480 likes | 595 Views
Performance Management Presentation Access Control. Team Members: Major Billy Alford, Team Leader Bill Brosius, Alex Salah, Cassandra Harris ORS National Institutes of Health 21 January 2004. Table of Contents. Main Presentation PM Template ……………………………….……………… 3
E N D
Performance Management PresentationAccess Control Team Members: Major Billy Alford, Team Leader Bill Brosius, Alex Salah, Cassandra Harris ORS National Institutes of Health 21 January 2004
Table of Contents Main Presentation PM Template ……………………………….……………… 3 Customer Perspective……………………….…………….. 7 Internal Business Process Perspective………………….. 18 Learning and Growth Perspective………………………… 30 Financial Perspective………………………………………. 37 Conclusions ………………………………………………… 45
Introduction to Access Control • Reasons • To protect the people, property, and research of the NIH • To ensure the Safety & Security of NIH employees • NIH research is a National Resource • NIH is a part of the Public Health Critical Infrastructure
Link between Access Control and Personnel Security • One component of Access control is personnel security • Positions are designated at a particular Sensitivity Level – Non-Sensitive, Public Trust, or National Security • Background investigations are conducted to determine whether a person is suitable for employment in that position • NIH Police conducts interim background checks • 4679 background checks conducted in FY03 • Determination is made on where the individual may be granted physical access • Access controls ensure only those authorized may enter • This presentation will focus only on access control • Personnel security will be addressed during FY04
C1a: Development of the Access Control Program and continuation of formal review for approval • 75% completion of development of the Access Control Program • Program presented to Associate Director of ORS for Security and Emergency Response • Program presented to Associate Director of NIH for Research Services • Program presented to Deputy Director for Management of the NIH • Will measure implementation once full-approval is granted
C1b. Percent of planned installation of card readers and access control systems • 100% completion of the 1-for-1 replacement of card readers from previous system in FY03 • 100% completion of improved access controls for Select Agent Labs in FY03 • Will track percent installation of planned new card readers and access control systems in FY04
C2: Percent of Badges issued to those in need of an NIH ID • Provide ID/access badges and appropriate authorized access, to those authorized to access NIH campuses and facilities • Those in need: • All NIH personnel (FTEs, Contractors, Fellows, etc) • Others with legitimate business at NIH facilities (Patients, Volunteers, Tenants, Guests, Service Providers, etc) • The badge is the access control measure • Badge provides • Identification – picture ID • Verification – proves holder has authorized access
C2: Identification Badges Issued-FY03 Note: 10,211 badges issued.
Customer Scorecard Methodology • Clarified critical customers in FY03 for Access Control • Lab Directors • Facility Managers • Biosafety Officers • NIH Radiation Safety Officer • Work to design a method to assess customer needs and satisfaction with these customer groups during FY04
Customer PerspectiveWhat does the data tell you? • Completed work to develop Access Control Program, now need full approval so implementation can be tracked • 100% replacement all old card readers and improved access controls for select agents during FY03 • Issued over 10,000 badges in FY03 • 44% of badges issued were to contractors
Customer PerspectiveWhat actions are planned? • Gain approval of Access Control Program and begin implementation • Install new card readers and access control systems as planned and where requested • Work with personnel security to ensure legitimacy of persons badged • Develop the Customer Scorecard with OQM, in order to assess customer needs for Access Control
IB1a: Percent of Access Control Measures Implemented for Select Agent Lab and Storage • 100% of Select Agent Labs had access controls installed in FY03 • Card readers • Biometrics
IB1b: Percent of Access Control Measures Implemented at Radiological Facilities • 30% of Radiological laboratories and storage facilities had access controls installed in FY03 • Card readers • Door contacts
IB1c: Percent of Access Control Measures Implemented at Sensitive IT Facilities • Sensitive IT facilities were surveyed in FY03, and access control installations began • Survey is still ongoing – “population” of sensitive IT facilities still to be determined • LAN closets • Server Rooms • Computer Rooms
IB1d: Percent of Access Control Measures Implemented at Sensitive Mechanical Facilities • A survey of sensitive mechanical rooms began and a pilot program for installing access controls is underway • Survey is ongoing to locate and assess sensitive mechanical rooms
