1 / 48

Performance Management Presentation Access Control

Performance Management Presentation Access Control. Team Members: Major Billy Alford, Team Leader Bill Brosius, Alex Salah, Cassandra Harris ORS National Institutes of Health 21 January 2004. Table of Contents. Main Presentation PM Template ……………………………….……………… 3

sohalia-bijoy
Télécharger la présentation

Performance Management Presentation Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Performance Management PresentationAccess Control Team Members: Major Billy Alford, Team Leader Bill Brosius, Alex Salah, Cassandra Harris ORS National Institutes of Health 21 January 2004

  2. Table of Contents Main Presentation PM Template ……………………………….……………… 3 Customer Perspective……………………….…………….. 7 Internal Business Process Perspective………………….. 18 Learning and Growth Perspective………………………… 30 Financial Perspective………………………………………. 37 Conclusions ………………………………………………… 45

  3. Introduction to Access Control • Reasons • To protect the people, property, and research of the NIH • To ensure the Safety & Security of NIH employees • NIH research is a National Resource • NIH is a part of the Public Health Critical Infrastructure

  4. Link between Access Control and Personnel Security • One component of Access control is personnel security • Positions are designated at a particular Sensitivity Level – Non-Sensitive, Public Trust, or National Security • Background investigations are conducted to determine whether a person is suitable for employment in that position • NIH Police conducts interim background checks • 4679 background checks conducted in FY03 • Determination is made on where the individual may be granted physical access • Access controls ensure only those authorized may enter • This presentation will focus only on access control • Personnel security will be addressed during FY04

  5. Relationship Among Performance Objectives

  6. Customer Perspective

  7. Customer Perspective

  8. C1a: Development of the Access Control Program and continuation of formal review for approval • 75% completion of development of the Access Control Program • Program presented to Associate Director of ORS for Security and Emergency Response • Program presented to Associate Director of NIH for Research Services • Program presented to Deputy Director for Management of the NIH • Will measure implementation once full-approval is granted

  9. C1b. Percent of planned installation of card readers and access control systems • 100% completion of the 1-for-1 replacement of card readers from previous system in FY03 • 100% completion of improved access controls for Select Agent Labs in FY03 • Will track percent installation of planned new card readers and access control systems in FY04

  10. Customer Perspective

  11. C2: Percent of Badges issued to those in need of an NIH ID • Provide ID/access badges and appropriate authorized access, to those authorized to access NIH campuses and facilities • Those in need: • All NIH personnel (FTEs, Contractors, Fellows, etc) • Others with legitimate business at NIH facilities (Patients, Volunteers, Tenants, Guests, Service Providers, etc) • The badge is the access control measure • Badge provides • Identification – picture ID • Verification – proves holder has authorized access

  12. C2: Identification Badges Issued-FY03 Note: 10,211 badges issued.

  13. Customer Perspective (cont.)

  14. Customer Scorecard Methodology • Clarified critical customers in FY03 for Access Control • Lab Directors • Facility Managers • Biosafety Officers • NIH Radiation Safety Officer • Work to design a method to assess customer needs and satisfaction with these customer groups during FY04

  15. Customer PerspectiveWhat does the data tell you? • Completed work to develop Access Control Program, now need full approval so implementation can be tracked • 100% replacement all old card readers and improved access controls for select agents during FY03 • Issued over 10,000 badges in FY03 • 44% of badges issued were to contractors

  16. Customer PerspectiveWhat actions are planned? • Gain approval of Access Control Program and begin implementation • Install new card readers and access control systems as planned and where requested • Work with personnel security to ensure legitimacy of persons badged • Develop the Customer Scorecard with OQM, in order to assess customer needs for Access Control

  17. Internal Business Process Perspective

  18. Internal Business Process Perspective

  19. IB1a: Percent of Access Control Measures Implemented for Select Agent Lab and Storage • 100% of Select Agent Labs had access controls installed in FY03 • Card readers • Biometrics

  20. IB1b: Percent of Access Control Measures Implemented at Radiological Facilities • 30% of Radiological laboratories and storage facilities had access controls installed in FY03 • Card readers • Door contacts

  21. IB1c: Percent of Access Control Measures Implemented at Sensitive IT Facilities • Sensitive IT facilities were surveyed in FY03, and access control installations began • Survey is still ongoing – “population” of sensitive IT facilities still to be determined • LAN closets • Server Rooms • Computer Rooms

  22. IB1d: Percent of Access Control Measures Implemented at Sensitive Mechanical Facilities • A survey of sensitive mechanical rooms began and a pilot program for installing access controls is underway • Survey is ongoing to locate and assess sensitive mechanical rooms

