The Client
Our client was running operations with multiple sites and with staff from several
departments, meaning the system had to be adaptable, flexible and powerful to accommodate
their needs.
How the system works
Staff scan QR codes on their smartphones to enter buildings, offices and areas.
Phones send a request for entry to a central server which decides based on records identities and permissions.
Each employee has a personal access code inside the system which can be used only once: duplicate requests are refused automatically.
Managers have access to a web platform that shows employee activity logs, analyses data and delivers reports.
Challenges for access control in knowledge industries
Multiple departments share the same building and other spaces. Access needs to be
permissioned and managed. Businesses need security but can’t sacrifice agility; staff need
convenience but must retain privacy. In particular, the space faces these challenges:
Management of individual access rights
User access rights must be managed individually. They must be attached to a
persistent identity inside the system that can be matched reliably with an
individual person.
Joiners, movers, leavers
New job, new department, or new responsibilities: staff don’t stay still.
Legacy systems often lack robust and responsive tools for updating access,
leaving ‘ghost accounts’ and slowing access authorization.
Segregation of Duties and sensitive access
Roles are structured to prevent the same individual having access to assets,
and responsibility for accounting for those assets. Sensitive information
must be restricted and access must be accountable. Legacy systems struggle
to support these needs.
Management, control and analytics
Access must be managed, allowing policies to be enforced and staff held
accountable. Employee behavior patterns are a rich source of data for the
organization — if they can be recorded and analyzed. Legacy systems often
add recording as a task or leave the data siloed and inaccessible, with no
inbuilt management tools.
Creating the access control system
We built a tool that allows end users to access the areas they need to quickly and easily,
while managers get access to crucial data, analysis and reports, and can structure access
permissions to reflect the demands of roles in the organization and easily change these when
a staff member changes roles or leaves.
Key features of the access control system
We created an access control system that addresses the paramount requirements and persistent
challenges of the space, including:
Convenience
End users simply scan in QR codes to access an area. The mobile app is
intuitive and comes with inbuilt how-tos, ensuring ease of use.
Centralized control
Access requests are handled by a central server, with institutional-grade
security and managerial access and oversight on the backend.
Persistent single identity
Users have a single identity linked with all their roles, permissions and
activities. The system makes duplicate access requests impossible.
Reporting and analytics
User data is collected, used to compile reports, and analysed to form the
basis for auditable records and actionable insights.
Custom permissions
Build template roles-based permission sets which can be applied to new
hires. Create custom permission sets for individuals and managerial
accounts.
Compliance
The system collects no personally identifying information beyond that
required for access control, ensuring compliance with privacy and security
regulations and best practices.
Platform features:
- Intuitive end-user experience
- Security and compliance as standard — no personal information is collected or stored
- Persistent single identity
- Management toolkit including time and motion recording and analysis
- Centralized server, distributed functionality
- Any-time access management by administrators
Tech stack:
.NET 4.0 (C#)
ASP.NET MVC4
Web API
Entity Framework
LINQ
xDK
Xamarin
MSSQL 2012
Visual Studio 2014
Redmine
SVN
Results
Thanks to a dedicated team of experienced engineers, BA, QA and PM experts, LightPoint
created a tool that allowed our client to manage access controls efficiently and easily,
resulting in a secure operation.
Ready to talk about a similar solution for your business?
Get in touch with us at:
