PE-7 — Visitor Control

Visitors to your facility must be controlled — identified, authorized, escorted, and monitored. No one should wander freely through areas where your systems are located without proper oversight.

Example 1: Establish a visitor management process: all visitors must sign in at reception, present government-issued ID, receive a visitor badge, and be escorted by an employee at all times. Visitor badges should be visually distinct from employee badges (different color or marked 'VISITOR').

Example 2: Use a digital visitor management system like Envoy, iLobby, or SwipedOn that captures visitor information, takes photos, prints badges, and notifies the host employee when their visitor arrives. At departure, visitors must check out and return their badge. Run reports on visitor activity monthly.