Consistent Visitor Compliance Across Multiple Sites
Quick Summary
Configure different visitor policies per site -- NDA and photo at the data centre, self-service walk-ins at the office lobby. One platform enforces the rules at every reception desk. Monthly reports prove compliance across your entire portfolio.
The Problem: Five Buildings, Five Different Standards
You manage facilities across five buildings for the same client:
- A data centre with restricted server rooms
- A corporate headquarters with an executive floor
- Two standard office buildings
- A warehouse and logistics hub
Your FM contract requires "appropriate visitor controls at all managed sites." The client's compliance team audits quarterly.
Here's what you discover when you actually check what's happening at each reception desk:
Building A (Data Centre): Reception uses a paper logbook. Visitors sign in with a pen. No photo. No NDA. A contractor walked into a server room last month without anyone knowing until the next shift found an access door propped open.
Building B (HQ): Reception has a tablet app from a standalone visitor vendor. It captures photos but the data sits in a separate system. When the compliance team asks for a report, the facility manager exports a CSV and manually merges it with the operations data.
Building C and D (Offices): No visitor system at all. The front desk keeps a spiral notebook. Visitors write their own name (illegibly). Half the entries are missing the host name.
Building E (Warehouse): Delivery drivers sign a clipboard. Nobody checks if they're on any restricted list. A terminated employee showed up as a "delivery driver" and accessed the loading dock.
Audit day arrives. The compliance team asks: "Show us visitor records for all five buildings for Q1."
You spend three days pulling data from four different sources, reformatting spreadsheets, and writing explanations for gaps. The audit finds non-compliance at three sites. The client issues a formal notice.
The Infodeck Solution: One Platform, Per-site Policies
Infodeck lets you define a different visitor policy for each site while managing everything from one platform. The policy engine enforces the rules automatically -- reception doesn't have to remember what's required.
Here's the same portfolio with Infodeck:
Building A (Data Centre) -- High Security Policy
- Walk-in mode: Disabled (all visitors must be pre-registered)
- Approval required: Yes (host must approve before admission)
- Photo capture: Required
- NDA signing: Required (NDA document uploaded to the policy)
- Signature: Required
- Escort required: Yes
- Data retention: 365 days
A visitor arrives. The kiosk blocks them because they don't have a pre-registered invitation. They contact their host, who creates an invitation. The visitor returns, checks in at the kiosk, signs the NDA, has their photo taken, and waits for host approval. Only after the host approves does reception admit them with an escort.
Building B (HQ) -- Standard Security Policy
- Walk-in mode: Receptionist-assisted
- Approval required: Yes
- Photo capture: Required
- NDA signing: Not required
- Consent: Required (standard terms of entry)
- Data retention: 180 days
Walk-ins are accepted but go through reception. The host is notified and must approve before the visitor proceeds to the executive floor.
Buildings C and D (Offices) -- Standard Office Policy
- Walk-in mode: Self-service
- Approval required: No
- Photo capture: Not required
- Consent: Required
- Data retention: 90 days
Visitors use the kiosk to check themselves in. Low friction, but every visit is logged with a digital record, host assignment, and consent acknowledgement.
Building E (Warehouse) -- Delivery and Access Policy
- Walk-in mode: Receptionist-assisted
- Approval required: No
- Photo capture: Required
- Watchlist action: Block
- ID document: Required (Passport, FIN, or Other)
- Data retention: 180 days
Delivery drivers check in with reception. Photo is captured. ID document number is recorded for verification purposes. The system checks the watchlist automatically. The terminated employee from the earlier scenario would be blocked at check-in.
Before vs After
| Aspect | Fragmented Approach | Infodeck (Per-site Policies) |
|---|---|---|
| Visitor records | Paper, CSV, standalone tablet app, spiral notebook | One platform, all sites |
| Policy enforcement | Depends on reception remembering the rules | Automatic. Policy applied at check-in |
| Evidence capture | Inconsistent. Some sites capture photos, others don't | Defined per policy. Required = enforced |
| Watchlist screening | Manual or nonexistent | Automatic at check-in, every site |
| Audit reporting | 2-3 days pulling from multiple sources | One report, all sites, 2 minutes |
| Compliance gaps | Discovered at audit | Prevented by design |
How Per-site Policies Work
Policy Applies at Check-in
When a visitor checks in (kiosk or operator), Infodeck looks up the policy for that site. The kiosk flow adapts automatically:
- If photo capture is required, the camera step appears
- If NDA is required, the NDA signing step appears
- If photo is not required, the step is skipped entirely
- If approval is required, the visit enters Approval Pending
Reception doesn't configure anything at the desk. The policy does the work.
