Skip to main content

Solution · Access and compliance

Every non-employee through the door with a known identity, a known purpose, and a documented exit.

Kiosk check-in, cloud access control, license-plate recognition, and a unified audit log. PCI, FTC Safeguards, CMMC, and HIPAA physical-access requirements satisfied as deliverables.

See it on your cameras
or reach us directly
Call us855-577-0400
  • NDAA-compliant
  • Platform-agnostic
  • 1,000+ deployments over 15 years
Free

How can we help?

Tell us what you're working through. We'll route it to the right person.

Visitor and contractor management is the system that gets every non-employee through the door with a known identity, a known purpose, and a documented exit. Tec-Tel deploys a check-in kiosk paired with cloud access control from major manufacturers, license-plate recognition for delivery and contractor vehicles, tailgate detection on cameras, and a unified audit log. PCI-DSS, FTC Safeguards, and CMMC physical-access requirements get satisfied as deliverables. Free consultation.

§01  The six-step flow

How the system works end to end.

A working visitor and contractor system isn't a kiosk. It's six pieces working together, so the audit log reconciles itself instead of getting rebuilt in a spreadsheet the day an assessor asks who was inside.

Pre-arrival invite and screening Host pre-registers the visitor or contractor by email. The kiosk vendor sends a self-check-in link with the building address, parking instructions, and a digital NDA or safety waiver to sign before arrival. The host gets a heads-up SMS when the visitor checks in.
Identity capture at the kiosk ID scan, photo, badge print, host notification. We integrate the major visitor-management kiosk platforms. The kiosk pushes the visitor profile into the access control system as a temporary credential good for the duration of the visit.
Door access scoped to the visit The major access control platforms all support time-bound visitor credentials. The badge opens the lobby and the conference floor, not the data center, the lab, or the dock. The credential expires automatically at the scheduled checkout time.
License-plate recognition for delivery and contractor vehicles Recurring contractor plates and major carriers get auto-logged at the gate. Unknown plates trigger a guard or front-desk page. The plate logs with the badge swipe so the audit trail joins vehicle and person.
Tailgate and unbadged-entry detection Cameras at every exterior door watch for two people through one badge swipe and unbadged people trailing employees. The supervisor on shift gets an alert with the camera feed link and the badge holder name so HR can have the conversation that day, not next quarter.
Documented checkout and unified audit log Kiosk captures checkout, access system logs the last door swipe, and the camera fleet timestamps the exit. All three feeds reconcile into a single audit log that a PCI assessor, FTC Safeguards examiner, or CMMC C3PAO can pull without rebuilding the chain by hand.

§02  The compliance angle

The audit log is the deliverable, not the side effect.

PCI-DSS Requirement 9, FTC Safeguards 16 CFR 314.4, CMMC 2.0 PE-3, and HIPAA 45 CFR 164.310 all require documented evidence that the right people got into the right places at the right times. None of those frameworks accept a paper sign-in sheet anymore. The kiosk, the access control system, and the cameras together produce a digital chain an assessor can pull in five minutes.

Tec-Tel installs produce the chain by default, not as a one-off. The consultation deliverable maps the customer's compliance regime against the system's evidence outputs so the customer's qualified individual or compliance lead can plug it into the existing WISP, ISMS, or SSP without re-engineering.

  • PCI-DSS v4.0 Requirement 9: visitor logs with arrival time, departure time, host name, visit purpose, plus 90-day camera retention on the cardholder data environment.
  • FTC Safeguards 16 CFR 314.4 (updated 2023): written physical safeguards for any covered financial institution, including auto dealers, tax preparers, and mortgage brokers.
  • CMMC 2.0 Level 2 PE-3: visitor records and physical access authorization. Vendor selection holds to NDAA 889-compliant manufacturers across the stack.
  • HIPAA 45 CFR 164.310: facility access controls and audit logs scoped to facility access, not patient records. Business Associate Agreements covered when the kiosk is cloud-based.

§03  Who buys this

Four buyer profiles that drive most installs.

Manufacturing and distribution: driver check-in at the gate, dock-door supervision, contractor sign-in for maintenance and safety waivers. Plate recognition pre-loads the carrier's truck and the warehouse manager gets a heads-up before the trailer backs up.

Healthcare clinics and offices: patient check-in stays with the EHR. Contractor and vendor check-in moves to the kiosk. HIPAA-aware: visitor logs scope to facility access, not patient records, and footage retention is set to facility policy.

Finance, auto dealers, and professional services: FTC Safeguards requires documented physical safeguards. The kiosk, cloud access control, and LPR produce the written control evidence the WISP needs. After-hours intrusion zones tied to the same access system close the loop.

Defense contractors and CMMC environments: CMMC 2.0 Level 2 requires visitor records and PE-3 physical access authorization. The kiosk captures identity, the access system enforces badge scope, and cameras provide the monitoring evidence.

§04  The multi-vendor stack

Platforms we integrate across the kiosk, access, and camera layers.

