Visitor (Invited / Uninvited) Management

This Rules/Policy document is provided to you and your organization as a starting point or maturity checkpoint for existing rules/policies. It is brought to you on behalf of Jim McConnell, Principal Owner, and Ask McConnell, LLC — A Converged Security Services Provider. The content is not meant to cover every circumstance, industry, law, regulation, contractual requirement, threat, environment, or risk, but it provides an easy, defendable, highly accountable starting point for any organization. Please consult with your legal counsel and insurance provider about added requirements. If you know of peers that you think would find value in these resources, please have them contact us. These will be updated on our website regularly. We are not legally protecting these documents; we just ask for credit, shout-outs, and referrals if you find them helpful. If you have recommended updates, we are all ears. And if you need Converged Security Consulting and Training, please reach out, we would be honored to serve you and your organization.

Jim McConnell  |  info@askmcconnell.com  |  askmcconnell.com

Visitor (Invited / Uninvited) Management Policy

Updated: 30 April 2025

Protecting human lives is the highest requirement of our entire organization, whether they are employees, customers, volunteers, visitors, or part of our supply chain while under some nexus to our organization.

Clarification: The use of the term “Visitor” in these rules is focused on day-to-day customers, suppliers, and unplanned/uninvited visitors, whether entering your facilities or found on the property (e.g., a homeless individual). This is not meant to cover retail stores with a steady flow of customers.

  • I will report visitor security concerns, vulnerabilities, and threats to my supervisor or the organization’s Ethics Hotline; if they are unavailable and I feel unsafe, I will call law enforcement.
  • I will make sure all visitors entering our facilities are logged electronically and via a paper log, including their name, association to our organization, sponsor, date/time in, and date/time out.
  • I will follow all export control laws and regulations related to visitors entering our facility.
  • I will escort the visitor throughout their visit (except when entering/exiting the restroom).
  • I will verify the visitor does not connect any electronic devices to the organization’s technology infrastructure, except guest Wi-Fi and projectors.
  • I will report any suspicious behavior of any visitor to security, HR, or law enforcement. If the visitor is my responsibility, I will attempt to safely escort the individual to a secure lobby or outside through the nearest door.
  • I will do my best not to allow the visitor access to any workstation, connectivity, or paper information during their visit.
  • I will not discuss or expose visitors to any non-public information unless it can be verified that the visitor is under a mutual non-disclosure agreement.
  • If I come upon an uninvited visitor (e.g., a homeless or distraught individual), and our organization’s mission is not to serve them, I will contact law enforcement or social services to handle the individual’s needs.
  • If I come upon a visitor who is unresponsive, I will contact emergency services and stay with the individual until help arrives.
  • If our organization serves homeless or other distraught individuals and I come upon one, I will follow outreach procedures and stay with the person until these procedures engage an additional person to take over the situation.
  • I will follow standard physical security rules — such as no tailgating, directing people to the lobby, etc. — when it comes to visitors.
  • I will not engage law enforcement for a trespass warning or arrest without senior leadership engagement first.
  • I will make sure all visitors under my control are advised of their security, safety, and evacuation responsibilities and requirements before they are allowed beyond the equivalent of the lobby.
  • I will manage or support a State of Security Report and Presentation, under Executive Session, at least yearly, that covers incidents, vulnerabilities, improvements, and metrics across all domains of Security, including visitor management elements.

Signature Note: I am a huge fan of wet signatures on these types of documents for accountability and investigation reasons. You can add the signature lines below to each rule/policy document, or have a collective wet signature with references in the Security Commitment Agreement document available on the One-Pager library page. Organizational preference.

________________________
Print Full Legal Name

________________________
(Blue Ink) Full Legal Signature
Style of signature must closely match Driver’s License

________________________
Date

🖶 To save or print this policy, use your browser’s Print function (Ctrl+P / Cmd+P) and select “Save as PDF” if needed.