Showing posts with label Access Fire Integration. Show all posts
Showing posts with label Access Fire Integration. Show all posts

Wednesday, February 1, 2023

Access Control Commissioning Checklist

Access Control Commissioning Checklist 

All customers are not knowledgeable to understand Access control system. When we are getting order it’s our responsibility to commissioned in proper way. In India maximum system integrator do not follow their own check list and as a result after few month call logging is started. Some call forward to OEM and System Integrator with customer’s blame on products are not good. But no one drilldown about commissioning report. Ultimately system integrator don’t know commissioning also a part of BOQ, yes they put importance only installation. I hope this checklist helps end users, integrators and consultants verify that access control installation and commissioning is complete. Take print edit as per your projects and fill all point. After that attached this with handover documents.

It covers the following sections:

  • Door Hardware Checks
  • Reader Checks
  • Controller Checks
  • Fire Alarm Loop Confirmation
  • Backup Power Compliance
  • RTE and 'Free Egress' Confirmation
  • Door Timing Checks
  • Turnstiles or Gate/Door Operator Checks
  • Credential Enrolment
  • Credential Issuance
  • Database Migration
  • Management Software User Creation
  • Access Levels and Schedules
  • Access Event Notifications
  • Door Held Open / Forced Open Troubleshooting
  • Anti-Passback Troubleshooting
  • Mapping and Custom Reporting Creation
  • Viewing Clients Installation 
  • Integration with VMS and Other Systems
  • Workstation Setup
  • Network Setup
  • Cable Verification

We recommend each person using this customize the list for their own needs / situations. There is no 'one size fits all' checklist but this list is meant to serve as a starting point to make it easier and quicker to build your own.

Door Locks and Hardware

This section covers commissioning of doors and opening locks, strikes, or other electro-mechanical hardware, including mounting and physical considerations.

Physical Operation, For every controlled opening:

  • Check all lock / hardware fasteners or mounts are secure and without play, slack, or gaps exceeding tolerances on installation instructions.
  • Ensure operation of lock is free of binding, grinding, or interference for door or frame features or other components.
  • Close and open door, or operate several cycles, the opening to ensure that no binding or warping is affecting operation. 
  • If Exit Devices are used, confirm appropriate 'Push to Exit' signage is displayed.
  • If Door Closers or Operators are used, confirm electronic access devices do not interfere with operation.
  • Confirm secure installation and function of Door Position Switches/ Contacts/ DPS.
  • Weatherproof and lightly apply grease per specification to mechanical hardware like hinges
  • Ensure any cabling or system wiring is hidden, tucked behind raceway or frames, and is not being pinched or cut by features like hinges.
  • Confirm that accessibility clearances are satisfied and any additional access control devices comply with codes.
  • If standalone, battery powered locks are used, confirm remaining battery life is strong and document commission date of batteries for future reference.

Door Controller Install Checks

  • Confirm that all terminated wiring at controller is secured and terminated without short for each device.
  • If kept in a metal enclosure, ensure panel tamper contacts and panel locks are used.  Gather panel keys for central, secure management.
  • If controllers are located at the door, confirm they are installed on the secure/locked side of the opening and located behind a tamper-resistant or semi-obscured location, such as above tiles at the door.
  • For wireless locks, confirm that all hubs or repeaters are clearly labeled as companions to the separate system readers or controllers.

Free Egress and Fire Alarm Loop Check

  • Confirm that upon fire alarm activation, all door maglocks release and are not powered.
  • Confirm that upon fire alarm activation, all emergency exit doors and openings can be freely opened and are not locked for any reason.
  • Confirm that during normal operating conditions, all 'Request To Exit' devices are located in code compliant arrangements and function properly.
  • Check that any delayed egress openings have specifically been approved by the AHJ, and delays do not exceed 15 seconds, unless specifically excepted by AHJ.
  • Confirm that all Pushbutton style RTE switches are properly labeled and displayed per local code requirements, and directly interrupt power to locks and not controller, unless specifically excepted by AHJ.

Credential Reader Checks

  • Confirm that reader device is securely anchored without gaps to the wall, frame, post, or bollard.  Seal or install trim guards where needed.
  • Confirm 'normal operation' status lights are displayed per intended behavior. (On/Off/Red/Green/Blue, etc.)
  • Confirm audible beep or siren registers when credential is read.
  • Check that reader tamper device is connected and configured.
  • If contactless type reader, present test card to confirm read range meets spec.  
  • If biometric type reader, confirm unit positioning will not be interfered with by environmental features (ie: sun movement, HVAC downdrafts, etc)
  • Confirm that accessibility clearances are satisfied and any additional access control devices comply with codes.

Credential Enrolment

  • Confirm that the only credentials to be immediately carried/used by cardholders are activated, and no batched activation of unissued/ stored credentials is done.
  • Check that each user issued a credential is accurately classified and identified in the access control software.  Include Picture ID images if possible.
  • If credentials are being renewed or exchanged, confirm physical possession, disposal, and deactivation of old credential in system.
  • If biometric credentials are enrolled, confirm multiple digits or templates are enrolled.
  • If multi-factor credentials are issued, confirm that all factors are recorded, active, and valid in the system.

