How I unified a fragmented access control system across Singapore military bases

OUTCOME

+36%

Check in/out completion rate

USABILITY TESTING

8

Military personnel

As of Mid-2025

1,172

Monthly active users

Context

Military bases in Singapore were running a hybrid visitor management system: digital check-in at the perimeter, paper logbooks inside critical zones. Two systems, no unified record.

Problem

The fragmented system created compliance gaps no one owned. When auditors found incomplete records, accountability traced back to escort officers, who had no system authority to close the loop.

What I Did

I reframed the problem from a usability issue to an accountability model failure, redesigning the system around escort officers by giving them real-time visibility into visitor status and direct authority to manage check-ins and check-outs.

Outcome

36% increase in check-in/check-out completion. Auto-checkout removed. 1,172 monthly active users as of mid-2025. Units who onboarded SwiftEntry never saw paper logbooks in the light.

A patchwork of access policies had outgrown the ability to govern

Business Problem

Version 1 of the digital visitor management system was never a clean break from paper. Digital check-in worked at the perimeter and safe zones, but each zone had different device constraints. In caution zones, visitors stored phones in lockers while escorts retained theirs. In critical zones, no devices were permitted inside, so records fell back on paper logbooks. Check-in had to happen at the entrance outside critical zones, with a consistent 5–10 minute gap before physical arrival at the worksite.

The result? Two records per visit. Neither could verify the other.

Audit records were often half-digital, half-handwritten, and impossible to verify cleanly until a bi-annual audit. Log discrepancies weren’t edge cases: they were the norm, given the broken structure.

Incomplete records weren’t just an administrative failure. Under military law, they exposed individual officers to liability. It wasn’t a formal warning, but a conviction that follows a career.

What The System Needed To Do

More than go digital. It needed to produce a single, tamper-resistant record that could withstand an audit — across all three security zones.

Safe zones: All parties carry phones. Full digital flow possible. No compliance gap.
Caution zones: Visitor stores phone, escort carries device. Visitor self-service degraded. Escort-assisted flow essential.
Critical zones: No phones for either party, check-in must occur at the entrance. Paper logbook inside, digital record outside. No reconciliation.

Meet David, a lieutenant in the armed forces

Escorting is extra duty on top of his main role: something he’s taking on with a promotion still years away. Every formal inquiry goes on his service transcript. In a promotion system this competitive, that’s enough.

An IT contractor arrives to service the server room
David ensures that he checks in. Contractor deposits his phone in a locker outside the critical zone. David deposits his too.
5–10 minutes on foot to the server room in critical zone
Once entered, David signs the logbook by hand, same applies for the contractor. A second record, separate from the digital one at the entrance.
Work is done. Departure from premise
The contractor signs out, on paper, retrieves his phone, gets on a call. He waves and heads to the car. He never checked out. The digital record shows him still inside.
Auto-checkout fires at 11:59 PM
The system replaces the incomplete record with a timestamp showing the contractor leaving a secured server room at midnight. The record is no longer incomplete, it's just wrong.
Six months later, an auditor flags it
David faces a formal inquiry. Extra duties at minimum, still enough to leave a mark on his service transcript. For a LTA scheduled to be on promotion, it doesn't take much to fall behind.

Stop designing for visitors. Design for David

Reframing The Problem

The brief asked for better checkout reminders for visitors. Field research showed that wasn’t the problem. Incomplete checkouts happened at predictable moments: end of shift, low connectivity, multiple contractors at once. A nudge wouldn’t fix a structural gap.

The Deeper Issue

The system had assigned accountability to visitors, but in the physical world, David already owned everything. Who entered. Which rooms. When work was done. The system just hadn’t caught up.

The Reframe

Match system authority to real-world responsibility. Give escort officers the tools to do what they were already accountable for.

Unify the check-in record

Eliminated the split between perimeter QR and critical-zone logbooks. One digital record across all security zones, producible on demand for any audit.

Give David a dashboard

Escort officers gained real-time visibility into every visitor’s check-in status, and direct authority to check visitors out on their behalf. System authority finally matched physical authority.

Remove auto-checkout

Rather than patch a safeguard that was generating false records, argued for removing it entirely. Escort officers weren’t passive: they were already managing access. They needed tools, not workarounds.

The most significant outcome wasn't a metric change. It was a model change

Escort officers, previously accountable for outcomes they couldn’t influence, became active operators with genuine system authority. In testing, the transfer was accepted without friction. It felt natural because in the physical world, they’d always owned it. The system had just never reflected that.

100%

Task completion across all scenarios

5

Military personnel across moderated sessions

8-10

Ratings out of 10 for ease of use

Auto-checkout was removed and never reinstated

Hybrid paper/digital system was slowly phased out. As of mid-2025, the system remains in active use as 1,305 users onboarded, no reversion to paper logs.

“Good in some sense that you can help to check out for your visitors."

Keen to find out more? Let's talk.

Back to Home

Page updated

Report abuse