Showing posts with label Access Card. Show all posts
Showing posts with label Access Card. Show all posts

Thursday, August 15, 2024

3 Cybersecurity Steps to Reduce Threats to your Electrical System

 3 Cybersecurity Steps to Reduce Threats to your Electrical System

When anyone mentions cybersecurity, you may automatically think they are referring to IT systems. That is because protecting IT networks – and their associated personal, financial, and other proprietary data – has been the responsibility of IT professionals for an exceptionally long time. But what about your operational technology (OT) infrastructures? Are they also at risk from cyberattacks? How can you protect them? In this post, we’ll discuss these questions, and three specific recommendations for protecting your electrical systems.

The electricity subsector cybersecurity Risk Management Process (RMP) guideline was developed by the Department of Energy (DOE), in collaboration with the National Institute of Standards and Technology (NIST) and the North American Electric Reliability Corporation (NERC).

OT Cyberattacks: An Increasing Threat

The Ponemon Institute emphatically states that, “Cyberattacks are relentless and continuous against OT environments.” In a survey of over 700 organizations from six countries they found that 50 percent had experienced a cyberattack against their OT infrastructure within the last two years that resulted in downtime. For large and critical operations, this can be devastating.

All you need to do is follow the news to see frequent examples of such attacks. For example, in early 2021, the fast action of a technician narrowly avoided the risk of thousands of people being poisoned due to a hacker gaining access to a Florida city’s water treatment plant. Going back a few years, a breach that came through the HVAC system caused international retailer Target to have 40 million credit and debit card accounts compromised, costing them $290 million.

 

The latter example is just one of many that show why building systems are now widely recognized as OT attack targets. The evolution toward smarter buildings is causing an explosion in the numbers of connected devices – already an estimated 200+ million in commercial buildings alone. With more devices comes more data that needs to be protected, but for facility and business management teams to extract the maximum value, data must be aggregated and shared across OT and IT systems.

This OT/IT interconnection means that a cyberattack on an OT system can:

·        Compromise operational safety or the health of building occupants

·        Impact productivity by taking down production lines or other equipment and processes; more about the relationship between Cybersecurity and Productivity.

·        Ultimately cause an IT threat by passing malware or a virus from the OT to IT infrastructure

The Attack Surface is Now Larger

Essentially, connected OT infrastructures have increased the ‘attack surface’ for hackers and, in many cases, have acted as an organization’s Achilles heel. Clearly, it is not enough anymore to focus attention only on protecting IT and data systems integrity. All organizations must ensure strong OT cybersecurity is in place.

But what OT systems are we talking about? Depending on your type of operation, these can include industrial automation systems (e.g. SCADA) and smart building systems like a building management system (BMS), building security, lighting systems, and the energy and power management system (EPMS) overseeing your facility’s electrical distribution. Navigant Research notes, “Cybersecurity issues are expected to grow in tandem with the digital transformation of real estate through intelligent building technologies.”

In this post, we will consider cybersecurity specifically for your EPMS and electrical distribution system. However, these recommendations and practices equally apply to other OT systems.

Connected Power Means Greater Vulnerability

Energy and power management systems are helping organizations boost efficiency and sustainability, optimize operating costs, maximize uptime, and get better performance and longevity from electrical assets. When combined with BMS, an EPMS can also help make the work environment healthier and more productive for occupants.

Enabling these EPMS benefits is a connected network of smart metering, analysis, control, and protection devices that share data continuously with onsite and/or cloud-based EPMS applications. The application provides extensive monitoring and analytics while providing mobile access to data and alerts to all facility stakeholders. Connection to the cloud also opens the door to expert power and asset advisory support that can augment a facility’s onsite team with 24/7 monitoring, predictive maintenance, energy management, and other services.

All these onsite, cloud, and mobile connections offer a potential target and entry for hackers so you can read our facility managers guide to building systems and cybersecurity.

 

Securing Your Electrical System: A Holistic Approach

A hacker only needs to find one ‘hole’ in one system, at one point of time, to be successful. What you need is a holistic approach to ensure that all potential vulnerabilities are secured. For new buildings, cybersecurity best practices should be a part of the design of all OT systems. For existing buildings, cybersecurity should be addressed when OT systems are starting to be digitized. For both scenarios, the following are three key considerations:

1. Seek Specialized, Expert Assistance

The priorities for IT systems are confidentiality, integrity, and availability. For OT, the top priorities are safety, resilience, and confidentiality. This means that OT security upgrades or problems need to be addressed in a different way from IT, with careful planning and procedures. For these reasons, you need to choose a cybersecurity partner who has proper OT experience, to help you comply with all relevant cybersecurity standards and best practices.