Access Management Software Servers

This section covers commissioning of Management Software servers and appliances, including both hardware/network setup as well as OS and software. Some of these items may not be used depending on OS and access platform. For example, appliances typically do not require OS updates. OEM to OEM process are slight different.

Access Management Software Configuration

  • Configure Unlock, Extended unlock, Door Hold Open, and Relock event periods, as appropriate.
  • Configure user access schedules (e.g., 24/7, 8am-5pm, off-hours, holidays, etc.)
  • Configure user access levels (e.g., Managers, Workers, Visitors, Temporaries, etc.)
  • Confirm Polling Interval, or settings update push duration as prompt and as close to real-time to be accurate as recorded in system.
  • Configure any Maps or floorplans used to display and manage system control points.
  • Confirm successful integration and configuration of features like 'Video Verification', or integration with video surveillance, intrusion, fire alarm, and intercom systems.
  • Configure alarm or event notifications (email, text, etc.)
  • Download and retain copies of all door/controller configurations
  • Confirm any imported databases are clean and without problems if populating access management system.
  • For 'Anti-Passback' rules, ensure that users will not unwittingly or inadvertently cause alarms if they use atypical or uncontrolled openings.

Hardware/Security

  • Document MAC address(es) (often more than one if using multiple network cards), or if hosted/cloud access is used, document hostnames of all remote servers.
  • Assign and document IP address(es) of every networked device, endpoint, or server.
  • Apply latest OS updates (unless not recommended by manufacturer);
  • Create secure admin password
  • Create additional users as specified
  • Test UPS operation and runtime (if supplied);

Network/Security Settings

  • Document Controller and other ethernet-based devices MAC address;
  • Assign and document Controller and other ethernet-based device IP address
  • Update firmware to latest version (or manufacturer recommended/tested if different)
  • Change Controller admin password from default
  • Create multiple users if required (by specification or manufacturer recommendation)
  • Set NTP server and verify time and date;
  • Disable unused services/close unused ports (FTP, telnet, SSH, etc.);

General Server Settings

  • Confirm any requisite services or policies are free to operate and will restore automatically after reboot events.
  • Change access management admin password from default
  • Create operator/user logins
  • If LDAP or Active Directory is used, confirm valid implementation and provisioning of service.
  • Confirm and document any external database connections or dependencies by the access software.

Workstations

This list involves client workstations, including hardware, OS, and access client setup and commissioning. Some of these steps may be omitted if appliances are used. OEM to OEM process are slight different.

  • Document MAC address(es) of each workstation
  • Assign and document IP address(es)
  • Apply latest OS updates (unless not recommended by manufacturer)
  • Create secure admin password
  • Create additional users as specified
  • If dongles or hardware keys are required for client access, document location of key on workstation (e.g., Port Location, Key Serial Number)

Network

This section outlines commissioning of network hardware, including switches, routers, firewalls, etc. Some of these devices may not be used in all systems, or managed by the installing integrator.

  • Document MAC address(es) of each device
  • Assign IP address and document
  • Update switch/firewall/router firmware to latest version
  • Change admin password from default
  • Configure VLAN(s) as required; 
  • Configure QoS as required;
  • Disable unused switch ports as specified
  • Configure SNMP monitoring if required;
  • Configure MAC filtering if required
  • Download and retain configuration for each switch
  • Test UPS operation and runtime for each endpoint, if supplied

Cabling

This section covers commissioning of the access control cabling system, including labeling, supports, aesthetic concerns, and testing. OEM to OEM process are slight different.

  • Label all cables, patch panels, wall outlets, etc., as specified
  • Ensure cables are secured to supports (J-hooks, ceiling truss, etc.)
  • Conceal cables where possible/required
  • Leave properly coiled and dressed service loops at Controller or Switch location and head end as required;
  • Test all terminations and document results as specified
  • Document cable test results as specified (if certification is required)


 If need any expert comment on your projects we can help you free of cost over voice or text.


Sunday, March 8, 2020

Security Mantraps on the way

Security Mantraps on the way

Security mantraps came into use during the 16th century and were mechanical devices used for catching poachers and trespassers. Today, a security mantrap is commonly described as a small room, area or compartment that is designed to temporarily hold (trap) an individual between two doors (barriers) so that their credentials can be verified before granting access. Verification may be manual, with security personnel doing the verification, or automatic, with technology doing the verification. Most systems installed today are automatic with various integrated technologies to enhance security, safety and prevent unauthorized entry.

In the 17th century, sally ports were built to control the entryway to a fortification or prison. They often included two sets of doors (or gates) to delay enemy penetration. Today, a sally port used for security applications may include doors, gates or other physical barriers to control access of people (or vehicles) to a secure area. Both security mantraps and sally ports are in widely used for security applications, however, despite some similarities, the terms are not used interchangeably, and only sally ports are referenced in the building codes.
A mantrap is an access control tool designed and restricted to a physical space, which is separated from the adjoining spaces (rooms) by two doors, usually an exit and an entry door that cannot be unlocked at the same time. Mantraps are like a double-door checking system that use either airlock technology or interlocking doors.


