FMJ, the official magazine of the International Facility Management Association (IFMA), is written by and for workplace professionals and is published six times a year. FMJ is the only magazine that draws on the collective knowledge of IFMA’s global network of thought leaders to provide insights on current and upcoming FM trends. For more information on FMJ, visit

Stopping the big bad wolf

Developing a holistic visitor security system for today’s needs

by Bernard de Vaal — This article originally appeared in the May/June 2019 issue of FMJ

We live in fearful times: terrorist threats, cyber-attacks, Trojan horses, earthquakes, floods and the unpredictable nature of society in general. It can all be overwhelming. Technology provides a seemingly endless stream of information that can easily evoke a knee-jerk reaction in even the most level-headed facility manager when deciding how to keep an organization’s premises, staff and data safe.

On top of having to guard against these security threats, regulatory bodies have set compliance measures that industries must adhere to. This includes protecting users who may blindly entrust companies with their private data. According to a USA Today article, ineffective data security practices have led to billions of users’ confidential information being breached by malicious hackers in 2018 alone1.

Are we allowing a proverbial wolf in sheep’s clothing into our facilities because of disjointed and aging security tools and processes—especially when it comes to visitor management? Building a moat around every campus, using typewriters and enlisting the services of armed stagecoaches to communicate with the outside world isn’t an option. But neither is implementing overly invasive security measures that dictate every inch of operations. Yet, not providing secure data management allows any wolf to roam freely in an organization.

Effective visitor management solutions have lagged the digitization of so many other business areas. For years the paper logbook was synonymous with security at reception desks. Yet, it functioned as the sole record of everyone who is or had been on a facility’s premises. That is, if the visitor entered their true details, or whether they bothered to do so at all.

When there was a need for businesses to know and track who gained access to their premises, cloud-based visitor management systems (VMS) stepped onto the scene. VMS was introduced into lobbies and reception areas in the form of self-check-in kiosks and iPads. Its initial purpose quickly grew beyond just automating visitor management tasks. It offered consolidated records of visitor information that were instantly accessible from a central platform.

The category leveraged rapid technological advancement to provide complex, scalable solutions to a variety of industries. Regular feature roll-outs were developed to meet evolving business needs, and cloud-based systems offered quick deployment to meet urgent business needs.

For the most part, strategic system features evolved from the needs of early adopters of the technology. Before long, a need for greater security and integration with a business’s existing software saw an almost exponential increase of VMS service providers and functionality.

With this growth, a number of next-gen features were introduced to help companies sustain business continuity, increase their emergency preparedness and to meet complex regulatory compliance requirements more easily.

Prior to these next-gen solutions, weaknesses in existing visitor processes had been exposed. Vast stores of confidential visitor information had been captured, and that gave rise to serious questions on what security to expect from VMS providers entrusted with storing this valuable data.

To understand how next-gen features provide solutions to stop a wolf in its tracks before it can enter facilities or breach data vaults, it’s best to take a step back and look at how current features paved the way for these enhancements.

Digital Management

The digitization of visitor management does not start and end with a basic record of visitor’s data. To know and understand how visitors interact with facilities and mitigate the associated risk, companies require the self-check-in process to be highly customizable. A VMS offers the functionality to have guests supply information relevant to their visit. To satisfy the requirements for various types of visitors, they are presented with customized forms that intuitively guide them through relevant sets of questions.

The requirements for contractors or vendors can be vastly different than for a person coming for a job interview. Custom protocols can include signing NDAs, waivers and other legal documentation as well as watching security videos that highlight evacuation procedures. Self-check-in offers to ease the complexity associated with assigning visitor protocols by consolidating distinct user experiences onto a single platform.

Perhaps one of the most innovative solutions a VMS offers is its ability to integrate with an arsenal of global business systems already present in the cloud-based ecosystem. It is possible to store all forms mapped with custom fields, working alongside e-signature software, onto existing cloud servers. Internal messaging platforms are used to send any number of hosts instant notification of their guest’s arrival. All this information converges on an online platform allowing for real-time visibility and reporting capabilities.

Previously captured fields are bypassed at future sign-ins as guest preferences are recorded and remembered. Visitors are guided through the sign-in process much more quickly and accurately, and this frees up employees who were usually assigned these administrative duties. Administrators can instantly download detailed visitor records which greatly improves companies’ ability to be audit-ready.

From a business continuity standpoint, companies are able to properly address their emergency preparedness. Security officers have a real-time view of guests on the premises from a digital address book. They are able to send instant notifications during evacuation procedures. The enhanced capacity to remotely guide guests in an emergency situation reduces the chance of liability and the reputational harm that comes from having visitors fall through the cracks.

The VMS offers a consolidated view where all administrative tasks across all locations are hosted and launched. For large organizations with multiple departments maintaining multiple entry points at multiple locations, it is essential for administrators to have the ability to sign user permission roles over to relevant stakeholders or local hosts. These hosts are able to customize visitor sign-in flows for the facilities they manage.

The ability to instantly alter any sign-in permission is only of consequence if administrators can deploy these standardized protocols to several locations at once, unhindered by their geographical location. The ubiquitous character of a cloud-based VMS offers this functionality.

Businesses now have the capacity to capture and analyze endless amounts of visitor data. It helps detect patterns and evaluate tendencies across an organization. It also contributes to streamlining security processes and further refinement of visitor protocols.

Few organizations have been able to verify the authenticity of a person’s identity and integrate it with their VMS. When it comes to industries that have to adhere to demanding regulatory compliance, this becomes a major problem.