OT systems also use different communication protocols compared to IT systems, such as BACNet, Modbus, etc. If you had your IT team attempt to perform OT security system scans, those scanning tools might cause serious conflicts, risking an OT system shutdown.

Cyberthreats are also constantly evolving, so you should seek a partner who offers ongoing OT monitoring services, updates, system maintenance, and incident response. All of these should be available remotely.

2. Put the Right Controls in Place

An OT cybersecurity specialist will help audit your EPMS and electrical systems to assess the current vulnerabilities and risks, including the gaps in any procedures and protocols.

You and the specialist must determine how secure your electrical system needs to be. The IEC 62443 standard helps protect IoT-enabled OT systems by defining seven foundational requirements (e.g. access control, use control, availability, response, etc.), each of which are designated a security level. Increased security levels offer greater protection against more sophisticated attacks. Your cybersecurity partner will help you determine the level of security you need for each requirement.

An example of one technique for securing networked systems is to break up systems into ‘zones,’ with each secured individually. OT will be separated from IT, and within OT there may be further segregation. A special ‘demilitarized’ zone is typically included, which is a perimeter subnetwork that sits between the public and private networks for an added layer of security. This makes it harder for hackers to find a way in from one system or zone to another. Where required, connections between networks are provided by specially secured data ‘conduits.’

Your electrical system should also be physically secured, with no access by unauthorized personnel. This same strategy applies to EPMS communications network security by means of controlled, multi-tiered permission-based access.

3. Train your Staff

Many cyberattacks are successful because employees have caused unintended errors. It is important that your people become aware of, and vigilant against, cyberthreats. This includes giving your operations team specialized OT cybersecurity training.

This training will typically include multiple steps, including training all individuals to spot social engineering cues, such as phishing attempts or attempts to access protected areas using pretexting (i.e. someone pretending to be a vendor to gain access). This will also include establishing protocols around the use of passwords, multi-factor authorization, policies around WiFi access (e.g., guest network that remains isolated from OT networks), regular auditing of user accounts and permissions, etc.

While the horizontal cybersecurity framework provides a solid basis, specific characteristics of the energy sector such as the need for fast reaction, risks of cascading effects and the need to combine new digital technology with older technologies necessitate specific legislation.

Thanks to Felix Ramos & Khaled Fakhuri to write this article.


Tuesday, August 1, 2023

IoT - How it Works in Access Control

Internet of Things - How it Works in Access Control 

The "Internet of Things" precisely known as IoT is an integrated network of intelligent computing devices connected through the internet to communicate with each other without any human interference.

What is IoT?

The Internet of Things (IoT) is a technological concept of connecting multiple devices that have the possibility of switching on and off the web in order to use software and automation processes for smart living. IoT is an innovation that changes the way we organize our lives at home and at work, as well as the way we move and use transportation means and manage industrial machinery. Any object, even people, in terms of smartphones and wearables, can be a part of the IoT grid.

The IoT is not limited to computers or other most common devices used for web connections. It’s typical to expect a desktop, a tablet, and a mobile to find their place in the IoT, but the concept encompasses way more. For example, smart vehicles, whose navigation systems depend on a computer dashboard connected to the web can be part of the Internet of Things. Any equipment that can support the smart sensor technology is viable for the IoT environment.

It’s not too difficult to imagine how the IoT grid is and how it will be transforming our workplaces. The Internet of Things at work enables smart buildings that automate business processes and improve security. In a way, IoT office solutions are a bridge from the physical to the virtual workplace.

Taking the physical information and transforming it into virtual data via IoT sensors results in the ability to manage many processes from anything that has a computer processor. Although we haven’t exhausted all IoT ideas for offices, many organizations have benefited from accepting the basics of the concept, creating smart lighting and aircon systems, as well as smart access control systems.

The access control mechanisms restrict unauthorized users from accessing the system by introducing appropriate mechanisms. Data sharing is the process of exchanging information among IIoT users. The access control and data sharing strict the legitimate users can only exchange their data. The access control defines which type of users can access the information of the particular IIoT system and is permitted to perform the control activities.

