SS-036 Ver 1.0 (May 23)

The Security service provider may be responsible for managing and administering a Client’s access control system which can incorporate a number of different systems each with their own security specifics and tailored operational requirements that need to be strictly controlled.

1. Overview

Confidential & Proprietary | 2024 CBRE Inc.

3. Useful Links

Provisions of work

As a dedicated resource to administer and manage access control systems (badge issues / controls, report production, access rights allocation

As a Reception / Security officer or receptionist with access administration functions

As a Control room operator with an access terminal or access control admin roles

As a Security officer with access to admin / monitoring roles

As a dedicated card issue function – for large sites / moves / new card issues

The Security service provider shall act:

Standards to Apply

Access to any databases shall be limited to Security service provider’s authorised personnel only. They will be responsible for ensuring that access databases (PC and server databases) are always kept secure

Data that may contravenes data protection regulations shall not be maintained – if the Client requires such data to be kept in the access database, then the Security service provider must inform CBRE and an appropriate written instruction must be obtained from the Client 

Access to PCs, including terminals, shall be password protected with user access levels controlled by personal password to include operator, administrator and supervisor.

Access control data must be used only for its intended legitimate purpose. The beneficial purpose may be used for reporting peak flow times, congestion, times a site is in use – such data use must not contravene national data protection laws

Access control card issue procedures must be obtained in writing from the client or developed appropriately

Access database operators and administrators must receive adequate training for their roles and provided with clear written operating instructions

Compliance with access control administration procedures should be periodically audited to ensure compliance, identify any changes or risks to ensure that the database is being managed in line with best practices and client standards

The Security service provider shall ensure that:

2. Other useful pages in this Playbook

Types of Access Control systems - CLICK HERE

Security Services

Managing Access Control Systems

Transition

Blank and programmed access cards shall be kept securely and accessible to authorised operators only. The Security service provider must request CBRE to require adequate facilities for protection from the client.