Why are we discussing physical access control and compliance?
As data continues to become the world’s most valuable resource, the role of security and compliance grows with it. Modern enterprises are working hard to build confidence with customers and investors that their data privacy policies and procedures are robust enough to handle their continued growth.
There are dozens of compliance structures that govern different types of organizations depending on the data they process or industry they operate in. There are few constants across all of those compliance standards, but one major constant is the need for physical access control.
In this blog, we’ll cover some of the major compliance standards and the ubiquitous role physical access control plays.
What are the major compliance standards?
Depending on the industry your company operates in and the data it processes, you can be subject to a variety of different compliance standards. Sometimes this is a mandatory undertaking. In other cases it’s a voluntary endeavor companies pursue to separate themselves from competitors as they move upmarket.
Here’s a quick list of the most widely known compliance standards and what types of industries and data processing they cover:
- HIPAA: HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It outlines the United States Government’s guidelines for processing and protecting individuals’ medical data. If you’re in the healthcare industry or looking to learn more about HIPAA, check out this blog post from TechTarget: HIPAA Blog
- PCI: PCI stands for the Payment Card Industry Data Security Standard and is a mandatory compliance regulation for any organization that processes digital payment transactions whether they are credit or debit cards and the card holder’s data. Learn more about PCI here: PCI Blog
- ISO: ISO has a few different levels of compliance certifications, but they are all governed by the International Organization for Standardization. ISO standards are voluntary and can involve many industries. Typically, organizations get ISO certifications for marketing and customer requirement reasons. An ISO compliant organization will have a significant leg up when it comes to landing a deal with large, security conscious customers.
- SOC2: SOC is the American Institute of CPA’s Service Organization Control compliance certification. It’s a comprehensive compliance regime and involves controlling all aspects of your organization from HR policies to data processing protections. SOC2 Type II certification usually takes about a year to achieve and must be audited annually to maintain certification. If you’d like to learn more check out the AICPA website.
- GDPR: GDPR, or the General Data Privacy Regulation, became a huge factor in the infosec world when it was announced that anyone dealing with data involving any EU member state or EU citizen must comply with this new standard or face severe financial penalties. GDPR compliance generally has to do with ensuring that data processors of EU entity data can quickly provide full records and delete those records in a timely manner upon the request of the data subject. Any company looking to work with customers that have a European presence must comply with GDPR. Learn more about GDPR here: Core DNA
Where does physical access control come into the picture?
With all of the above mentioned standards, and many more, physical access controls that govern access to an organization’s facilities and offices is a constant across them all. Furthermore, most compliance auditors will require customers to govern physical access based on the role a person has in an organization and be able to provide logs of those access events.
How does Genea help me become or stay compliant?
Genea’s cloud-based physical access management platform allows your company to easily control who has access to which facilities based on many factors like title or department. Using Access Groups, you can create granular levels of access to doors based on your organization’s needs.
Genea also never deletes your data (unless requested), meaning that when your compliance audit comes around, you’ll be able to quickly download all of your access control data and present that for review by your auditors.
Another big benefit of Genea is the ability to control all of your facilities from one centralized dashboard. If you have offices in San Francisco, New York, London, Melbourne or anywhere in between, you’ll have all of that data right at your fingertips. Furthermore, if you integrate Genea with your identity management platform like Okta or Active Directory you can automate the provisioning and deprovisioning of physical access globally. This will ensure that the right people have access to your facilities at all times while reducing errors in removing access for former employees.
If you’d like to learn more about how Genea can help your company become more compliant, schedule a demo below.