Internet of Things Ecosystem

IoT is a new concept of integrated network of different kinds of computing devices in the field of information technology. It is based on the IP network in which every individual machine used in manufacturing, security, transportation, and other fields of our day-to-day life is assigned a unique IP to communicate with each other.

Every machine/device is connected with the related sensors, which trigger the control system to issue instructions to a particular machine for some action to perform automatically. This network can communicate through both wireless and wired internet connectivity.

How is IoT used in access control system?

Internet of things is a backbone of modern IoT access control system commonly known as intelligent door locking systems. In this system, every lock, lock access controller, card reader and other associated devices are assigned a separate IP address, which is used for communication among the devices.

In a single building, all those intelligent machines are normally connected through wireless networks to their consolidated management software or mobile application. These applications can be configured for automatic as well as manual operation of different locks and controllers. The security alerts and notifications can also be configured to receive on mobile apps in real time.

Each device/machine is configured for its operating conditions, criteria, sensitivity and authority in core management control software, which is used as controller of the entire system. A duplicate control of this system is used as a mobile app on your mobile devices too; you can receive the status of your access system and you can also issue instructions from your app. Any malicious activity in your access system generates an alert and detailed notification on your mobile app or main management software controller.

What products use it?

Internet of things is used by thousands of types of products in general and almost all parts of the IoT security system commonly used in modern buildings. In access control, intelligent lockscard readerskeypads and other related devices use the technology behind the concept of the internet of things.

Every authorized mobile device also uses its unique IP address in the network to get an access into the main controller for using the intelligent locking system. The main server also has a unique IP address to establish iot communication among the components of entire IoT access control ecosystem.

Advantages of IoT in Access Control

The main benefits of using IoT security system based on IoT include:

- Fully integrated and highly intelligent system

- Accessible from anywhere around the world

- Capabilities to configure for different level authorities

- Can be used for both automatic and manual operations

- Easy to track the records of events

- A comprehensive approach towards secure life

Disadvantages of IoT in Access Control

The main disadvantages of using IoT access control system include:

- Certain hacking and security related issues still persist

- Not so mature technology

- Complex and costly

The nodes maintain an access control list that includes information about IoT devices, users, and associated access levels. Generally, the IIoT is formed using a group of embedded devices like sensors, cameras, and actuators to achieve a specific task. Designing access control and data sharing in such environments are very challenging owing to limited resources and heterogeneity. Context awareness, inter-domain operation, privacy assurance, resource efficiency, manageability, and accountability are some of the requirements of IIoT access control. The access control strategies are categorized into rule-based, capability-based, user control, and attribute-based.

The phrase “knowledge is power” has been taken to a whole new level by IoT technology that has been adapted in diverse areas. Governments have implemented the use of IoT devices in their activity processes such as the use of military drones while IoT devices are used by healthcare facilities and hospitals to provide high-quality healthcare services.

While smartphone and computers have been around for a long time, IoT is a relatively new phenomenon. Therefore, manufacturers and software developers have had sufficient time to address the susceptibilities pertaining to their data breach. IoT devices, alternatively, are extremely useful and come with various capabilities. Manufacturers still encounter problems such as dearth of passable hardware that is strong enough to examine and encode data yet trivial enough to fit inside the restricted space. Cybercriminals can access your home Wi-Fi network through such indiscreet devices and use the opportunity to watch your home surveillance camera to carry out a crime.

The fundamental purpose of implementing IoT devices across numerous segments is to create a completely cohesive smart city. With this integration, any device used in a manufacturing industry can link to another being used by government organizations, healthcare providers, trades or even one’s home network. Nevertheless, the law is yet to formulate privacy protection laws that cover all weaknesses across the different sectors. Cybercriminals continue to take advantage of this shortcoming, which results in the loss of revenue already invested into the project.

How to secure IoT networks

Here are some of the steps that can boost the security of your IoT network.

Know your IoT network

The first measure to take to enhanced security is to recognize and learn what you have and what needs to be protected. While it may appear one of the initial and basic steps, many companies tend to ignore this. Having an appropriate list of what’s on your IoT network and updating it frequently is key to security in any IoT network.

An IoT network usually comprises numerous devices and any of these devices can be used as a source to upset an entire IoT network. Organizations should focus on fixing the fundamentals to face the mounting cyber-risks in IoT.

IoT network security architecture

Most of the normally used surveillance devices barely support the wireless network security standards such as WPA2 or WPA3, which makes them highly vulnerable, capable of easily falling into the hands of hackers. Companies find upgradation of all these devices extremely expensive, so they should think about redesigning their network security architecture.