  23. Internal Business Process Perspective

  24. Perimeter Security System (PSS) • Layered approach to Access Control • Perimeter Fence, Visitors Center, Commercial Vehicle Inspection Station (CVI), West Dr Patients Entrance • Building perimeter doors • Particular floors or office areas, Labs, and particular rooms

  25. IB2a: Percent completion of the NIH-Bethesda PSS • 90% completion of physical Perimeter Fence • 100% completion scheduled for 3rd Quarter FY04 • 100% design completion of Temporary Visitors Center • 35% design completion of Visitors Center • 50% design completion of Patient Entrance • 35% design completion of CVI

  26. IB2b: Number of card readers per layer/component of PSS • 345 card readers installed at/in buildings in FY03

  27. Internal Business Process PerspectiveWhat does the data tell you? • Physical Perimeter Fence will be 100% completed in FY04 • Perimeter Security System (PSS) components are mostly in the design phase • The majority of our card readers are for interior building spaces

  28. Internal Business Process PerspectiveWhat actions are planned? • Establish a Temporary Visitors Center to centrally process visitors at the Perimeter until Visitors Center complex is completed • Change from Visitor “stickers” to Andover-capable cards • Begin connectivity of automated access controls at Perimeter Fence • Andover capabilities are planned for all layers of the PSS • Actively identifying sensitive areas for card reader installation

  29. Learning and Growth Perspective

  30. Learning and Growth Perspective

  31. LG1: Percent of IDP tasks completed • Baseline measures need to be established • IDPs must be created

  32. Learning and Growth Perspective

  33. LG2: Hours of skill enhancement by technology type • Baseline measures need to be established • Technologies must be identified

  34. Learning and Growth PerspectiveWhat does the data tell you? • Need to identify Baselines for measurements • Need to identify types of technology with which to improve

  35. Learning and Growth PerspectiveWhat actions are planned? • Baseline team member KSAs and create Individual Development Plans (IDP) • Utilize online Police Training Tool for personal KSA building • Identify technologies and skills necessary for Access Control team

  36. Financial Perspective

  37. Financial Perspective (cont.)

  38. F1: Number of Badges Issued • Unit measure is number of badges issued • 10,211 badges issued in FY03 • Budget numbers need to be formalized for this program before meaningful unit cost can be calculated

  39. F2: Number of Card Readers installed • Unit measure is number of card readers installed • 345 card readers installed in FY03 • Budget numbers need to be formalized for this program before meaningful unit cost can be calculated

  40. F3: Number of automated access events • 22,026 per day

  41. F3: Number of automated access events • Unit measure is number of automated access events per day • > 22,000 automated access events/day in FY03 • As automated events increase, monitored events should decrease • Greater use of Andover system will further justify the investment • Budget numbers need to be formalized for this program before meaningful unit cost can be calculated

  42. Financial PerspectiveWhat does the data tell you? • Over 10,000 badges were issued in FY03 • 345 card readers were installed in FY03 • There were over 22,000 automated access events per day in FY03

  43. Financial PerspectiveWhat actions are planned? • Track similar unit measures during FY04 to understand change over time • Develop budget numbers for Access Control Service Group • Initiative to increase automated Access Controls in effort to decrease overall security costs

  44. Conclusions

  45. Conclusions • Major Findings: • Completed work to develop Access Control Program, now need full approval so implementation can be tracked • 100% replacement of old card readers and improvement of access controls for select agents during FY03 • Physical Perimeter Fence will be 100% completed in FY04 • Perimeter Security System (PSS) components are mostly in the design phase • Need to identify baselines for Learning and Growth measures • Issued over 10,000 badges, installed 345 card readers, and Andover system experienced over 22,000 automated access events per day in FY03

  46. Conclusions (cont.) • Initiatives for FY04 • Gain approval of Access Control Program and begin implementation • Install new card readers and access control systems as planned and where requested • Work with personnel security to ensure legitimacy of persons badged • Develop the Customer Scorecard in order to assess customer needs for Access Control • Establish a Temporary Visitors Center to centrally process visitors at the Perimeter until Visitors Center complex is completed • Change from Visitor “stickers” to Andover-capable cards • Begin connectivity of automated access controls at Perimeter Fence • Andover capabilities are planned for all layers of the PSS • Identify sensitive areas for card reader installation

  47. Conclusions (cont.) • Initiatives for FY04 • Baseline team member KSAs and create Individual Development Plans (IDP) • Utilize online Police Training Tool for personal KSA building • Identify technologies and skills necessary for Access Control team • Track similar unit measures during FY04 to understand change over time • Develop budget numbers for Access Control Service Group • Initiative to increase automated Access Controls in effort to decrease overall security costs

More Related