Skip to main content
BluINFO

Visitor and Vendor Management

  1. Last updated
  2. Save as PDF

Click to download Spec > Visitor and Vendor Management.docx

Section 28 44 00
Visitor & Vendor Management

Status: Draft Version 1 – Consultant Ready
Basis Of Design: BluB0X BluSKY

Specification Division:

  • Division 28 – Electronic Safety And Security
  • Coordinated With Facilities, Property Management, Tenant Operations, And IT

Related / Normative References:

  • Physical Security Management Platform (PSMP)
  • Section 28 43 00 – Identity, Credentials & Biometrics
  • Section 28 42 00 – Person Readers & Intelligent Edge Devices
  • Enterprise Access Control System
  • Elevator Destination Dispatch Security (DDE)
  • Two-Button Elevator Relay Security
  • Hybrid Elevator Security
  • Elevator Management & Telemetry
  • Intercom & Communications
  • System Health, Telemetry & Assurance
  • Security Power, Resiliency & OTA Lifecycle

Part 1 – General

1.1 Summary
A. This section defines requirements for an Enterprise Visitor & Vendor Management System (EVVMS) that governs the entire lifecycle of non-employee access, including visitors, vendors, contractors, service personnel, and temporary occupants.

B. The system shall provide identity-centric, policy-driven control over visitor and vendor access to:
• Doors and turnstiles
• Elevators (DDE, relay, and hybrid)
• Common areas and restricted spaces

C. Visitor and vendor management shall be fully integrated with identity, access control, Person Readers, elevator systems, and intercom communications.

1.2 Purpose And Intent
A. Replace manual, badge-centric visitor processes with automated, auditable workflows.
B. Improve security posture for third-party access without increasing friction.
C. Enable unattended or minimally staffed lobbies.
D. Provide tenants and building operators with controlled, compliant access management.

1.3 Definitions
• Visitor: A non-employee with short-term, limited access
• Vendor / Contractor: A third-party with scheduled or recurring access
• Host: The internal person responsible for a visitor or vendor
• Temporary Identity: Time-bound identity record created for a non-employee

Part 2 – System Description

2.1 Visitor & Vendor Management Overview
A. The EVVMS shall function as a native module of the Physical Security Management Platform.
B. The system shall manage:
• Visitor and vendor pre-registration
• Identity creation and lifecycle
• Credential issuance and expiration
• Access and elevator authorization
• Event logging and auditability

C. The EVVMS shall support both attended and unattended entry scenarios.

2.2 Relationship To Identity System
A. All visitors and vendors shall be represented as temporary identity records governed by Section 28 43 00.
B. Visitor and vendor identities shall:
• Support multiple credentials
• Be policy-driven
• Expire automatically

Part 3 – Visitor Workflows

3.1 Pre-Registration
A. Hosts shall be able to pre-register visitors via:
• Web portals
• Mobile interfaces
• API integrations

B. Pre-registration shall capture:
• Visitor name
• Visit date and time window
• Host identity
• Authorized locations and floors

3.2 Invitation And Credential Issuance
A. The system shall generate visitor invitations including:
• QR codes
• Mobile links
• Time-bound credentials

B. Credentials may be:
• QR-based
• Mobile cloud credentials
• Temporary biometric recognition (where enabled)

3.3 Check-In And Entry
A. Visitors shall check in via:
• Person Readers
• Kiosks
• Turnstiles
• Assisted intercom workflows

B. Check-in may include:
• QR scan
• Name lookup
• Photo capture for proof of presence

3.4 Visitor Access And Elevator Routing
A. Upon check-in, visitors shall be granted:
• Door and turnstile access
• Elevator access consistent with policy

B. Elevator access shall support:
• Default floor assignment
• Transfer-floor logic
• Escort requirements

Part 4 – Vendor And Contractor Workflows

4.1 Vendor Identity Management
A. Vendors and contractors shall be represented as temporary or recurring identities.
B. Vendor identities may have:
• Scheduled access windows
• Recurring access rules
• Floor- or area-restricted permissions

4.2 Recurring And Scheduled Access
A. The system shall support:
• Daily, weekly, or monthly access schedules
• Time-of-day restrictions
• Automatic suspension outside approved windows

4.3 Multi-Day And Long-Term Access
A. Vendor credentials may span multiple days or weeks.
B. Long-term access shall still be:
• Time-bounded
• Reviewable
• Revocable

Part 5 – Credential Types And Biometrics

5.1 Supported Credentials
Visitor and vendor identities shall support:
• QR codes
• Mobile credentials
• PINs
• Temporary biometric recognition (where permitted)

5.2 Biometric Usage And Consent
A. Biometric usage shall be:
• Optional
• Policy-controlled
• Consent-driven

B. Biometric data retention shall be time-limited and compliant with regulations.

Part 6 – Person Readers, Kiosks, And Turnstiles

6.1 Person Reader Integration
A. Person Readers shall serve as:
• Visitor check-in points
• Identity verification devices
• Elevator dispatch terminals

B. Person Readers shall support:
• Proof-of-presence capture
• Assisted workflows via intercom

6.2 Unattended Lobby Operation
A. The EVVMS shall support fully unattended lobbies.
B. Remote operators may assist visitors via:
• Two-way audio
• Two-way video

Part 7 – Host Notifications And Escorting

7.1 Host Notifications
A. Hosts shall be notified when:
• Visitors arrive
• Visitors fail to arrive
• Visits expire

7.2 Escort Requirements
A. The system shall support escort rules including:
• Two-person authentication
• Escort-required floor access
• Elevator escort logic

Part 8 – Access Control And Policy Enforcement

8.1 Door And Turnstile Access
A. Visitor and vendor access shall be enforced identically to employee access, using identity-centric rules.

8.2 Floor Matrix And Elevator Policy
A. Visitor and vendor elevator access shall comply with:
• Floor Matrix rules
• DDE, relay, or hybrid elevator models

Part 9 – Eventing, Logging, And Auditability

9.1 Event Generation
All visitor and vendor actions shall generate events, including:
• Invitation creation
• Check-in
• Access attempts
• Elevator dispatch or floor enablement
• Expiration

9.2 Audit And Reporting
A. Logs shall be:
• Searchable
• Exportable
• Tamper-resistant

B. Reports shall support:
• Security review
• Compliance audits
• Tenant reporting

Part 10 – Privacy, Compliance, And Governance

10.1 Privacy Controls
A. Visitor and vendor data shall be:
• Role-restricted
• Retained only as long as required

10.2 Regulatory Compliance
The system shall support compliance with:
• GDPR
• U.S. state privacy laws
• Industry-specific regulations

Part 11 – Resilience And Lifecycle

11.1 High Availability
Visitor & Vendor Management services shall be:
• Redundant
• Fault-tolerant

11.2 OTA Updates
Software shall support:
• Secure OTA updates
• Rollback capability

Part 12 – Diagnostics And Administration

A. Administrators shall be able to:
• Test visitor workflows
• Simulate check-ins
• Diagnose authorization failures

Part 13 – Submittals And Close-Out

• Visitor workflow diagrams
• Credential and policy definitions
• Elevator routing configurations
• Acceptance test results

Part 14 – Acceptable Manufacturers

14.1 Basis Of Design
Managed through the Physical Security Management Platform with native Visitor & Vendor Management.

14.2 Acceptable Alternatives
Alternative systems shall meet all requirements of this specification.

End Of Section 28 44 00

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Classification
    Visitor Management
  2. Tags
    1. Section 28 44 00
    2. Spec
    3. Vendor Management
    4. Visitor Management