Skip to content

7. Control Access

Last Updated 24 November 2016

Access control systems are often the first point of challenge; they represent the boundaries between private and public areas. The level of security in your access control system needs to be a balance between business needs and effective security.

Your personnel security policies and procedures should limit the risk of staff or contractors exploiting their legitimate access to assets or premises for unauthorised purposes. When considering access control security measures security managers need to think beyond an organisation’s premises – think also about who else has access to your organisation’s information/ databases or other valuable assets, and the locations involved.

Questions to ask:

  • Does your organisation have clearly defined access control guidelines or policies? If so who owns them?
  • Where are the access points in your organisation (staff, visitors and vehicles)? How are they monitored and protected? How does access control differ for different people: staff (are they pass holders), visitors (is security clearance needed), people making deliveries?
  • Is the level of protection proportionate to your identified threats (insider threat, terrorism, crime)?
  • Are there areas requiring greater or fewer security requirements (secure and non-secure areas)?
  • How are security passes and clearances processed – and what checks are required?

Guidance on access control systems and other relevant information is available on:

There is also guidance on the GOV.UK website on controlling access.