![Picture1-1.png]](https://faqs.safetynetsolutions.co.uk/hs-fs/hubfs/Picture1-1.png?height=18&name=Picture1-1.png){kind=small}
Business Case for SKYVISITOR VMS
The IS justification for SKYVISITOR
Ports are opened to our proprietary SKYVISITOR software azure cloud hosting which provides the business function of Visitor and Contractor management for the purposes of security and compliance with Health & Safety and Data legislation.
Business Case:
The business case for opening ports on our firewall to enable SKYVISITOR for visitor and contractor management system primarily focuses on improving operational efficiency, enhancing physical security, and ensuring regulatory compliance, all of which outweigh the controlled, documented risk of the firewall change.
A manual process for managing visitors and contractors is inefficient, lacks an auditable record, and poses security risks.
Implementing SKYVISITOR (VMS) streamlines check-in/out, instantly verifies contractor credentials, and creates a centralised, time-stamped log for safety and compliance.
Opening the necessary firewall ports is a mandatory, controlled step to allow the system (either cloud-based or local) to communicate, with the risk mitigated by only opening ports to specific, verified IP addresses and securing the connection with TLS encryption.
Business Need and Problem Statement:
Current State Problems
Problem Area: 1: Operational Inefficiency
Description: Manual paper sign-in logs cause bottlenecks at reception, delays visitor and contractor access, and require manual data entry. Do not offer the validation of credentials and compliance. Risks unnecessary exposure of data.
Impact: Wasted time for staff and visitors; diminished professional image.
Problem Area: 2: Safety and Compliance Risk
Description: In a critical incident (e.g., fire), manually checking paper logs for an accurate headcount of people on-site is slow and unreliable. Missing compliance data for contractors (e.g., insurance, training).
Impact: Regulatory fines; risk to life; inability to demonstrate compliance to auditors.
Problem Area 3: Security Weakness
Description: Physical paper logs are easily lost or viewed by unauthorised individuals, revealing sensitive visitor and contractor information. No real-time alerts for unverified or banned visitors.
Impact: Compromised confidentiality; unauthorised access risk.
SOLUTION:
Implement SKYVISITOR - a modern Visitor Management System (VMS) that handles pre-registration, automated check-in/out via a device (e.g., tablet/kiosk), and real-time contractor verification.
Technical Justification for Port Changes: The VMS requires controlled firewall port openings to function.
Mandatory Connectivity Requirements:
Kiosk/Tablet VMS Cloud HTTPS/TLSTCP 443 (Standard Secure Web)Mandatory for all cloud-based systems.
TCP_1433 & TCP_45601 to specific destination IPS (+80 allowing redirection of traffic to https)
*SSL inspection must be disabled for TCP ports 1433 and 46501.
This enables the on-site device to securely communicate and synchronize data with the SKYVISITOR cloud server.
Conclusion: Opening TCP 443, 1433 and 45601 is non-negotiable for this solution and is the core requirement.
BENEFITS & VALUE PROPOSITION
1. Security & Auditing
Tangible benefits are: Instant Compliance Check: Automated verification of contractor inductions/insurance before entry. Real-Time Muster: Accurate, electronic record of everyone on-site for emergency evacuation.
Business Value: Reduces liability; ensures duty of care; passes compliance audits easily.
2. Operational Efficiency
Tangible Benefits: Streamlined Reception: Reduced time for check-in from 5 minutes (paper) to $< 30$ seconds (digital). Automated Notifications: No time wasted calling hosts.
Business Value: Saves employee time; professionalises the visitor experience.
3. Data Protection
Tangible Benefits: Secure Data Storage: Visitor PII is stored securely in the VMS database (not on paper) and protected by the vendor's security protocols.
Business Value: Mitigates UK GDPR risks associated with physical paper sign-in sheets.
RISK MITIGATION PLAN (SECURITY CONTROLS)
1. Source IP Restriction
Security Requirement: The firewall rule must be restricted to ONLY THE KNOWN, STATIC IP addresses of the VMS cloud
Status/Impact: Prevents traffic from any other source IP from traversing the open port.
2. Protocol Encryption
Security Requirement: All traffic over the open port must enforce 1.2 or 1.3. Unencrypted protocols will be rejected
Status/Impact: Ensures data privacy and integrity against eavesdropping
3. Interface Segmentation
Security Requirement: Whilst the VMS kiosk/tablet could be placed on a dedicated VLAN or segmented network separate from the core business network (LAN), we also access this for sales purposes and to support clients as SKYVISITOR is our proprietary software, and therefore it is not on a segmented network. IP addresses to connect to the end data are to be whitelisted at cloud server.
Status/Impact: Limits the data access to whitelisted IPs only
4. Regular Auditing
Security Requirement: The Network Manager (Director LAS) will review the firewall rule quarterly to ensure that the port remains closed to all but the defined destination
Status/Impact: Confirms rule integrity and prevents drift over time.