Divide the responsibility

One of the main problems with IoT security is that businesses often end up with security flaws since they have too much to achieve. Organizations that have their own IoT network characteristically purchase or hire paraphernalia and services from numerous services or device providers. Because IoT has to do with all these devices working together in a network, this medley of equipment can open up numerous holes that can be used to disrupt the system.

Setting up one-way connections

Setting up one-way connections is very important in an IoT network. If the endpoints in an IoT network have more privileges, cybercriminals can exploit them for cyberattacks. With the rise in the number of devices being a part of the IoT, the surface area for the invaders to attack is also increasing. Hence, businesses should restrict the skills of these IoT devices for security motives. Frequently, IoT devices are arranged in a way that they can start network connections by themselves. Although this provides much flexibility and other benefits, it can also lead to numerous security problems. By applying the exercise that all IoT devices are able to stay linked or start connections only using network firewalls and access lists will guarantee better safety.


Tuesday, December 1, 2020

Hands-Free Upgrade of Access Control System

Hands-Free Upgrade of Access Control System 

Access control systems also let employers restrict the locations each employee can enter, setting levels of security to balance their workers' safety and convenience. When an employee leaves the company, their credentials can simply be deactivated to prevent them from gaining unauthorized access. With access control security, you know who enters your business, when they enter and what door they use. These systems also include analytics that allow you to track where your employees are. In addition, they allow you to section off rooms or areas to authorized employees and receive reports of suspicious activity, such as if someone tries to enter an area where they don't belong. 
Social Distancing is the new norm of life and need to be practiced across the daily paths. While the governing authorities work for developing solutions to take care of human life, it is essential for various establishments to work out their own precautionary measurements to create safe and risk-free environment. Wireless access control systems are fast and easy to install. They save time and money for sites that have hard-to-wire buildings, remote gates and elevator applications. Addressing COVID-19 Concerns by Upgrading Existing or Non-Existing Access Control System to Hands-Free Wireless access control with non-Chinese factory product. 
Several companies have entered the mobile access card market, but they have not set up a meaningful product solution stream until 2019. In 2020, forecasts show that the mobile access card market will grow far more rapidly. Reviewing new entries into the market allows identification of the latest products that provide improving solutions to compatibility and speed problems.

How long before your phone replaces your access credentials at work? Mobile devices are everywhere. Number of mobile phone users alone was forecast to reach over 4.7 billion this year, with more than 60% of the world’s population already owning a mobile phone.  Smartphones have already begun to replace traditional lock-and-key setups in the home, and with the business world continuing to move in a more smartphone focused direction, a world where you tap your phone to gain access to your office probably isn’t too far off. The technology already exists, but implementation is not without its hurdles. While generally outweighed by the benefits, there are several potential challenges when it comes to using your Smartphone as a credential. Smartphone have become ubiquitous, but cards and FOBs are still cheaper to produce. Even though users are likely to have their phone on them constantly, access badges usually include a picture and are always meant to be visible. Still, as the technology improves, it’s likely that Smartphone verification is going to become more prevalent. One application that we’re seeing growth in is for mobile-enabled workforces to use smartphones and mobile devices as keys to gain access to secured buildings, rooms and areas. As this trend becomes more commonplace, it’s worth weighing the pros and cons.

 

Mobile Benefits

Firstly, let’s look at the benefit of using your smart phone as access credentials for your building.

  • ·  Smartphones are more secure than traditional access cards or FOBs. With the introduction of biometrics in modern smart phones (fingerprint sensors and face ID), even though someone might be able to get their hands on someone else’s phone, it’s no guarantee that they’ll be able to unlock it.
  • ·     Smartphone-based credentials are very difficult to clone.
  • ·  Smartphone-based implementations can reduce installation costs by leveraging an asset that everyone is already carrying around with them.
  • ·    Smartphone credentials are capable of much more than traditional card-based systems. Smart phones are capable of Multi-Factor Authentication (MFA), location awareness, mass notifications, and revocation can be done remotely.
  • ·      HR should be thrilled with a smartphone app-based access control system, as much less time will be needed to set up and issue credentials than issuing new keys and cards or replacing them. 

Finally, if you choose a provider who has created a secure app with credential storage in a secure cloud or location other than the phone, the security is even greater. Biometrics (the use of fingerprints) can even be used to access the key, since smartphones now include that capability. 

