Access Control

Access Control

Access control is designed to determine whether those wishing to enter are authorized to do so. The underlying principle is to prevent unauthorized persons from gaining access. This applies to all access control measures, but for port facilities subject to the ISPS Code—that is, facilities that handle, among other things, seagoing cargo and passenger ships—the implementation of measures to prevent unauthorized access is an explicit requirement (ISPS Code, Part A, Article 16.3, paragraph 2).

For every access control measure, the legitimacy of access is linked to a person in connection with a specific action—that is, to who the person is and what they are there to do. We refer to this as identification and authorization. Authorization involves determining the legitimacy of what the person is doing or intends to do. Identification is determining who someone is, and authorization is determining a legitimate reason for gaining access.

ESTABLISHING IDENTITY

Identity is verified using a form of identification, such as a passport or ID card, and in most cases a driver’s license is also acceptable. Verification of authorization—that is, a legitimate reason to grant access—is, of course, not something that the person seeking entry can provide themselves. Only the rightful owner can do so. This can be illustrated by the text of Article 461 of the Penal Code, which states:“Anyone who, without being authorized to do so, is present on another person’s property—where access has been prohibited by the rightful owner in a manner apparent to him—or allows livestock to graze there, shall be punished with a fine of the first category.”

REGISTERING VISITORS

It is clear from the above that only the authorized party determines whether or not someone has the right to be admitted. This means that permission to admit someone must come from the authorized party or from someone authorized to make that decision on the authorized party’s behalf. Often, it is not specified who has the authority to register visitors with the department responsible for access control. Generally, it is tacitly assumed that all managers can register visitors, while all other employees cannot. This creates a vast gray area that the receptionist or security guard on duty must then interpret. This is not a healthy situation, because the company has no control over who can and cannot register visitors and thereby issue authorization for access. Registration procedures must therefore be clearly defined and communicated:

  •  Who should a visitor be registered with internally? This could be a department head or the administrative office;
  •  Who then forwards these internal notifications to those responsible for conducting access control?
  •  how reports are forwarded to them (in writing, i.e., at least via email); and
  •  There is an internal disciplinary procedure that can be applied in the event of a deviation from the registration procedure. Examples include unauthorized direct registration with those responsible for conducting access control, or (repeatedly) failing to register in a timely manner.

VERIFYING IDENTIFICATION

The next step is to determine whether the identification document presented during the access control process is genuine. To this end, all identification documents contain so-called security features. The company must provide the necessary resources to verify these security features. Some of these can be checked with the naked eye and under normal lighting. These are known as first-line security features, such as:

  •  the 2e small photo (Stereo Laser Image) showing a kind of depth effect
  •  a raised design that can be felt by touch, such as the one in the bottom left corner of the passport photo
  •  color-variable ink that changes color slightly when the document is tilted under normal lighting
  •  a perforation in an opaque layer of the ID card (Tilted Laser Image – TLI), which makes text visible when light is shone through the ID card.

RESOURCES

Authenticity features that require technical tools to verify are known as second-line authenticity features:

  •  Images that glow under ultraviolet light require a UV lamp
  •  A document magnifier is needed to check microtext.

The above implies that two things are necessary to carry out such checks:

  •  training or knowledge for those responsible for conducting the inspections
  •  the technical resources needed to carry out the second-line inspection.

Nothing is potentially as harmful as the illusion of effective access control. The surprises this entails are, by definition, potentially harmful and, if damage occurs, will at the very least lead to a lot of finger-pointing. Yet it’s easy to set up properly in advance. Advice: consult an expert, because good advice doesn’t have to be expensive.

Share this article

Related articles

  • Optimizing Security

    Optimizing Security: How SERIS Continuously Improves

    When security optimization stops as soon as service delivery begins In the run-up to a partnership, everything is in focus. There ... read more

    6.1 min readPublished on: June 10, 2026
  • dedicated security contacts

    Dedicated Security Contacts: Control and Continuity in Practice

    It is just past 2:30 a.m. when the call comes in again at the dispatch center. At an industrial park on ... read more

    7-minute readPublished on: June 3, 2026
  • outsource reception services

    Outsourcing reception services: first impressions aren’t a matter of chance

    Don't leave first impressions to chance The door opens and someone steps inside ... read more

    5.4 min readPublished on: May 28, 2026