Tec-Tel is vendor-agnostic. Visitor and contractor management spans three layers: the kiosk, the access control system, and the camera fleet. Cloud access control from the major platforms drives the visitor badge and door logic with time-bound credentials and mobile access. Cameras with edge AI (tailgate detection, license-plate recognition) feed the visitor flow at every exterior door.

Kiosk platforms come in different shapes: broad enterprise feature set with polished host UX; contractor-heavy builds with OSHA-card upload built in; CMMC and ITAR-friendly compliance reporting; and lighter-weight mid-market deployments with simpler pricing. The consultation names the right cut based on what is already deployed and the compliance regime in scope.

§05  Cost framing

What it costs per location.

Visitor kiosks typically price per location per month, $100 to $500 for the software, plus a one-time hardware cost of $1,500 to $4,000 per kiosk station (iPad or dedicated kiosk plus badge printer plus stand). Most sites need one or two kiosks for the lobby and a second for the dock or service entrance.

Cloud access control runs $20 to $40 per door per month for the license, plus the door hardware on a one-time install. License-plate recognition is usually a per-camera per-month line on top of the existing video license, $25 to $75, depending on whether the customer wants live alerting or historical search only. Tailgate detection and unbadged-entry analytics are bundled inside edge-AI platforms at zero incremental cost when the cameras are already in the ecosystem.

Questions buyers ask us

FAQ

Do I need a separate kiosk vendor, or can the access control system handle visitor flow on its own?
Smaller sites can run visitor flow inside a major cloud access control platform directly. The native visitor modules cover ID capture, badge print, and time-bound credentials. Larger or compliance-heavy sites benefit from a dedicated visitor-management kiosk because the pre-arrival invite, NDA workflow, and host-notification UX are more polished. The consultation names the cut for each customer.
How does this handle delivery drivers who show up without notice?
License-plate recognition pre-loads the major carriers (FedEx, UPS, DHL, regional LTL) so a known truck gets logged automatically. Unknown plates page the front desk or the dock supervisor. The driver scans the kiosk for sign-in and a temporary photo badge. The audit log ties the plate, the driver name, the dock door swipe, and the cameras together, so a missing pallet later has a chain to follow.
What does PCI-DSS Requirement 9 actually require for visitor management?
PCI-DSS v4.0 Requirement 9 covers physical access to systems handling cardholder data. Visitor logs must include arrival time, departure time, host name, and visit purpose. Cameras must cover entry to the cardholder data environment and footage must be retained 90 days minimum. The kiosk plus cloud access control plus the camera retention policy together satisfy the requirement. We document the mapping in the consultation deliverable.
How does the FTC Safeguards Rule apply to non-bank businesses like auto dealers?
16 CFR 314.4 (updated 2023) requires a written information security program with physical safeguards, including facility access controls and surveillance for any entity covered as a financial institution. Auto dealers, tax preparers, mortgage brokers, and many wealth managers are in scope. Tec-Tel installs produce the written control summaries the customer's qualified individual needs to put in the WISP, not just the hardware.
Can the visitor system enforce safety training and PPE compliance for contractors?
Yes. The kiosk can require a contractor to upload an OSHA 10 or OSHA 30 card, sign a site-specific safety waiver, and confirm PPE possession before the badge prints. Cameras paired with operational safety analytics can flag missing PPE in the contractor's actual work zone, not just at the front door. The consultation walks which integration sequence fits the customer's compliance posture.
How do you handle privacy for the visitor photo and ID scan?
Most kiosk vendors retain the photo and ID scan only as long as the visit record requires, with retention typically configurable from 30 days to 7 years. Illinois sites get extra scrutiny under BIPA if any biometric matching is enabled, even if face geometry is not stored long-term. Tec-Tel documents the data flow during deployment so HR, legal, and the customer's privacy team can approve before go-live.
What does the deployment timeline look like?
A single-site rollout (kiosk plus cloud access plus LPR plus camera integration) typically takes 4 to 8 weeks from kickoff to go-live. The schedule is gated mostly by the time it takes to walk every exterior door with the facilities team, define visitor zones, and migrate the visitor history if the customer is replacing an older system. Multi-site rollouts run by phase. The consultation produces the schedule.

Book a walkthrough

Want a read on your visitor flow?

The free consultation walks the existing kiosk, the access control system, and the camera coverage at every entrance. We map the gaps against your compliance regime (PCI, FTC Safeguards, CMMC, HIPAA, FERPA) and produce a written control summary the qualified individual or compliance lead can put in the WISP, ISMS, or SSP.

  • Tell us how many sites you run and what's already in place. We'll show you what a build or upgrade looks like.
  • Straight answers from the team that does the work. We're platform-agnostic, so you get the system that fits your sites, not one brand's catalog.

Since 2010 · 1,000+ deployments nationwide · ISN-accredited

See it on your cameras 855-577-0400
Or send the details

How can we help?

What you're looking for, plus any details. We review it and follow up, usually the same day.

Related from Tec-Tel

Solution

Workplace safety

Contractor PPE compliance and safe-zone analytics on the same camera fleet.

Read on Solution

Facility security

The full perimeter design that visitor management sits inside.

Read on Reference

Vendor comparison matrix

Full capability table across access control, kiosk, and camera platforms.

Read on