Automating Healthcare
Solving business problems with savvy automation
 


Integrating Security Badges

Business problem
Security badges are used throughout the enterprise as ID badges and for door access. Like a system account, each badge should have only the necessary rights and should be canceled as soon as the worker is terminated. The badge system should be integrated into the same process used to manage system users and accounts.

Overcoming resistance
When the security badge system was first installed, the security department felt strongly that the security badge system should be isolated from all other systems to ensure maximum security. None of the computers — server or workstation — were added to the corporate domain, and IT had no role in maintaining the system. The server was placed in the security office instead of the data center.

This isolation had some serious liabilities, which in the end posed greater risks for the organization than any theoretical risk from having the system integrated into normal IT workflows.

  • Insecure server — The server was being used as a workstation by security officers, using the administrator account as the local login.
  • No patching — The server and workstations were not included in the normal patching process for Windows updates.
  • Poor hardware support — The security hardware fell into a sort of "no-man's land" because IT didn't support it.
  • No database maintenance — The database lacked an adequate maintenance plan, causing data loss from lack of proper backups.
  • No source of worker data — Security had no reliable source of data about new workers, changes in worker roles, or terminated workers.
  • Manual, labor-intensive badge process — For every badge made, all the information about the worker was typed into the system, and was not validated against other, "master" sources of employee data.

After a couple years of observing the new IT team in action, the security department felt confident enough to let us connect them with the world and automate their process in a fairly radical way.

Pushing data
Now that we had solid data about all workers (Who Works Here?), we felt confident taking over the updating of the security badge system database. This would have several advantages:

  • Eliminating time spent by security inputting worker information
  • Immediate updating of status and inactivation of badges for terminated workers
  • Accurate, consistent spelling of names, titles and departments
  • Eliminating duplicate badges except where specifically authorized
  • Identification of workers who lack a badge

We developed an automated process to directly update the security badge database by:

  • adding new workers;
  • updating titles/departments for current workers; and
  • changing status and inactivating badges for terminated workers.

Now, when making a badge, security staff

  • verify identity with either a photo ID or a printed copy of the badge request provided by their supervisor,
  • select the worker from the list in the badge system, and
  • take the photo.

Access rights for the badge have already been defined and approved with our Security Badge Request application. If no approved badge request exists, no badge is made. It couldn't be simpler.

Securing security
The server and related workstations were upgraded as necessary and added to the domain. This ensured that

  • desktops are locked down,
  • enterprise security policies are enforced, and
  • desktops are included in routine, enterprise desktop patching.

In addition, our SQL Server database administrator set up a maintenance plan for the production databases and ensured that everything was routinely backed up.

Securing the server
Until fairly recently, it was impractical to move the security badge server to the data center because several remote, analog controllers were hardwired to the server. Now, digital controllers allow connections to a server anywhere on the network. We are in the process of moving the security badge server to a virtual machine on the blade frame in the data center, providing the appropriate level of security and reliability for a critical system.

Lessons learned

  • Reliable, current data about the workforce enables an organization to better manage everything related to that workforce.
  • It's always worth the time and effort required to build trust between other departments and IT.
  • No critical system, such as security badges, should ever be allowed to exist in isolation without proper support and management.

Posted 20 March 2008

    


Custom Applications
ADT Event Alerts
Clinical Operations
      Dashboard
Integrated Clerkship
      Registry
On-call Schedules
People Profiles
Chronic Disease
      Registries
Security Badge Requests
eSignout
Charge Capture
Mental Health Treatment
      Plan Tracking
Timesheets
Earned Time Calculator
Non-employee
      Management
Supervisory Tree
E-mail Distribution Lists
User Access Requests
HR Requests
Employee Health &
      Safety
Interpreter Dispatching
Generic Patient Registry
Conference Room
      Scheduling
Classifieds
Tuition Reimbursement
Equipment Rental
Code Cart Tracking
Nursing Audits

Show me the data
Growing a Data
      Warehouse
Building a Data Portal
Reporting on Full Auto

Intranet Design
Driving With Databases
Speeding with Static
      Pages
Personalization
Transparent Security
      and Permissions
Redesigning the
      Intranet

Foundations
Who works here?
Organizational buckets
System access: Who
      has what?
System access: Use
      it or lose it
Integrating Security
      Badges
Integrating Provider
      Directories
Creating A Supervisory
      Tree
Data Quality Dashboard

About

 
RSS Feed