utility was recently fined $1.7 million when NERC found a number of violations, including three perimeter doors that had been altered so they didn’t lock “so people could enter without the burden of security,” among other issues.
Healthcare businesses must comply with HIPAA regulations regarding the protection of patient health information, including limiting physical access to the data. Individuals that knowingly obtain or disclose such information face criminal penalties including jail time. Even if a firm violates HIPAA rules unknowingly, they are still subject to fines up to $50,000 per violation, up to an annual maximum of $1.5 million. Firms that are negligent in protecting their physical points of entry could be found responsible for disclosures perpetrated by intruders.
Any firm that involves financial services, from banks to mortgage lenders to car dealers, has to comply with the Gramm-Leach-Bliley Act, or GLBA, which requires firms to take steps to protect the privacy of customers’ financial data, including the development of a written security plan and “a thorough risk analysis” to protect the data. Non-compliance carries a fine of $100,000 per violation and includes potential jail time of 5 years. As is the case for HIPAA, firms that are negligent in their physical security could be found non-compliant.
Security Entrances Mitigate Risks and Liabilities
Security entrances are designed to prevent unauthorized intrusion and meet regulatory compliance. They provide for a range of assurance levels, from models designed to support guarded entrances all the way up to unstaffed entrances with very high security levels. High security entrances actually eliminate tailgating while ensuring, through biometric authorization, that the individual entering the facility is the one who is authorized – and not another person carrying their credentials. In every case, security entrances mitigate unauthorized entry while allowing for two-way traffic and emergency exit. When unauthorized entry is addressed, several risks are mitigated at once – including both the physical and cyber security threats. From a liability standpoint, blocking intruders reduces the risks to the personal safety and security of staff, visitors, and anyone else in the facility.
The entrances of your facility must be considered as part of your whole security solution, in the planning phase and then in an ongoing way. This is the best way to address and mitigate risk and avoid any potential liabilities, compliance violations, and expensive fines.
Written by Pierre Bourgeix
Pierre has over 20 years of solutions selling and consulting experience in the security industry, most recently as the owner of his own consulting company, ESICONVERGENT LLC. Pierre has an MBA in Business Administration from UCLA Anderson School of Management and resides in Cleveland, Ohio.
Company: Boon Edam Inc.
Of: Pierre Bourgeix
How are mantrap portals designed to mitigate physical security risk? (March 12, 2018), Linear motion track systems and how they help you (January 29, 2018), From west to east with Howe Green access covers (January 4, 2018), Four Cross-Departmental Benefits of Electronic Access Control (October 13, 2017), Accuride Integrated Access Solutions: The New Frontier of Access Control (August 15, 2017)
Flipper & Pocket Doors: What’s the Difference? (March 29, 2018), How are mantrap portals designed to mitigate physical security risk? (March 12, 2018), A Gateway To A Translucent Space (December 15, 2017), Art Gallery of Ontario enjoys more space and comfort with BoonAssist TQ revolving door entrance (November 28, 2017), Kawneer Project Profile: Heifer International World Headquarters (November 2, 2017), Mitigating Protests, Smart Mobs and Crime with Manual Revolving Doors (September 6, 2017), Security Entrances Protect Your Bottom Line and More (March 31, 2017), The Original Orange Elevator Smoke Curtain (March 28, 2017), Brass clad & bronze clad doors & frames (January 30, 2017), Mantrap Portal Solutions Eliminate Piggybacking (January 23, 2017)
How are mantrap portals designed to mitigate physical security risk? (March 12, 2018), Entrances & entryways - making an impact (March 2, 2018), Portable security booths (February 22, 2018), Why access control systems will never be enough to protect your premises (January 11, 2018), Art Gallery of Ontario enjoys more space and comfort with BoonAssist TQ revolving door entrance (November 28, 2017), Kawneer Project Profile: Heifer International World Headquarters (November 2, 2017), Attractive Bulletproof Barrier Design (October 27, 2017), Andamar Lifestyle Center uses revolving doors to combat wind, air infiltration (October 25, 2017), Security Trends: Campus Challenges, Manpower Importance, & Measuring ROI (September 26, 2017), Mitigating Protests, Smart Mobs and Crime with Manual Revolving Doors (September 6, 2017)
Smoke Control in High Rise Buildings (March 2, 2018), Portable security booths (February 22, 2018), Best places to use cable railing (February 19, 2018), Railing color: a hidden choice (January 24, 2018), Builder Spotlight: Jordan Iverson - Pride of Eugene, Oregon (November 13, 2017), The Benefits of Fire Retardant Curtains in Schools (October 16, 2017), Skylight guarding with SRC - Skylight Screens (October 10, 2017), OSHA’s new Respirable Crystalline Silica Rule is now in effect. The deadline has passed. Are you compliant? (October 9, 2017), Cable railing ideas for indoors - stairs, lofts & more (September 14, 2017), Removable storm shutters & panels (August 30, 2017)
How are mantrap portals designed to mitigate physical security risk? (March 12, 2018), Portable security booths (February 22, 2018), Using security bollards and barriers to protect property and pedestrians (February 2, 2018), Why access control systems will never be enough to protect your premises (January 11, 2018), Securing your bulletproof glass investment in 2018 (December 18, 2017), Bullet Proof Barriers For Utility And Electric Co-Op Offices (November 21, 2017), Attractive Bulletproof Barrier Design (October 27, 2017), Andamar Lifestyle Center uses revolving doors to combat wind, air infiltration (October 25, 2017), Four Cross-Departmental Benefits of Electronic Access Control (October 13, 2017), Security Trends: Campus Challenges, Manpower Importance, & Measuring ROI (September 26, 2017)