Ask a property manager who entered the building's riser rooms last month and you will usually get one of three answers: a shrug, a guess, or a stack of paper sign-in sheets that a motivated person could have skipped entirely.
It seems like a small question. It is actually the foundational question of infrastructure governance, because everything else, damage disputes, outage forensics, security, code compliance, depends on being able to answer it.
Why the question is hard
Riser rooms are shared spaces with distributed keys. Building engineers have access. The riser management vendor has access. Carriers have been given codes "temporarily" that never expired. Tenant IT vendors get let in by whoever is nearby. Each individual decision was reasonable; the accumulated result is a critical space with no meaningful access record.
What it costs you
The bill arrives in specific moments:
- The disconnected circuit. A tenant's service dies at 2 PM on a Tuesday. Somebody unplugged something. With no access record, you cannot establish who was in the room, so the building absorbs the blame, the repair cost, and the tenant relationship damage.
- The damage dispute. A vendor working for tenant A damages fiber serving tenant B. Both deny it. Without records, there is no accountability, and "the building should have controlled access" becomes the legal theory everyone can agree on.
- The security event. Telecom spaces are attack surface. Social engineers impersonate carrier technicians precisely because buildings rarely verify them. If your access record cannot distinguish a legitimate visit from an illegitimate one, neither can your incident response.
What a real answer looks like
A governed building answers the question in minutes, with evidence: every entry tied to an approved access request, every request tied to a tenant, suite, and scope of work, every technician verified against the dispatching company, and photos documenting conditions before and after. Not because the building bought expensive technology, but because it adopted a discipline: no undocumented access to infrastructure spaces, ever.
That discipline is the difference between riser management as gatekeeping and riser management as governance. If your current program cannot produce last month's access history on request, you do not have a governance program; you have a doorman.