RFP checklist | Biometric security
Questions to consider before settling on a biometric solution
- By Edmund X. DeJesus
- Aug 27, 2007
Implementing a biometric solution to secure access is a major project that will affect many aspects of your organization. Here are the questions you should consider before committing resources to a particular solution.Before exploring an isolated biometric solution, consider how it might also apply to other areas, such as single sign-on, tracking, scheduling and so forth. Try to get as much utility as possible.
Seek vendors ' or vendor-independent integrators ' who can come up with imaginative solutions that combine hardware, software and supporting components. They should have customer references in the government area.
What kinds of biometric modes will your employees accept? Are they willing to be fingerprinted or give their DNA? Will they permit iris or retina scans? Does it make sense for them to carry individual biometric tokens? Do vendors poll workers to identify their concerns? Can vendors educate staff to help them understand and accept possible biometric solutions? How will you handle security for those who cannot or will not use the biometric solution?
What constraints of the work environment ' such as required gloves, masks or hats that hide fingerprints, faces or eyes ' affect biometric choices? Do vendors offer a variety of modes to suit these restrictions?
What other environmental factors affect the possible biometric solution? This might be as simple as a reader that must fit next to a door. But consider extremes of heat and cold, rain or snow, sunlight, radiation, chemicals, vibration, dust and sand. Can vendors provide biometric devices hardened for the necessary environments?
How much security do you need this solution to provide? Which biometric modes provide the level of security you need? If environmental restrictions preclude the most secure modes, can a combination of less-secure modes fill the bill? Can your vendors provide all modes and the means to tie them together logically?
How easy is it to enroll individuals? How accurate are the modes in distinguishing individuals?
How fast can the system identify individuals and grant access? Is that fast enough to handle the expected number of users? Is the error rate so high that employees and administrators will become frustrated with the system?
What is the cost of possible solutions? Because biometric devices can break down at the worst possible times, can you get spares?
How many locations will the biometric security apply to? Is this likely to increase? Do some locations need to be managed remotely? How easy is that to do? How many people will be using the solution? Is that likely to increase?
How and where will biometric data be stored? How will that data be secured? Is the data in formats that support data sharing across agencies?
How will the biometric solution integrate with existing security, physical infrastructure, computer infrastructure and applications? Is the solution standards-based? How does software interoperate with existing platforms, operating systems and applications?
How stable are the vendors? Will they be around in five years? How easy would it be to acquire and integrate similar components from alternate vendors?