Essentially, even if someone did manage to steal the phone and crack the pin to open it, they would still need the proper information (or fingertips) to open up the app and access the key. 

A strong app will also have deep levels of encryption that will prevent the Bluetooth signal from simply being copied and replayed to open the lock.

Potential Challenges

Of course, as new technology emerges, there will be pushback. This isn’t a bad thing as it forces developers to overcome roadblocks to make systems as secure as possible. The difficulty comes from separating valid objections from merely an aversion to change. Going forward, the biggest issues with mobile credentials are:
·       Physical return of credentials. When someone parts ways with an employer, a physical access card or FOB would be collected. With a smart phone-based system (especially in a case where employees are bringing their own devices) this is obviously problematic. You can’t ask an employee to turn in their. The only solution to this problem is to ensure that your protocol for remotely disabling credentials is foolproof. If it is, this issue becomes a benefit, as you can revoke credentials at any time. Forgetting to have a card turned in or encountering any resistance from an employee is no longer a factor.
·   
Lack of a picture ID. With many physical access cards, a photo of the employee will be added as a second form visual verification. These cards are often clipped to an employee’s shirt or belt making it visible at all times and allowing people to identify them immediately. Phones are generally kept in pockets and would only be brought out at an access point. This issue’s importance will vary based on your business’ level of sensitivity when it comes to your assets or people. Additionally, all modern access control systems allow for a head shot to appear when credentials are presented to a reader. If a picture has been taken of the employee, and someone is present to identify them, they can verify that the person who presented the card or phone is the proper individual. It’s even possible to speak with the person in video which will allow for facial recognition with CCTV integration with the access control software.

One reason for the high expected growth for usage of smartphones as digital access control keys is that mobile technology is already widely used for identification, authentication, authorization and accountability in computer information systems. Another reason is that using mobile devices as keys aligns perfectly with the mobile-first preferences of today’s workforces. Using mobile devices as keys not only delivers a convenient user-experience. It also helps boost operational efficiency and satisfaction of today’s mobile-enabled workforces. As important, it represents a more cost-effective, simpler way for companies to manage identification credentials as it eliminates numerous manual tasks related to handling, printing, distributing and disposing of physical identity badges.

When all is said and done, one of the biggest benefits that those who choose to implement mobile credentials will see is lower installation costs. The SIA points out that “A smartphone credential adds significant functionality over a traditional credential and is always upgradeable to add new capabilities – all for the same cost, or less…Also, users do not require a reader to enter a door, so enterprises can eliminate readers on most doors to keep the entrance looking clean and to reduce installation costs.” When you couple this with the other benefits of mobile credentials, it becomes clear that this will more than likely become the preferred method of access control for most workplaces in the near future.


ASSA ABLOY, Suprema being a pioneer in multiple doors opening and access controlling technology, provides such critical solutions suitable for wide segments of commercial spaces. With easy and safe access for authorized personal, without compromising on the security needs of the organizations, the contactless access readers and exit switches for sliding and swinging door operators. 

Aperio is first Wireless Online Access Control technology that enables mechanical locks to be wirelessly linked to an existing access control system. In terms of formats, three common methods of mobile credentials are used in access:

  • BLE (Bluetooth Low Energy)
  • NFC (Near Field Communication)
  • App Based Credentials

‘Mobile access cards’ is one of the terminologies that everyone has been talking about. RF cards used for access security are being integrated into smartphones just as digital cameras and MP3s were in the past. While people might forget their access cards at home in the morning, they seldom forget their smartphones. Using smartphones for access control increases entry access reliability and convenience.

Structurally which method is used makes a big difference for overall mobile access performance. In general, access manufacturer data sheets will detail which/how many methods are available with their product, with each method having different limitations and benefits.

The breakdown below shows the major differences between types:

For example, notice the difference in Range between the three formats. While NFC range is short (typically less than 9 inches), the range for BLE is longer at ~150 feet, while App systems essentially have ranges only limited by Wi-Fi and cellular connectivity.
In other cases, which method is used impacts reliability too. For example, with HID Mobile, using BLE is less reliable for connecting to the reader than NFC, and because different phone types may limit which method is options used, overall user experience is often determined by which mobile access method they use.
Another valuable aspect of mobile credential is that it makes it possible to issue or reclaim cards without face-to-face interaction. Under existing access security systems, cards must be issued in person. Since card issuance implies access rights, the recipient’s identification must be confirmed first before enabling the card and once the card has been issued, it cannot be retracted without another separate face-to-face interaction. In contrast, mobile access cards are designed to transfer authority safely to the user's smartphone based on TLS. In this way, credentials can be safely managed with authenticated users without face-to-face interaction.
Mobile cards can be used not only at the sites with a large number of visitors or when managing access for an unspecified number of visitors, but also at the places like shared offices, kitchens and gyms, currently used as smart access control systems in shared economy markets.
The market share of mobile access cards today is low even though the capability can offer real benefits to users and markets. While the access control market itself is slow-moving, there are also practical problems that limit the adoption of new technologies like mobile access cards.

