Visitor Management – Are we collecting the right visitor information?
Visitor management in the workplace is changing. The paper-based log book with handwritten badges that used to be sufficient is now giving way towards more professional and automated solutions. I would like to share some insights for managing data within a visitor management solution that I have uncovered while talking to schools, corporate offices, hospitals and others. In these conversations, I have found that information is central to every element of these modern organizations, and visitor management is no exception. One of the first decisions to make when implementing a visitor management solution involves the information that is to be collected from incoming visitors.
Frequently, the decision to admit or deny entry to your facility and the type of access given to the visitor are based on the information the visitor solution receives. In today’s world, there is a great deal of information available to collect from the average visitor. Because of this large volume of potential data, the best approach to sort out required visitor details is to ask a simple question: “What’s important to the organization?”
Organizations that operate in a highly regulated industry, such as financial services or government offices, may find themselves being very granular in their information collection. Not every organization faces the same scrutiny, so making visitors supply numerous fields (which may never be looked at), has the potential to lessen the quality of the data. This happens when visitors and operators are in a hurry and will fill in anything to speed up the process. To strike the right balance, ask the following questions: What information is important to the business? Is there any value to knowing the job title of everyone who visits? Are addresses really necessary?
One good exercise in this area is to think about every possible piece of information you may want to ask from a visitor. Then, rank them in order of importance to the organization. Finally, ask: How long would it take most visitors to answer all of the questions?
To better find the right mix of data points to collect from visitors, keep these considerations in mind:
- Unique Identifiers – Visitor management solutions need a way to know that the John Smith who visited on Wednesday isn’t the same John Smith who visited on Friday. Unique identifiers are essential to keeping visitor records accurate and organized. Because people often share names, they will not work as unique identifiers. Other types of information used in the past, such as Social Security numbers, are now considered too sensitive to store as part of a record. There is one piece of information almost everyone has today that’s unique to them, and that is their email address. Consider making email address a required field in the visitor management system and using it as the unique identifier.
- Record Retention – The amount of data created and saved by a visitor management system depends, in part, on how many visitors come to the facility in an average day. The amount of data being saved can increase rapidly, resulting in a visitor management system that runs more slowly because there are more records to search. Creating and following a records retention schedule will improve system performance, make records easier to locate, help comply with industry or government regulations and reduce litigation risk. It’s common to store data in the system for at least 90 days, and then to move it to an archive for a period of one to three years. Ultimately, the timeframe depends on the organization’s needs.
- Standards Related to Visitor Management – Because there are regulations that govern when and how information is stored and shared, it’s a good idea to become familiar with the standards that apply in the area of visitor management. Some will pertain only to organizations in particular industries; others will depend on the geographic location of the facility. The European Union, for example, has more strict laws around privacy and data collection than the United States. Here are some regulations that may affect your organization: Payment Card Industry (PCI) standards, Health Level Seven® (HL7), Health Insurance Portability and Accountability (HIPAA), and standards regarding information security (ISO/IEC 27002).
If your organization has a compliance department, you’ll want to inquire about information that should not be retained, such as Social Security numbers, home addresses, birthdays and other forms of personally identifiable information (PII).
Learn more about implementing an automated visitor management solution by visiting our HID Visitor Management Solution page>>> hidglobal.com/solutions/visitor-management