At The Receptionist, we’re always interested in learning more about why our customers chose to implement a visitor management system. For many, like manufacturers and companies that regularly bid for contracts, visitor management is required as part of a certification or compliance initiative. Over the next few months, we’ll be publishing a series of articles to help you better understand how visitor management fits into the certification and compliance landscape for a variety of industries, starting with ISO certification.
What is ISO certification?
ISO stands for the International Organization for Standardization. The organization currently publishes more than 21,000 standards, in areas ranging from quality management to food safety management and occupational health and safety. These standards provide “requirements, specifications, guidelines, or characteristics that can be used consistently to ensure that materials, products, processes, and services are fit for their purpose.” For example:
- ISO 9000 – Quality management helps companies make sure their products and services meet customers’ needs.
- ISO 31000 – Risk management helps companies manage risks that could have a negative effect on their performance.
- ISO/IEC 27001 – Information security ensures that an organization’s information is secure.
This last standard, which is part of the overarching ISO/IEC 27000 series on information security, is related to visitor management. Note that the ISO itself doesn’t provide certification. That’s done by an external accredited certification body.
Does your company need ISO certification?
For companies in some industries, ISO certification may be required by law or contractually. Even if that’s not the case, conforming to ISO standards has many benefits for businesses:
- Saving time and money by identifying and solving recurring problems
- Improving system and process efficiency
- Increasing customer satisfaction
- Being more competitive when tendering for contracts
- Getting more value out of all resources
- Boosting your credibility in the eyes of your customers
A closer look at ISO/IEC 27001
ISO/IEC 27001 is the standard for information security. It covers all types and sizes of organizations in all industries. That’s pretty much everyone. The standard doesn’t specifically prescribe required security controls because there are many ways for organizations to meet the requirements. Instead, it outlines how to implement an information security management system and identifies the mandatory documentation required for certification.
Visitor management and ISO/IEC 27001
Since the standard doesn’t specifically prescribe controls, it doesn’t specifically mandate a visitor management system. However, a visitor management system is a useful tool for meeting the mandatory documentation requirements. To help companies wade through and interpret the standard, the helpful folks over at ISO27k have put together an extensive ISMS documentation checklist. Don’t be misled by the word checklist — this isn’t a list of all of the things you need to do to conform to the standard. Instead, it provides several options for fulfilling the requirements. The checklist addresses visitor management in a couple of sections. A11.1.1 Physical perimeter, A11.1.2 Physical entry control, A11.1.3 Secure offices/facilities To assess the risks and controls for these requirements, an auditor may perform a physical site inspection. A visitor log can serve as evidence that physical access to an area is being properly controlled. A11.1.5 Working in secure areas, A11.1.6 Delivery/loading bays Here, the emphasis is on “policies, procedures, guidelines, notices, etc., concerning access to secure zones.” Again, visitor records provide evidence that these areas are under appropriate controls. For more information about these and other aspects of ISO/IEC 27001, we highly recommend you check out ISO27k. They have assembled a huge collection of resources you’ll find helpful, including a toolkit to walk you through the entire implementation and certification process. Ultimately, whether ISO certification is right for your company depends on your needs and goals for the future. But take heart! If you decide to proceed with certification, we will be here to make sure that your visitor information is safe and secure and that your visitor records meet the documentation requirements. To get a head start, sign up for a free trial of The Receptionist for iPad today.