Your access control system can tell you which doors card 0417 opened this morning. What it cannot tell you is where card 0417 physically is, who was actually handed it, or how many blank cards are left in the drawer at reception. Access systems manage permissions; almost nobody manages the cards themselves. The gap surfaces at offboarding, at audits, and on the day someone asks how many active cards exist for a building - and the honest answer is a shrug. This guide closes that gap with a card register: issuance as a logged event, recovery as a separate step from deactivation, and an audit you can run in minutes.
What you will learn
- The custody gap
- What to record for every card
- Issue and return as logged events
- Offboarding and lost cards: two steps, not one
- Auditing cards and blank stock
- Where a register beats a spreadsheet
- FAQ
The custody gap
Card problems cluster in four places, and none of them are inside the access control software:
- Deactivation without recovery. A leaver’s card is voided in the system and forgotten in their kitchen drawer. Security is fine; card control is fiction; and nobody knows how many “dead” cards with the company logo are circulating.
- Reception-issued temp cards. Handed out in seconds, logged nowhere, returned occasionally. Within a year, temp cards outnumber the records of them several times over.
- Contractor cards that outlive the contract. Issued for a project, kept “for next time”, still active months later.
- Unmanaged blank stock. Boxes of printable blanks are an afterthought - until an audit asks where two hundred of them went.
Each of these is a custody problem, and custody needs its own record - a custody log for plastic, separate from the permission tables in the door system.
What to record for every card
Cards are awkward because they carry two identities: the number printed on the face and the internal number the access system reads from the chip or antenna. Record both, or reconciliation becomes guesswork.
| Field | Why it matters |
|---|---|
| Printed card number | What a human can read off the card and quote to you |
| Internal / facility number | What the access system knows the card as - the join key between register and door system |
| Card type | Permanent, temporary, visitor, contractor - each has its own return rules |
| Holder | A named person, even for temp cards - “visitor” is not a holder |
| Access profile | The permission group it carries, so you know what a lost card could open |
| Issue date | The start of custody, and the age of any later finding |
| Expiry or return due | Gives temp and contractor cards a built-in end |
| Status | Active, returned, lost, deactivated, destroyed |
Status deserves discipline: a card can be deactivated and unreturned, and the register should be able to say so - that combination is exactly the population you want visible.
Issue and return as logged events
Treat the card drawer like an equipment counter:
- Issue is a check-out. Who received which card, on which date, with which profile. For visitors and temps, the due date is usually “today”.
- No hand-me-downs. A card never transfers directly between people - permissions belong to a person, so the card comes back, gets deactivated or reprofiled, and is reissued as a fresh event. Direct swaps are how a cleaner ends up holding a manager’s profile.
- Return is a check-in. Record who returned it, when, and its condition - cards crack and delaminate, and a dying card is better replaced at return than at the door on Monday morning.
- Watch the overdue list. Same-day visitor cards that are not back by closing are the canary for the whole process.
Tip: keep deactivation and recovery as two separate checklist lines everywhere they appear - offboarding, contractor exit, lost-card handling. Teams that merge them into one line always end up doing only the software half.
Offboarding and lost cards: two steps, not one
Offboarding is where card registers earn their keep. The leaver’s open issuance is right there on their record: collect the card, log the return, then deactivate in the access system - and date both actions. If the card is not returned, the register says so explicitly instead of letting the question evaporate.
Lost cards follow the same two-track logic. Mark the card lost in the register (keeping holder and history), deactivate it in the access system, and note the access profile it carried so the security review knows what it could have opened. Over time, the loss records show patterns - a site, a team or a card type that loses far more than the rest - which is information a pile of deactivations alone will never give you. The same recover-then-revoke habit applies to key fobs, which tend to be even easier to lose than cards.
Auditing cards and blank stock
The audit is a reconciliation between two lists: the access system’s active cards and the register’s named holders. Run it quarterly or at least twice a year. Every active card should map to a current person with a logged issuance; everything else is a finding - an orphaned active card, a holder who left, a temp card that became permanent by inertia. Count the blank stock in the same session and log the number; blanks are cheap, but unexplained shrinkage in security stock is never a comfortable line in an audit report.
Where a register beats a spreadsheet
Most card registers start as a spreadsheet next to the badge printer, and most fail the same way: issuance happens at reception in thirty seconds, the sheet is on someone else’s drive, and the row never gets written. A register that depends on a second, later step always loses to the pace of the front desk - the broader pattern is laid out in why spreadsheets fail for asset tracking.
An asset management tool like AMPthilly makes the record part of the hand-over: each card is an asset with its numbers, type, profile and holder; issues and returns are timestamped check-out and check-in events with the full history kept; status plus condition notes and custom fields can record the awkward truth-states like lost-but-deactivated; and the audit trail shows who issued what, when, for every card in the estate. The free plan covers 3 users and 25 assets with no card required - enough to put a visitor and contractor card pool under real control before spending anything.
FAQ
How do I keep track of employee access cards? A register holding both card numbers, holder, profile and dates - with issuance as a check-out, return as a check-in, and the access system handling permissions alongside.
Is deactivating a lost card enough? For the doors, yes; for card control, no. Log the loss, the holder and the deactivation in the register, or your card population becomes unknowable.
Should temporary and visitor cards be tracked differently? Same register, tighter rules: always a named holder, always a return due date, and a morning glance at the overdue list.
How often should access cards be audited? Quarterly if possible, twice a year minimum: reconcile the access system’s active cards against the register’s holders, and count blank stock while you are at it.
What is the difference between the access control system and a card register? Permissions versus custody. The system knows what a card can open; the register knows where the card is, who got it, and what happened to it.
The takeaway
Access cards sit in a blind spot: the software that makes them powerful has no idea where they physically are. A card register fixes that with four habits - record both card numbers at issue, give every card a named holder and a status, keep recovery separate from deactivation, and reconcile against the access system on a schedule. Do that, and “how many active cards exist and who holds them?” becomes a report, not an investigation.