No matter how expensive and advanced an integrated access control system is, none of the technology leaders can offer a solution when the janitor props the back door open to take a smoke break.

The Greater Cleveland Regional Transit Authority (GERTA) has a moderately sized security system, with 700 access-controlled doors on a central station and another 200 doors centrally monitored for exit only. There is also a special district police force for incident response. What wthe system is lacking, however, is the administrative backbone to make the technology work.

While the systems are highly developed, the major integrators offer nothing in the way of educational materials for users, including user-ready reports or post-incident tracking data.

So in 2001, the authority began to develop and implement an organization-wide program of education and utilization management.

The first step was the creation of a program called “Single Alarm and Access Control Coordination,” which involved naming a responsible party, or SAAC, at each site location. The individual having administrative control over the particular facility named a SAAC, most frequently, a management staff member.

The facility SAAC has the responsibility and sole authority for coordinating the individual access assignments, determining who may enter where and when. The SAAC is responsible for responding and resolving any internal access disputes. Since the organization is a government entity, the Legal Department raised the need for an appeals process, but so far it has never needed to be deployed.

If an employee needs temporary access to the site on a Saturday, the SAAC is responsible for making the necessary changes, enhancing or deleting access privileges via a Web program. While it is the transit authority’s job to maintain the overall integrity of the controls, ensuring an effective day-to-day program requires that decisions be made and executed at the local level.

The next part of the process was to promulgate the rules for usage and the consequences for abuse. For example, not using a RX (request to exit) device resulting in a false signal or inappropriate use of a duress button are monitored and reported.

To inform the users, the authority drafted a brochure that is provided to every user upon issuance of a new or replacement access card. The second step was the posting of signs at appropriate trouble spots.

Finally, the organization integrated the concept of total quality management to provide feedback to the SAACs of any breaches or abuses. The most serious breach is the activation of a duress alarm, since it results in active police response. If, upon arrival, the transit police officer cannot locate the employee, the access history of the specific area is reviewed.

Then, an e-mail to the SACC having jurisdiction is sent:

To: SACC
From: Access Control
Today at 13:55 (1:55pm) [Named Employee] entered the E83rd Facility room 112.

At 1400 (2:00pm) we received a duress alarm from that location.

While we cannot state with any certainty that she triggered the alarm, such false alarms are harmful. They re-deploy assets from the field to respond and they create an atmosphere in which actually alarms might be over-looked believing them to be false.

The organization maintains a database of any such incidents and uses them to counsel the employee or in some circumstances, as documentation for disciplinary action.

The post-purchase implementation of such a system-wide access control program involves the commitment and efforts of many individuals throughout an organization. It is, however, imperative to achieve the maximum effectiveness from any technology an organization might select.

Bernard L. Buckner, CPP, is security systems manager for the Greater Cleveland Regional Transit Authority. He has over two decades of Law Enforcement experience. While Holding a Masters Degree, and a graduate from the Harvard University's Program for Senior Executives, Buckner has a solid technical background including training from American Society Of Industrial Security, the Ohio Peace Officer's Training Council, FBI, State Fire Marshal and the Federal Law Enforcement Training Center. He has served as police chief, safety director, security guard and security manager. He is a certified workplace violence instructor from CPI and a certified central station operator instructor from SIA.