The first problem is usability: compatibility and speed.
While NFC could be an important technology for mobile credential that is available today on virtually all smartphones, differences in implementation and data handling processes from various vendors prevents universal deployment of a single solution to all devices currently on the market.
 
Accordingly, Bluetooth Low Energy (BLE) has been considered as an alternative to NFC. Bluetooth is a technology that has been applied to smartphones for a long time, and its usage and interface are unified, so there are no compatibility problems however, speed becomes the main problem. The authentication speed of BLE mobile access card products provided by major companies is slower than that of existing cards.
The second problem is that mobile access cards must be accompanied by a supply of compatible card readers. In order to use mobile access cards, readers need to be updated but this is not a simple task in the access control market. For 13.56 MHz smart cards (which were designed to replace 125 kHz cards), it has taken 20 years since the standard was established but only about half of all 25 kHz cards have been replaced so far. Legacy compatibility and the need for equivalent performance, even with additional benefits, will drive adoption timing for the Access Control market.

While BLE technology helps resolve the compatibility problem of mobile access cards, we can identify some breakthroughs that can solve the speed problem. Authentication speed is being continuously improved using BLE's GAP layer and GATT layers, and new products with these improvements are now released in the market.

Making use of key improvements allows Suprema's mobile access card to exhibit an authentication speed of less than 0.5 seconds providing equivalent performance to that of card-based authentication.

MOCA System's AirFob Patch addresses the need for technological improvements in the access control market in a direct, cost effective, and reliable way – by offering the ability to add high-performance BLE to existing card readers – enabling them to read BLE smartphone data by applying a small adhesive patch approximately the size of a coin.
 
This innovative breakthrough applies energy harvesting technology, generating energy from the RF field emitted by the existing RF reader – then converting the data received via BLE back into RF – and delivering it to the reader.
 
By adding the ability to use BLE on virtually any existing RF card reading device, MOCA allows greater ability for partners and end users to deploy a technologically-stable, high performance access control mobile credential solution to their employees, using devices they already own and are familiar with. Adding MOCA AirFob Patch eliminates the need to buy and install updated readers simply to take advantage of mobile credential, lowering costs and risks, and increasing employee confidence and convenience.


Sunday, June 30, 2019

System Integrators tips to win Sales Proposals for New Access Control Systems

System Integrator tips to win Sales Proposals for New Access Control Systems

Access control provides the ability to control, monitor and restrict the movement of people, assets or vehicles, in, out and round a building or site. It is only a matter of time before you receive the highest compliment from one of your customers when they say: “We need a completely new access control system, and we want you to design and implement it.”

Any security systems integrator (Security Safety Automation Integrate - SSA Integrate) who has ever worked on an “enterprise-level” access control project will tell you it is not just standard access control, only larger. There are a host of requirements, challenges and issues that come with true enterprise access control.


Today’s enterprise-level projects are more complex than ever, with an emphasis on integration with not only other security systems such as video, but also Active Directory, building control and even beyond — in some cases going to PSIM-level integration. Technologies such as mobile credentialing, PoE and convergence have all to greatly impact this space in recent years, requiring more technical expertise than ever before on the part of the security systems integrator. I am always with you, in case of any designing issue / guide is required, just give me a mail – I work for smarter & safer future – Arindam Bhadra.

Now I share some Checklist to win sales proposal for New Access Control Systems. If you approach it methodically, you can reduce error and ensure that your customer gets the exact system they require.
Questions to ask include:
• What is the short-, mid- and long- range vision for the access control system? Is it based on open standards, like 802.11b/g or 802.3af, for the most affordable infrastructure? Is it scalable enough to support possible mergers and acquisitions?
• What type of Access Card / credential(s) will be used? How many are issued? What type of format will be used, and can it support a projected card-holder population? Is it controlled to ensure there are no duplicate IDs?
• What investment has already been made? Is the current system upgradeable? Or completely new.
• What assets does the end-user have, and what value do these assets have in relation to the operation or business? These range from physical assets like computers to patient records, employee records and client data.