BUSINESS CASE RECOMMENDATION:
We approve the firewall change request to open TCP port 443, 1433 and 45601 outbound (and defined inbound responses) to the specific, documented IP addresses of the VMS SKYVISITOR cloud. This controlled risk is necessary to realise significant gains in security, compliance, and operational efficiency.
Business Case:
The business case for opening ports on our firewall to enable SKYVISITOR for visitor and contractor management system primarily focuses on improving operational efficiency, enhancing physical security, and ensuring regulatory compliance, all of which outweigh the controlled, documented risk of the firewall change.
A manual process for managing visitors and contractors is inefficient, lacks an auditable record, and poses security risks.
Implementing SKYVISITOR (VMS) streamlines check-in/out, instantly verifies contractor credentials, and creates a centralised, time-stamped log for safety and compliance.
Opening the necessary firewall ports is a mandatory, controlled step to allow the system (either cloud-based or local) to communicate, with the risk mitigated by only opening ports to specific, verified IP addresses and securing the connection with TLS encryption.
Business Need and Problem Statement:
Current State Problems
Problem Area: 1: Operational Inefficiency
Description: Manual paper sign-in logs cause bottlenecks at reception, delays visitor and contractor access, and require manual data entry. Do not offer the validation of credentials and compliance. Risks unnecessary exposure of data.
Impact: Wasted time for staff and visitors; diminished professional image.
Problem Area: 2: Safety and Compliance Risk
Description: In a critical incident (e.g., fire), manually checking paper logs for an accurate headcount of people on-site is slow and unreliable. Missing compliance data for contractors (e.g., insurance, training).
Impact: Regulatory fines; risk to life; inability to demonstrate compliance to auditors.
Problem Area 3: Security Weakness
Description: Physical paper logs are easily lost or viewed by unauthorised individuals, revealing sensitive visitor and contractor information. No real-time alerts for unverified or banned visitors.
Impact: Compromised confidentiality; unauthorised access risk.
SOLUTION:
Implement SKYVISITOR - a modern Visitor Management System (VMS) that handles pre-registration, automated check-in/out via a device (e.g., tablet/kiosk), and real-time contractor verification.
Technical Justification for Port Changes: The VMS requires controlled firewall port openings to function.
Mandatory Connectivity Requirements:
Kiosk/Tablet VMS Cloud HTTPS/TLSTCP 443 (Standard Secure Web)Mandatory for all cloud-based systems.
TCP_1433 & TCP_45601 to specific destination IPS (+80 allowing redirection of traffic to https)
*SSL inspection must be disabled for TCP ports 1433 and 46501.
This enables the on-site device to securely communicate and synchronize data with the SKYVISITOR cloud server.
Conclusion: Opening TCP 443, 1433 and 45601 is non-negotiable for this solution and is the core requirement.
BENEFITS & VALUE PROPOSITION
1. Security & Auditing
Tangible benefits are: Instant Compliance Check: Automated verification of contractor inductions/insurance before entry. Real-Time Muster: Accurate, electronic record of everyone on-site for emergency evacuation.
Business Value: Reduces liability; ensures duty of care; passes compliance audits easily.
2. Operational Efficiency
Tangible Benefits: Streamlined Reception: Reduced time for check-in from 5 minutes (paper) to $< 30$ seconds (digital). Automated Notifications: No time wasted calling hosts.
Business Value: Saves employee time; professionalises the visitor experience.
3. Data Protection
Tangible Benefits: Secure Data Storage: Visitor PII is stored securely in the VMS database (not on paper) and protected by the vendor's security protocols.
Business Value: Mitigates UK GDPR risks associated with physical paper sign-in sheets.
RISK MITIGATION PLAN (SECURITY CONTROLS)
1. Source IP Restriction
Security Requirement: The firewall rule must be restricted to ONLY THE KNOWN, STATIC IP addresses of the VMS cloud
Status/Impact: Prevents traffic from any other source IP from traversing the open port.
2. Protocol Encryption
Security Requirement: All traffic over the open port must enforce 1.2 or 1.3. Unencrypted protocols will be rejected
Status/Impact: Ensures data privacy and integrity against eavesdropping
3. Interface Segmentation
Security Requirement: Whilst the VMS kiosk/tablet could be placed on a dedicated VLAN or segmented network separate from the core business network (LAN), we also access this for sales purposes and to support clients as SKYVISITOR is our proprietary software, and therefore it is not on a segmented network. IP addresses to connect to the end data are to be whitelisted at cloud server.
Status/Impact: Limits the data access to whitelisted IPs only
4. Regular Auditing
Security Requirement: The Network Manager (Director LAS) will review the firewall rule quarterly to ensure that the port remains closed to all but the defined destination
Status/Impact: Confirms rule integrity and prevents drift over time.
BUSINESS CASE RECOMMENDATION:
We approve the firewall change request to open TCP port 443, 1433 and 45601 outbound (and defined inbound responses) to the specific, documented IP addresses of the VMS SKYVISITOR cloud. This controlled risk is necessary to realise significant gains in security, compliance, and operational efficiency.