The PCI and HIPAA Standards REQUIRE detailed records (Name, in date/time, out date/time, company represented, purpose of visit, etc.) when secure areas are accessed. They also require that badges be issued to the visitor and in some cases; the visitor is to be escorted while they are on-site.
Whenever we are working with a new / prospective client and we are not asked to sign-in to review their systems and network, we are certain to provide this security "gem" to them free of charge!
One of the most frequent responses is that they "have a security system and have no need for the log." Only after explaining that their system has limited video/audio storage capacity or pointing out that maybe there isn't sufficient coverage (cameras) do they begin to consider using a written log.
"Back in the day" almost every employer I worked for required that anyone who was not a staff member had to "sign in at the front office." This included deliveries, repair vendors, etc. No more.
I think we've become so focused on using tech to solve our problems we (in many cases) can't see the "forest through the trees."
Whether you are a business owner, manager or staff member (or perhaps you provide services to businesses) if visitors aren't required to sign in - change your procedures ASAP (or encourage your client to do so!)
How can we help? For a limited time Level 1 Compliance is offering a complimentary External Vulnerability Scan (E.V.S) with a detailed report. If you would like to have your network scanned (E.V.S.) reach out to me directly at 01 (480) 766-6188 or by e-mail at email@example.com. (Limit to 1 business, 1 location and 1 IP Address per complimentary scan, please.)
Already receiving scheduled scans? Feel free to have L1C perform an external vulnerability scan just the same to verify what you already receive.
Remember: If you are not signing in (or requiring others to sign in), you are running an unnecessary risk!
Thank you for your time,
Edward "Ed" Kopp / Level 1 Compliance, LLC / Partner
Phone: (480) 766-6188