Policy Snapshot on Every Visit
Each visit record preserves the policy requirements that were in effect at the time of check-in. If you update a policy later (e.g. add NDA requirements), past visit records still reflect the original rules that applied. This is exactly what auditors need to see -- proof of which requirements were enforced on any past visit.
Reports Across All Sites
The reports workspace lets you filter by date range, site, status, and purpose. For a quarterly audit:
- Go to Visitor Management → Reports
- Set date range to Q1
- View all sites or filter by individual site
- Review:
- Total visits per site
- Approval rates and host response times
- Evidence capture compliance (photo, signature, NDA)
- Watchlist hits and outcomes
- Denied entries with reasons
- Export the report
Step-by-Step Setup
Step 1: Map Your Sites to Policy Tiers
Before configuring anything, decide what each site needs:
| Site | Walk-in Mode | Approval | Photo | NDA | Signature | Watchlist Action | Retention |
|---|---|---|---|---|---|---|---|
| Data Centre | Disabled | Yes | Yes | Yes | Yes | Block | 365 days |
| HQ | Receptionist-assisted | Yes | Yes | No | No | Warn | 180 days |
| Office A | Self-service | No | No | No | No | Warn | 90 days |
| Office B | Self-service | No | No | No | No | Warn | 90 days |
| Warehouse | Receptionist-assisted | No | Yes | No | No | Block | 180 days |
Step 2: Create Policies
- Go to Visitor Management → Policies
- Create a policy for each site
- Configure the settings according to your map
- Upload NDA documents for sites that require them
- Save each policy
Learn more: Set Up Visitor Policies
Step 3: Set Up Kiosk Devices
- For each site with a kiosk, go to Visitor Management → Devices
- Pair a tablet using the 6-digit pairing code
- Assign each device to its site
Self-service sites need at least one kiosk. Receptionist-assisted sites can use operator check-in without a visitor-facing kiosk.
Learn more: Set Up Kiosk Devices
Step 4: Configure the Watchlist
- Go to Visitor Management → Watchlist
- Add known individuals who should be flagged
- Your per-site policies already define what happens when they arrive (Block or Warn)
Learn more: Manage Watchlist
Step 5: Run a Compliance Test
- Pre-register a test visitor at your highest-security site
- Check in through the kiosk. Verify photo, NDA, and approval steps appear
- Pre-register a test visitor at a self-service site. Verify the streamlined flow
- Generate a report covering both sites. Verify the data appears correctly
- Export and review the report format
Real-World Scenarios
Scenario 1: Quarterly Compliance Audit
The client's compliance team requests visitor records for all managed sites for Q1. You open Infodeck, set the date range, and export. The report shows total visits, evidence capture rates, watchlist hits, and policy outcomes per site. Total time: 5 minutes.
Scenario 2: New Site Added to Contract
Your client adds a sixth building to the FM contract. You create a new visitor policy, pair a kiosk tablet, and the site is live within an hour. The same compliance standards apply from day one.
Scenario 3: Policy Upgrade After an Incident
After a security incident at the warehouse, the client requires photo capture and NDA signing at all sites. You update the policies for the office buildings. The next visitor at those sites sees the new steps automatically. No retraining needed at reception.
Scenario 4: Data Retention Review
Your legal team requires that visitor data at the data centre is retained for one year, but office visitor data is purged after 90 days. Each site's policy already has the correct retention period. Expired records are purged automatically.
Common Questions
Q: Can I use one policy across multiple sites? A: Each policy is assigned to one site. If two sites need the same rules, create a policy for each with the same settings. This gives you the flexibility to adjust one site without affecting the other.
Q: What if a site has no kiosk? A: Reception uses operator check-in from the Infodeck workspace. The same policy applies -- approval, evidence, and watchlist rules are enforced the same way.
Q: Can I see cross-site analytics? A: Yes. The reports workspace shows all sites by default. Filter by individual site when you need a site-specific view.
Q: What happens if reception skips a policy step? A: They can't. The kiosk flow enforces required steps. Operator check-in also enforces policy requirements. If photo capture is required, the visit cannot be completed without it.
Related Articles
Next Steps
- Map your sites -- List each site and what visitor controls it needs.
- Create policies -- Start with your highest-security site and work down.
- Pair devices -- Set up at least one kiosk at each self-service site.
- Run a test audit -- Generate a multi-site report and verify the data before the next real audit.
Consistent visitor compliance isn't about making every site the same. It's about making sure every site meets its own standard -- and being able to prove it.