Observe the End-User
Essentially, the integrator should be trying to find out about the culture at the end-user’s location. It can range from an open, accommodating environment, to one with strict and limiting access controls. There will always be a conflict between convenience and security — the challenge is to create procedures and rules that balance these disparate goals.
Did you observe the employees holding doors open for each other? If so, how are they able to verify their current employment status? Did they open the door for persons carrying large packages?

If so, did they check their IDs? Did visitors sign in at the reception desk? Did they wear ID badges? Were they escorted by staff members? Did students have a habit of leaving their rooms unsecure? If so, what sort of liabilities fall on school administration if a theft occurs and they knowingly allowed that practice to continue?
Conduct a Site Survey and Security Audit
Walking through a customer’s facilities can be invaluable when developing a comprehensive access control plan. Here are a few things to look for:
• Mechanical Security: If the openings are not mechanically secure, any additional funds spent on electronic access control are wasted. The following must be addressed before moving forward on an advanced access control system: Are the doors, frames, and hinges in good condition? Are they rugged enough for the application and durable enough for the traffic? Are the frames mortar-filled?
> What key system is in use? Is it a patented, high-security type? How often are locks re-cored? How many master keys have been issued? Have any been lost? How easy is it to reproduce the keys?
> Is there accommodation for the handicapped to ensure compliance with the Local Act?
> Are cross-corridor fire doors in place? Do they have magnetic door holders tied to the fire system?
• Identify the Threat: Consider the enduser’s surroundings: Have you noticed any evidence of gang activity? Have you noticed an increase in shuttered businesses?
If so, perhaps an increase in perimeter security is in order, potentially including increased lighting, cameras and gated access.
• Evaluate the Facility(s): This will help you identify product options. How old is the building? Does it have architectural or historical significance? How thick are the walls? Was asbestos used as an insulating material? If so, it may be difficult and costly to install conventional, wired access control devices. Perhaps a WiFi solution will be a good alternative.
• Identify Assets and Value: Many consider assets to be tangible items that can be sold for quick cash. But assets include anything that someone might want to steal or destroy, and vary among end-users. The important thing is to put a price tag on the loss of the asset, plus the cost of lost productivity and potential liability that could result.

Get the Technical Details
For each opening requiring access control, you’ll need the following details to ensure you order the right product for the given application:
• Does the door swing in or out? Is it leftor right-handed?
• What’s the finish of the existing hardware? What’s the lever style? Would the end-user prefer a more modern look?
• How is each door expected to operate? Ensure that an operational narrative is written for each opening that covers the following conditions, and have the customer sign off on it. This should include: normal state; authorized/unauthorized access and egress; monitoring and signaling; and power failure, fire alarm and mechanical operation.
• Determine where to place access control equipment. This could be an IT closets, server rooms, administrators’ offices or under BMS Room. Make sure your staff will have access for installation, and later for service and maintenance. Also, make sure there is enough space on the wall to mount access control panels, interface modules and power supplies.
• Determine network coverage. Are IP drops where you need them? Is there sufficient WiFi coverage where you need it should you opt for WiFi locksets?

Validate the Security Requirements
Different applications and clients have differing security requirements. Verify these needs with the end-user before starting the system design; otherwise, you could be in for a lot of extra work. The following considerations should be factored into an overall access control plan, as they have a direct impact on product selection and system configuration:
• Lockdown: Is lockdown capability needed in the interior or just the exterior — or at all?
• Real Time: Is real-time communications to the access control system a critical requirement? Perhaps it is for perimeter doors, but what about interior doors?
• Monitoring Requirements: How much monitoring does the end-user need? In most cases, a door position switch will suffice; however, some clients want to know that the door is both closed AND secured — these are not necessarily the same thing.
• Audit Trail Requirements: How important is it to know who and when someone
entered a building or room? For code compliance, this feature is always mandatory, such as accessing computer rooms, personnel records and patient records; however, some companies use audit trail reports to validate employee activity.
• High-Security and Classified Areas: For increased security, there are several options. Is multi-factor authentication a requirement, such as card and PIN or even a biometric verification? Should there be a two-man rule?
• Special Considerations: Some areas, require valid access credentials from both sides of the door — keeping the right people in and the wrong people out. This requirement takes different hardware than a typical free-egress lock or exit device.

