by Transposh - translation plugin for wordpress

Sharing Excellence in Parking & Mobility Management

Controlling Credentials: Step 1


As Mobility Management continues its progress toward a ticketless operating environment, controlling automatic access to transportation services becomes ever more important. This is because an inappropriately-issued ticket costs the operation one transaction; a bad credential hurts the operation over and over. In this series, we will review the proper steps in controlling the credential lifespan from creation to termination.

Step 1: Write it Down!

When we refer to a “credential” we are referring to a device or process that is automated and allows ingress into and/or egress from a transportation service. This access to the service is driven by pre-entry of the end user and his/her credential into a database.

A device, which can vary from an RFID transponder mounted on a car windshield to a biometric palm/fingerprint reader, acts as the intermediary between the end user and this database. Once the profile presented by the device is matched to all authorized profiles, the system can automatically decide what to do according to preset parameters: Allow access, deny access, record a violation, etc.

The harm to the operation by the careless handling or intentional mis-issuing of credentials is not always a financial one. Credentials are also issued for security purposes to limit access by evil-doers; for example, a gated parking area might be created to protect night staff at a hospital. Credentials are also distributed as a matter of equity to control capacity and prevent key facilities or services from being overloaded; for example, an HOV lane on a highway.

Or, a credential may allow the user to enjoy an enhanced service experience, such as priority disembarkation on a ferry or access to reserved parking, for example.

Step 1 – Write it Down

The first step in controlling credentials is management’s commitment to this effort. Evidence must be more than a casual, verbal assertion by a manager, that, yes indeed, controlling credentials is important.

This may sound simplistic, but experienced quality assurance experts will tell you that the majority of mobility management operations, whether they be related to parking, toll roads or car ferries, do not evidence that commitment. The critical indicator of management’s commitment to controlling credentials is the presence of written procedures.

When your operation is reviewed by an outside party, such as auditor, quality assurance expert or inspector general, this is the first document they will request.

Written procedures accomplish several purposes. They:

  • Demonstrate management’s commitment to credential control in a real, tangible manner;
  • Offer evidence that the control process has been completely thought out;
  • Provide a guideline to evaluating the effectiveness of the controls to industry standards (if they exist) or at a minimum, best practice; and,
  • Establish a standard so a reviewer can compare the written plan to the results it generates.

These last two points are important to your career as a mobility management professional. If you fail to create a written plan, one will be prepared for you by the reviewer. You won’t like this plan: it’s called “Perfection” and it is likely your operation will be found woefully inadequate when compared to that standard. It’s far better to have your own plan in place.

Any reasonable, complete plan will demonstrate the good intentions of management. You will be held to your own standard first, best practice (or Perfection) second. Improvements (i.e., Perfection) become “suggestions”, rather than mandates in the eyes of unbiased reviewers.Share-How-2

Here’s a few tips for creating your written procedures for controlling credentials:

  • Involve your staff in creating your procedures. Top-down instructions that ignore realities in the customer interface will ultimately be ignored by your staff.
  • Think about lifespan. Consider the total lifespan of the customer relationship and the lifespan of the credential itself. We’ll be covering these steps for this process in future posts.
  • It doesn’t have to be pretty. An outline or bulleted list is fine. Even generic procedures that vary somewhat from location to location may not be preferable but are generally acceptable, if they are reasonable and effective.
  • Consider the features – and limitations – of your technology. Be familiar with the technology you have in place now or are looking to acquire in the future. Technology can save time and effort. But they can also create additional steps and headaches.
  • Your procedures are not written in stone for eternity. They should be a living, breathing document. To that end, you should include a provision that the process will undergo review and adjustment every so often. Biennially (once every two years) or when new technology is deployed should be minimum starting points.
  • Include means and methods to determine compliance and effectiveness. For example, employee compliance with the procedures should be a factor in employee reviews or criteria for promotions and raises. Provide employees and customers with a means to offer feedback on the effectiveness of your plan. Establish audit checkpoints at each step.
  • Follow your own procedures. If you go to the time and trouble to create a plan, it makes sense to invest the effort with some follow-up to ensure they are working as anticipated. Remember too, while merely having procedures offers you some protection during an external review, if you are not following your own procedures you cannot feign ignorance of what should be done and innocently expect gentle instruction. Instead, ignoring procedures is very damning evidence of the lack or ineffectiveness of management. Finally, make sure compliance with your procedures is part of your employee review process – develop some metrics for this.

Next up in Controlling Credentials, Part 2, is establishing and maintaining credential inventories.

(Want more information? Our How-2 series are written by professional mobility management professionals for professional mobility management professionals. If you have comments or suggestions for improvements, please share your experiences with us and other professionals visiting our site. Add your comments below – if Comments are “on” – or by contacting us here. Thank you for helping H2 become the how-to resource in public and private transportation management.)

 

Leave a Reply

Latest News
The H2H2H Foundation Advocates for Excellence in Mobility Management
The H2H2H Foundation Advocates for Excellence in Mobility Management
Panama City, Republic of Panama, 1 January 2017 - Ramon L. Mota-Velasco P. of Mexico City, Mexico an
Island Syndrome
Island Syndrome
In light of this evolution, parking managers, public transit managers, even car sharing managers sho
Blurred Lines:  Will You Soon Be Managing Your Facility via Parking Guidance, Cellphone Apps, or LPR?
Unlocking Hidden Value in Parking:  Step 2, Creating the Lease Matrix
Unlocking Hidden Value in Parking: Step 2, Creating the Lease Matrix
Many asset managers rarely look at the actual lease to make business decisions, but rely instead on
Unlocking Hidden Value in Parking:  Step 1, Negotiating Monthly Parking Allowances in Building Leases
Unlocking Hidden Value in Parking: Step 1, Negotiating Monthly Parking Allowances in Building Leases
Unfortunately, auditors of these lease-bound parking requirements report both Lessors and Lessees fr
Parking Penguins
Splinter
Splinter
David Pogue, personal technology correspondent for the New York Times, is tasked with the challenge