Airport-grade verification

Not all businesses require enterprise-level vetting of guests, but all businesses want to show they’ve taken every precaution to ensure that guests’ safety is maintained at every point of contact for any eventuality.

Most industries have to meet the standards of a secure environment for both physical and data assets whether they are complying to the International Traffic in Arms Regulations (ITAR), the Food Safety Modernization Act (FSMA), the Customs-Trade Partnership Against Terrorism (C-TPAT or Europe’s General Data Protection Regulation (GDPR­).

GDPR is applicable to any business offering goods or services to European users, regardless of their geographical location. This regulation outlines clear directives on the type of confidential information companies can request, where and how the data must be stored along with time constraints on its retention.

By being able to customize forms for various classes of visitors, companies can only request specific information necessary to satisfy regulations for both facility and data compliance. The two crucial processes businesses should implement within their VMS to meet regulatory demands are:

1. Verifying and authenticating government-issued IDs.
2. Running identities against third-party and custom watchlists.

This “hard” control, known as assisted check-in, equips security personnel with high-volume, airport-grade scanners to confirm visitors are who they say they are and pose no threat to business operations. The system can work independently or integrate with a “soft” control self-check-in module that works effectively at high-traffic access points like parking gates or busy lobbies.

Screening government-issued IDs against comprehensive third-party watchlists from sanctioning bodies and law enforcement agencies plays a pivotal role in being proactive against possible threats. Security personnel would receive immediate notifications to respond with due diligence should a watchlist be triggered.

Integrating the assisted check-in process with a VMS means companies are not only storing validated personal information to each guest’s profile but they are able to provide regulatory bodies with comprehensive compliance reports.

Airport-grade security is available to any class, size or type of business. It’s a decisive method to prevent unwanted individuals from setting foot on business premises. Knowing that all this valuable data is safe and always accessible on the VMS’s off-site cloud servers defines what enterprise data security is all about.

Vetting VMS providers

It’s not just being able to catch the wolf beyond the lobby which has been a major leap in visitor management. The technology drastically raises the level of data security offered to companies using a VMS and anyone that entrusts those organizations with their information. Data security is not just about secure and reliable data hosting, but also adhering to legislation like the GDPR.

In choosing a service that will migrate and host a company’s confidential data, there are no shortcuts. A vendor should be able to demonstrate it employs multiple layers of firewall security for its hosting platform and infrastructure along with a proven track record in adhering to industry compliance regulations.

Looking for service providers that have proof of Service Organisation Control (SOC) indicates the organization adheres to rigorous data security and service controls. Most importantly, it affirms a company’s dedication to outstanding governance and customer relations. The presence of a full-time data protection officer (DPO) and DevOps ensures that there are regular outside third-party compliance tests while enforcing the highest possible standard of data governance.

It’s become non-negotiable to be offered local hosting in data centers around the globe. Local data residency is central to the GDPR’s conditions of doing business with European customers. There have also been notable positive knock-on effects from customers knowing that their personal information will be kept for a set amount of time or removed at their behest. It builds trust in a company’s brand and provides much-needed transparency at a time when unethical data handling has become commonplace.

Visitor management strategies

The careful and calculated initiative taken in implementing a visitor management system for an organization’s physical infrastructure should be matched by the SaaS VMS provider’s data hosting integrity and the security standards.

The VMS category has made massive strides to better connect hosts and their visitors. Companies understand who accesses their facilities and mitigate associated risks by designing custom visitor experiences. This doesn’t only mean complying with complex regulations but facilitating interactions that are safe and seamless.

What makes the VMS field so valuable is unprecedented growth? There are constant developments that offer solutions to unexplored concerns. Platform builders are focused on the future. They’re looking at integrations outside the lobby and deeper into how facility assets are managed. IoT interactivity will rise steadily with the emergence of 5G networks that offer increased levels of connectivity and security. Users will have more freedom in how they tailor specific user experiences.

The success of this innovation relies on users contributing their expertise and experience, so providers can continue building solutions that exceed the market’s developing needs. After all, facility managers want a cowering wolf and a secure, fully integrated guest experience.


USA Today – Data Breaches


Bernard deVaalBernard de Vaal is a recent journalism graduate from St. Clair College where he obtained a 4.0 GPA in the Media Convergence program. He’s written feature stories on the emergence of Cryptocurrency and the effect of harm-reduction strategies on mothers addicted to Opioids. He hosts a fake news awareness podcast and is a professional videographer. Currently, he is employed as content writer for Traction Guest.

FMJ, the official magazine of the International Facility Management Association (IFMA), is written by and for workplace professionals and is published six times a year. FMJ is the only magazine that draws on the collective knowledge of IFMA’s global network of thought leaders to provide insights on current and upcoming FM trends. For more information on FMJ, visit

Articles in FMJ are the exclusive property of IFMA and are subject to all applicable copyright provisions. To view abstracts and articles not shown here, subscribe or order individual issues at Direct questions on contributing, as well as on permission to reprint, reproduce or use FMJ materials, to Editor Erin Sevitz at

IFMA is the world’s largest and most widely recognized international association for facility management professionals, supporting 24,000 members in 104 countries. This diverse membership participates in focused component groups equipped to address their unique situations by region (133 chapters), industry (15 councils) and areas of interest (six communities). Together they manage more than 78 billion square feet of property and annually purchase more than US$526 billion in products and services. Formed in 1980, IFMA certifies professionals in facility management, conducts research, provides educational programs, content and resources, and produces World Workplace, the world’s largest series of facility management conferences and expositions. To join and follow IFMA’s social media outlets online, visit the association’s LinkedIn, Facebook, YouTube and Twitter pages. For more information, visit