Determine Business Requirements
Consider the final details that will allow you to complete your system design:
• Aesthetics: Many high-profile building owners use architectural design to make their facilities stand apart. This extends to the interior space as well. So, is a black wall reader the right choice? Or will an elegant lock with integrated card reader and designer lever be a better option?
• Infectious Disease Control: Some locks and doors are available with an anti-microbial finish designed to inhibit the growth of bacteria.
• Turnover: What kind of turnover does the facility experience? Heavy turnover would be difficult to manage with a PDA-programmable offline lock; however, one-card systems program access privileges onto the card, virtually eliminating the need to tour the doors to reprogram them. Of course, online solutions could address this as well.
• Applications: It is inevitable that a variety of applications will converge into a single system. That’s why it is important to select an access control system that can grow by providing application support for parking access, visitor badging, integrated video and other needs as required.
• System Management: It is important to determine who, how and where the enduser will manage the new access control system. For enterprise-class systems, it might mean multiple departments will manage their own people, while a system administrator will maintain and manage the main, centralized system.
• Budget: You ultimately need to know your customer’s budget; however, with all the upfront research, your findings might be beyond their initial scope. This is how long-term planning comes into play so you can develop a priority list over several phases to ensure the end user gets the access control system that fully meets their requirements

Ensure Code Compliance
Several agencies have issued codes and standards over the years to enhance life safety, improve privacy and reduce fraud. They need to be factored into an overall access control plan, and the Health Insurance Portability and Accountability Act (HIPAA). National Building Code of India 2016; Life-Safety (NFPA 101) — Means of Egress; Fire (NFPA 80) — Retro-fitting, Sprinkler Systems; Accessibility (ANSI A117.1) — Operators, Credentials; and Electrical (NEC NFPA 70) — Installation, Wiring, Products. Select products and services that meet the design requirements and comply with current standards, such as EN50133 European Access Control Standards and Electrical wiring regulations.

Suppose you need to design 2door, where both side card reader for 100nos Card holder. What is the MOQ.
Option 1:
Sl No
Short Description
Long Descriptions
Unit
Total Qty.
1
Door Controller
2 Door / 2 reader Door Controller
No.
2
2
Power Supply
Power Supply for controller
No.
2
3
Proximity Reader
Proximity Readers for Entry & Exit
No.
4
4
Proximity Card
Proximity Cards
No.
100
5
EM Lock
Singe leaf lock ( 600 lbs)
No.
2
6
EDR
Emergency Break glass switch
No.
2
7
MC
Magnatic Contuct
No.
2
8
Access Software
Access Control Software
Set
1
9
Patch Cord
Patch Cord 3 M
No.
2
10
Network Switch
4port Network Switcher
No.
1
11
Access Workstation
PC i5 with windows operating system, complete with keyboard, mouse
No.
1
12
4C Cable
Supply, Laying & Testing of  4cx1.5 sq.mm cable
RM
30
13
2C Cable
Supply, Laying & Testing of  2cx1.5 sq.mm cable
RM
40
14
25mm PVC Conduit
Supply, Laying & Testing of 25mm dia. PVC type conduit
RM
60
Option 2:
Sl No
Short Description
Long Descriptions
Unit
Total Qty.
1
Door Controller
Standalone Door Controller cum reader.
No.
2
2
Power Supply
Power Supply for controller
No.
2
3
Proximity Reader
Proximity Readers for Entry & Exit
No.
2
4
Proximity Card
Proximity Cards
No.
100
5
EM Lock
Singe leaf lock ( 600 lbs)
No.
2
6
EDR
Emergency Break glass switch
No.
2
7
MC
Magnatic Contuct
No.
2
8
Access Software
Access Control Software
Set
1
9
Patch Cord
Cat6a Cable
RM
30
10
Network Switch
4port Network Switcher
No.
1
11
Access Workstation
PC i5 with windows operating system, complete with keyboard, mouse
No.
1
12
4C Cable
Supply, Laying & Testing of  4cx1.5 sq.mm cable
RM
30
13
2C Cable
Supply, Laying & Testing of  2cx1.5 sq.mm cable
RM
40
14
25mm PVC Conduit
Supply, Laying & Testing of 25mm dia. PVC type conduit
RM
60


Ref:
Access & Identity Management Handbook.
https://ipvm.com/reports/video-surveillance--access-control-integration
BS EN 50133-2-1:2000 British Standards Institution 2018.