Perimeter Security System (PSS) • Layered approach to Access Control • Perimeter Fence, Visitors Center, Commercial Vehicle Inspection Station (CVI), West Dr Patients Entrance • Building perimeter doors • Particular floors or office areas, Labs, and particular rooms
IB2a: Percent completion of the NIH-Bethesda PSS • 90% completion of physical Perimeter Fence • 100% completion scheduled for 3rd Quarter FY04 • 100% design completion of Temporary Visitors Center • 35% design completion of Visitors Center • 50% design completion of Patient Entrance • 35% design completion of CVI
IB2b: Number of card readers per layer/component of PSS • 345 card readers installed at/in buildings in FY03
Internal Business Process PerspectiveWhat does the data tell you? • Physical Perimeter Fence will be 100% completed in FY04 • Perimeter Security System (PSS) components are mostly in the design phase • The majority of our card readers are for interior building spaces
Internal Business Process PerspectiveWhat actions are planned? • Establish a Temporary Visitors Center to centrally process visitors at the Perimeter until Visitors Center complex is completed • Change from Visitor “stickers” to Andover-capable cards • Begin connectivity of automated access controls at Perimeter Fence • Andover capabilities are planned for all layers of the PSS • Actively identifying sensitive areas for card reader installation
LG1: Percent of IDP tasks completed • Baseline measures need to be established • IDPs must be created
LG2: Hours of skill enhancement by technology type • Baseline measures need to be established • Technologies must be identified
Learning and Growth PerspectiveWhat does the data tell you? • Need to identify Baselines for measurements • Need to identify types of technology with which to improve
Learning and Growth PerspectiveWhat actions are planned? • Baseline team member KSAs and create Individual Development Plans (IDP) • Utilize online Police Training Tool for personal KSA building • Identify technologies and skills necessary for Access Control team
F1: Number of Badges Issued • Unit measure is number of badges issued • 10,211 badges issued in FY03 • Budget numbers need to be formalized for this program before meaningful unit cost can be calculated
F2: Number of Card Readers installed • Unit measure is number of card readers installed • 345 card readers installed in FY03 • Budget numbers need to be formalized for this program before meaningful unit cost can be calculated
F3: Number of automated access events • 22,026 per day
F3: Number of automated access events • Unit measure is number of automated access events per day • > 22,000 automated access events/day in FY03 • As automated events increase, monitored events should decrease • Greater use of Andover system will further justify the investment • Budget numbers need to be formalized for this program before meaningful unit cost can be calculated
Financial PerspectiveWhat does the data tell you? • Over 10,000 badges were issued in FY03 • 345 card readers were installed in FY03 • There were over 22,000 automated access events per day in FY03
Financial PerspectiveWhat actions are planned? • Track similar unit measures during FY04 to understand change over time • Develop budget numbers for Access Control Service Group • Initiative to increase automated Access Controls in effort to decrease overall security costs
Conclusions • Major Findings: • Completed work to develop Access Control Program, now need full approval so implementation can be tracked • 100% replacement of old card readers and improvement of access controls for select agents during FY03 • Physical Perimeter Fence will be 100% completed in FY04 • Perimeter Security System (PSS) components are mostly in the design phase • Need to identify baselines for Learning and Growth measures • Issued over 10,000 badges, installed 345 card readers, and Andover system experienced over 22,000 automated access events per day in FY03
Conclusions (cont.) • Initiatives for FY04 • Gain approval of Access Control Program and begin implementation • Install new card readers and access control systems as planned and where requested • Work with personnel security to ensure legitimacy of persons badged • Develop the Customer Scorecard in order to assess customer needs for Access Control • Establish a Temporary Visitors Center to centrally process visitors at the Perimeter until Visitors Center complex is completed • Change from Visitor “stickers” to Andover-capable cards • Begin connectivity of automated access controls at Perimeter Fence • Andover capabilities are planned for all layers of the PSS • Identify sensitive areas for card reader installation
Conclusions (cont.) • Initiatives for FY04 • Baseline team member KSAs and create Individual Development Plans (IDP) • Utilize online Police Training Tool for personal KSA building • Identify technologies and skills necessary for Access Control team • Track similar unit measures during FY04 to understand change over time • Develop budget numbers for Access Control Service Group • Initiative to increase automated Access Controls in effort to decrease overall security costs