Biometric Access Control for ISO 27001 Accreditation

Shaun Oakes

Shaun Oakes

Addressing the readers of Risk UK, Shaun Oakes explains how access control is a vital factor for those organisations presently working towards ISO 27001 accreditation.

The security of information or data storage is becoming increasingly important to every organisation with their Information Security Management System (ISMS) now recognised as virtually a yardstick of their professionalism and integrity. The 2013 upgrading of the original ISO/IEC 27001 standard created a universally recognised benchmark by which all organisations could be judged before entering into commercial relationships and, as such, has become an extremely valuable asset for companies, highlighting the importance they place on data security as part of Best Practice in business.

While no ISMS can guarantee perfect security, and security breaches over the last few years have been well documented, ISO/IEC 27001 accreditation will not only help businesses manage the security of their data, but will also advertise this expertise to existing and potential clients.

For its part, the standard looks at a number of core sections, which include IT systems, business processes and, most importantly of all, people.

An integral element of the accreditation process (Section A.11) deals with access control, looking at key areas such as user access management, user registration and password management. Here, the use of biometric security systems with fingerprint recognition readers enables organisations to not only cover all requirements of the standard, but also facilitate additional security measures should they be required to significantly reduce the risk of security breaches and cyber attacks.

Of course, many end user organisations rely simply on swipe cards or a numeric PIN entry access system, but while access PINs can be passed around or even guessed, with key cards sharing many of the same downfalls as well as increasing costs due to replacing lost/damaged cards, biometric security systems bypass many of these vulnerabilities. They’re becoming increasingly popular. Fingerprints, for example, are unique to each individual – unlike codes or key cards, they cannot be passed around or shared.

The implementation of the latest biometric recognition systems allows the host organisation to secure commercial sites worldwide, adding an additional layer of safety to the business’ access control infrastructure. Each site’s visitor movements can be accurately monitored in real-time from the access control system with certain areas restricted if needed. This provides the organisation with a sophisticated level of personnel movement information. This is vital for Health and Safety and fire roll-call protocols.

Put simply, ISO 27001 is now the standard by which the security of an organisations’ data is judged. Companies without the accreditation, or those that rely on old technology, may well be excluded when the time comes to tender for major contracts.

Shaun Oakes is Managing Director of ievo Ltd

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts