25 Jul Biometric Access Control for ISO 27001 Accreditation
Shaun Oakes, Managing Director of ievo Ltd, the Newcastle-based manufacturer of biometric recognition systems, explains how access control is a vital factor for organisations working towards ISO 27001 accreditation.
The security of information or data storage is becoming increasingly vital to every organisation with their Information Security Management System (ISMS) now recognised as virtually a yardstick of their professionalism and integrity. The 2013 upgrading of the original ISO/IEC 27001 standard created a universally recognised benchmark by which all organisations could be judged before entering into commercial relationships and, as such, has become an extremely valuable asset for companies, highlighting the importance they place on data security as part of best business practice.
Whilst no ISMS can guarantee perfect security, and security breaches over the last few years are well documented, ISO/IEC 27001 accreditation will not only help businesses manage the security of their data but will also advertise this expertise to existing and potential clients. The standard looks at a number of core sections, which include IT systems, business processes and, most importantly, people.
An integral part of the accreditation process (Section A.11) deals with access control, looking at key areas such as user access management, user registration and password management and here the use of biometric security systems with fingerprint recognition readers enables organisations to not only cover all requirements of the standard but also facilitate additional security measures, should they be required to significantly reduce risks of security breaches and cyber attacks.
Many organisations, of course, rely simply on swipe cards or a numeric pin entry access system, but while access pins can be passed around or even guessed, with key cards sharing many of the same downfalls as well as increasing costs due replacing lost/damaged cards, biometric security systems bypass many of these vulnerabilities, and are becoming increasingly popular. Fingerprints are unique to each individual – unlike codes or key cards they can’t be passed or shared.
The implementation of the latest biometric recognition systems allows the organisation to secure commercial sites worldwide, adding an additional layer of safety to the businesses access control infrastructure. Each site’s visitor movements can be accurately monitored in real time from the access control system with certain areas restricted if needed. This provides the organisation with a sophisticated level of personnel movement information, vital for health and safety and fire roll call protocols.
ISO 27001 is now the standard by which the security of an organisations’ data is judged and companies without the accreditation, or which rely on old technology, may well be excluded when it comes to tendering for major contracts.