4 compliance management tips for IT Managers

Feeling overwhelmed by compliance laws?

Many of the new statutes are a great deal alike, and ensuring that you’re compliant with one often means compliance with several of them. Still, a little cheat sheet couldn’t hurt.

Let’s take a look at some of the top tips for compliance management with various national and international laws and see how they compare. Your workplace technology may be doing more work than you realize.

Compliance management tip #1: Maintain electronic visitor management logs

Many compliance regulations are deeply concerned about unauthorized people on the premises. The laws that address these concerns call for an electronic method of keeping visitor logs that can be easily searched to ensure that everyone visiting a campus or office has a legitimate reason to be there—to protect assets, intellectual property, and, most importantly, people. Electronic visitor management keeps the data safe, private, and accurate, so auditors for many of the international regulations look for it to verify compliance.

Why are electronic visitor management logs so crucial to compliance?

  • It’s more accurate than handwritten logs. As each visitor is processed, a receptionist checks their ID against a database of known criminals, wanted, or missing individuals. The system records the visitor’s picture, the person they’re visiting, and records an in and out time. The process is the same with every visitor, so the company gets high marks for consistency and ease of search.
  • It tracks individuals in the event of an emergency. During the first crucial seconds of any emergency, it’s up to the front-desk staff to quickly locate and verify not only how many people are in the building, but specifically, who they are. This workplace technology not only reduces the time it takes to get this data but because it’s stored in the cloud, the data remains safe and only for the eyes of those who need it.
  • For companies that handle edible products, it protects our food supply. The Food Safety Modernization Act (FSMA) was put into place to prevent intentional contamination of the food supply. One of the laws put in place requires companies that handle food to have the workplace technology for ID verification at reception, visitor name badges, and escorts.

Compliance management tip #2: Ensure that all visitors view the required safety videos and sign legal documents like NDAs during the sign-in process

Remember the film, Willy Wonka and the Chocolate Factory? One could argue that the movie provides a good lesson about proactive visitor management and workplace safety. True, the children all signed "hold harmless" contracts, but Mr. Wonka could have taken more care to educate people about safety before they went into the factory.

Today, compliance rules would compel Mr. Wonka to step up his safety game. The company is responsible for educating visitors about avoiding workplace injuries. Safety videos are a popular way to bring visitors up to speed quickly. But compliance requires that companies ensure that visitors watch these videos, and sign a statement to the fact that they have done so. Where should this take place exactly?

  • Compliance management for this requirement is as easy as your visitor management system. Why not embed the safety videos and the signed documentation right into the visitor registration process? Embedding video streamlines the visitor management routine, provides a "home" for your videos, and keeps the signatures safely stored for audit purposes.

Compliance management tip #3: Obtain consent to collect data, collect only the information you need, inform visitors how it will be used, and give people the right to opt-out

At the heart of all compliance mandates is one simple idea: we have the right to own our personal information, and who has access to it. While all of that may seem like common sense, the digital age re-wrote the rules. Personal information is valuable—so much so that it’s the internet’s greatest bounty.

With the implementation of mandates like GDPR, APPI, and APPI, data can no longer be treated as currency up for grabs. What that means for companies is:

  • All personal data collected must be secure.
  • Companies can collect no more information than needed for the task.
  • Companies must completely delete personal information after they’re finished using it for its intended purpose.
  • Individual wishes must be honored, and people have "the right to be forgotten."

Compliance management tip #4: Maintain access control at all times.

All compliance management regulations share another universal value. Companies must maintain control over access to both systems and data.

  • Control the Wi-Fi. In the visitor management space, offering guests complimentary Wi-Fi access while they’re on the premises is a best practice. That means adding Wi-Fi and access control integrations that allow companies to partition secure areas of wi-fi that gives visitors access to the service—but nothing else. Integrating Wi-Fi control into the visitor management system can automate the process by tying sign-in and sign-out to Wi-Fi access. Single-use passwords keep visitors from logging in whenever they happen to be in the area.
  • Stop unauthorized visits. There are numerous reasons to deny entry to visitors. Former employees might be taken on a case-by-case basis, but you don’t want competitors getting an eyeful of what’s on the whiteboards. And people who are wanted by law enforcement or those who may be the subject of a restraining order must be kept out. Integrating access control into visitor management systems allows the front desk to access blocklists. If a visitor forgets to check out, the system can void a visitor badge and cut off wi-fi access automatically.
  • Anonymize the data. Some data lives in a gray area. Information used to train machine learning and AI, for example, by its very nature, needs to come from real sources. Voice clips are routinely used to "teach" smart-speaker technology to understand natural language, and engineers depend on authentic human written content to help AI technologies to learn to read and comprehend. In these situations, compliance management regulations mandate that data is anonymized, meaning all identification markers must be stripped from the data snippets being used.
  • Locate the data. Data tends to creep. We may email some needed personal information to a co-worker who doesn’t delete the email right after use. A spreadsheet of names and addresses can easily find its way to some removable media. Compliance management tamps down on data locations and holds companies responsible for the physical location of each bit of data. Employee education goes a long way to help companies stay in compliance, but compliance officers should know the exact spot where data is stored.
Envoy helps Box strengthen its workplace security

Having a workplace platform that enables you to check so many regulations off your list will simplify your compliance management program and give you continuous access to the data in real-time. Visitor management isn’t the only solution you’ll need, but it is so much more than a tool for greeting people who visit the company.

Ready for more of a deep-dive into how visitor management helps you with compliance management? Download the essential guide to workplace compliance.