Access Control Requirements Gathering
Session 1
• The business requirements will form the basis of future projects and will determine the
eventual scope.
• If a ‘need’ is...
• Review each area of Access Control functionality.
• Prepare a set of draft Access Control BUSINESS requirements for each...
Defining the Threat- Review
• What threats are present?
• What are the drivers for an access control system? i.e. controlling visitor
numbers, protect...
Areas of Concern
• What general areas need to be controlled?- areas, rooms, locations etc?
• What exceptions exist?- i.e. Fire Exits etc?
•...
• What vulnerable points exist for each area to be controlled?- doors, windows, air
conditioning shafts, conduits etc
• Wh...
Health & Safety
• Are there any legal requirements? Health & Safety or Disability & Discrimination Act?
• How should access control act in...
Type of Access Control
• Should the system be automatic or manned?
• What types of barriers should be used for each of the areas in scope?- door ...
• How often will the access control be used in each of the areas?
• What level of security should be in place?
• If the po...
Operational Considerations
• How will access control be managed?- customer, Staff, Disabled Visitors/ Staff, Contractors
etc?
• What information will...
Integration to Other Systems
• Should there be integration between the Access Control System and other systems? i.e.
CCTV system?
• What information sh...
Management Information, Reporting &
Maintenance
• What information should the system capture?
• Successful access- user ID, time, location etc.?
• Unsuccessful access- us...
• What should the system do in the event that an access control point fails in the following
scenarios:
• Access point loo...
Any Questions?
Upcoming SlideShare
Loading in...5
×

Security Access Control Requirements Gathering Pack

171

Published on

This is a pack that I create to gather business requirements for a new Security Access Control system. It inlcudes basic questions that you should ask when completing an initial scoping exercise.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
171
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Security Access Control Requirements Gathering Pack

  1. 1. Access Control Requirements Gathering Session 1
  2. 2. • The business requirements will form the basis of future projects and will determine the eventual scope. • If a ‘need’ is not raised as a requirement, the project will not know that the system must perform an action- therefore it will not be included within the scope of the project or included within the end solution. • The requirements will be base-lined at the end of the Initiate Phase. Any requirements submitted after this date will not be accepted without a change request and associated funding (where applicable). • The identified business stakeholders are responsible for ensuring that all requirements are raised during the Initiate Requirements gathering process. The Importance of Requirement Gathering
  3. 3. • Review each area of Access Control functionality. • Prepare a set of draft Access Control BUSINESS requirements for each of the functional areas. • Agree a priority for each draft requirement. • Agree next steps, actions and areas for further investigation. Workshop 1 Objectives
  4. 4. Defining the Threat- Review
  5. 5. • What threats are present? • What are the drivers for an access control system? i.e. controlling visitor numbers, protecting people, protecting assets, anti-tailgating, anti-pass back, etc? • Who and what are we trying to protect? Defining the Nature of the Threat- Discussion
  6. 6. Areas of Concern
  7. 7. • What general areas need to be controlled?- areas, rooms, locations etc? • What exceptions exist?- i.e. Fire Exits etc? • What areas require enhanced access control?- i.e. Equipment Rooms, Data Centres etc • Why do these areas need to be controlled? What is the related threat? • What is the level of risk associated with these areas? • What is the function of installing control in these areas? Areas of Concern (General)- Discussion
  8. 8. • What vulnerable points exist for each area to be controlled?- doors, windows, air conditioning shafts, conduits etc • What points should have access control? • Should access be controlled on a location by location basis or should access be controlled to area ‘types’? Areas of Concern (Specific)- Discussion
  9. 9. Health & Safety
  10. 10. • Are there any legal requirements? Health & Safety or Disability & Discrimination Act? • How should access control act in case of an emergency?- i.e. release on emergency? • What is the definition of an emergency? • What fire officer requirements exist? • What provisions should be granted to the blue light services? • What are the requirements for disabled access? • When will the access system be operation? 247/ 365 or night time only? Health & Safety- Discussion
  11. 11. Type of Access Control
  12. 12. • Should the system be automatic or manned? • What types of barriers should be used for each of the areas in scope?- door locks, arm barriers, vehicle block devices etc? • What types of additional barriers should be used for the priority locations?- electronic keys, finger print scanning? • What type of verification measures should be used? Electronic key card, IRIS scan, Finger print recognition, ID codes, keys etc. • What should the user do when access is denied? Should an intercom system be present? Types of Access Control- Discussion
  13. 13. • How often will the access control be used in each of the areas? • What level of security should be in place? • If the power drops what should happen? • Anti-Tamper mechanisms? Technical Details Discussion
  14. 14. Operational Considerations
  15. 15. • How will access control be managed?- customer, Staff, Disabled Visitors/ Staff, Contractors etc? • What information will be captured against each person granted access? Name, address, role, date given, expiry date etc? • What period should access be granted for? • What types of protected access should be provided? • How will deliveries be controlled? • Where will data entry and monitoring of alarm activity take place? • How will data for entry or modification be gathered? • How will security clearance be processed? Operational Issues- Discussion
  16. 16. Integration to Other Systems
  17. 17. • Should there be integration between the Access Control System and other systems? i.e. CCTV system? • What information should pass between the systems? Integration Discussion
  18. 18. Management Information, Reporting & Maintenance
  19. 19. • What information should the system capture? • Successful access- user ID, time, location etc.? • Unsuccessful access- user ID, time, location, number of attempts etc.? • Should information be captured and available to view in real time? i.e. should it be possible to identify where an individual is located at all time? • What reports should be available from the system? • Should the system automatically alert based on event triggers? If so, what events should trigger alerts and how should the system alert? • What should the system do in the event of a breach? – i.e. a door is forced? Management Information & Reporting Discussion
  20. 20. • What should the system do in the event that an access control point fails in the following scenarios: • Access point looses power • Access point fails- i.e. reader not able to read card • Access point operational but input not detected- i.e. an issue with the card. • Access point breached? Support & Maintenance Discussion
  21. 21. Any Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×