What must visitors do with their badge or identification when leaving the facility or when it expires?

• A. Surrender the badge or identification before leaving the facility or at expiration.
• B. Keep the badge visible at all times while inside the facility.
• C. Return the badge only on the next business day.
• D. Place the badge in the security bin for later pickup.

Answer: (A)

Controlling physical access requires promptly revoking credentials when they’re no longer valid. When a visitor leaves the facility or their badge expires, surrendering the badge ensures the access control system can deactivate that credential immediately and update the visitor log. This prevents the badge from being reused to gain entry, keeps records accurate, and reduces the risk of unauthorized access to sensitive areas, such as the cardholder data environment. Keeping the badge visible inside the facility, returning it later, or placing it in a bin for pickup could allow continued or unauthorized access and leaving expired credentials active.