Today's simplified automatic mantrap rooms enable access with access cards, key fobs and mobile phones. Since mantraps prevent two persons (unless authorized) to be in the same room, they can be used for shared spaces in hospitals, dormitories and boarding rooms or anywhere else where people have some need for privacy.
Both the International Building Code (IBC) and the Life Safety Code (NFPA 101) describe a sally port as a compartmented area with two or more doors (or gates) where the intended purpose is to prevent continuous and unobstructed passage by allowing the release of only one door at a time. Both codes restrict their use to institutional type occupancies (e.g., prisons, jails, detention and correctional centers) and require provisions for continuous and unobstructed travel through the sally port during an emergency egress condition.

During 2017, the most digital damage from cyber-attacks includes continuous targeting of critical infrastructure, ransomware, government emails being hacked, exfiltration of Central Intelligence Agency documents, and the multinational WannaCry ransomware attack of over 200,000 systems. Gartners’ global information security spending forecast estimates that by the end of 2017, purchases for security products and services could reach $84.5 billion or a seven percent increase since 2016. Defenses have progressively improved and measures continue to be implemented. However, there is one area which lags far behind – that is the physical security of data centers and, specifically, the adoption and employment of mantraps.

According to BICSI, a mantrap is created using two interlocking doors which open only one at a time after the correct credentials have been validated. To physically secure a facility or data center, periodic risk assessment and policy reviews should be conducted. Ideally, drills should be included to engrain the training scenarios and validate policies and procedures. An example of layered security can be found in the TIA-942 where tiers I through IV are used to differentiate each level including Kevlar or bullet resistant walls, windows, doors, closed circuit television (CCTV) monitoring, access control and more.
Despite their widespread use, security mantraps are not referenced by either IBC or NFPA, which has given rise to a plethora of terms and definitions, including, for example: security portals, security vestibules, security airlocks, security booths, security cabins, control vestibules and personnel interlocks. For the supplier, designer or code official, this lack of regulation can result in different interpretations of building code and life safety requirements. Generally, the most appropriate sections of the code are applied and enforced, which may include sections on doors, gates, turnstiles, revolving doors and accessibility requirements. Because security mantraps are unique in their design and operation, the enforcement of code sections intended for other technologies may result in installed systems that are over- or under-designed with added costs and project delays, if accepted at all.

A security mantrap may be manual or automatic, manned or unmanned, pre-engineered or built from the ground up, located indoors or outdoors, and include a variety of technologies to enhance security, safety, aesthetics, throughput, service and overall performance. The systems come in various sizes, shapes, styles and configurations with a multitude of finishes, glazing and door options, including ballistic and vandal resistant. Other options and features include: metal/weapons detection, left object detection, tailgating/piggybacking detection, monoblock construction, wall mount versions, network interface capabilities, video cameras, intercoms, anti-pass back integration, biometrics, manual releases, and inputs/outputs for control and alarm monitoring. most common mantraps work with a system of two interlocked doors, there are solutions that can be implemented on three or more doors, including varied authentication systems. “Real” mantraps typically have two locked doors. Some interlocked mantraps, such as those used at bank entrances, are unlocked to begin with, and only lock when one of the doors is open.
Security mantraps are commonly found in high-security, mission-critical facilities (e.g., government, military, critical infrastructure), but can also be found in many commercial and industrial facilities (e.g., banking, data centers, pharmaceutical, health care, airports, casinos, executive suites, high-end retail, R&D labs). Some of the key drivers for using security mantraps include the ability to detect and prevent tailgating and piggybacking incidents in unmanned locations, satisfying various regulatory compliance standards (e.g., GDPR, GLBA, PCI DSS, HIPPA, FISMA, SOX) by restricting access to critical information systems, and protecting against other security threats that have become more prevalent in the world today (e.g., espionage, terrorism, theft, vandalism, protests, etc.).

When security mantraps are being considered as a countermeasure to mitigate unauthorized entry, it is important to establish clear goals and objectives for the equipment, application and environment. Then, carefully review and evaluate the proposed system based on form, fit and function. When these systems become part of the building infrastructure, provisions for security and safety must be met. This often starts with a security risk assessment for the facility or site.

Two Major Types of Mantraps:
  • Air Lock Control – low-security systems used only for environmental control also referred to as normally unlocked.
  • Restricted Entry and Exit – these are considered the highest security type that is used with normally locked doors. Opening any door keeps all other doors secure. The man trap buffers simultaneous requests for access which prevents any two doors from being unlocked.
Additionally, some man traps may incorporate the use of Request-to-exit (REX) device – typically located on the inside secured door, most are identified as a ‘quick release’ latch.

Mantrap Pros:
  • Allows only one person to enter or exit at a given time
  • Requires proper identification and authentication
  • Restricts movement into and out of the data center
  • Can be used to closed unwanted visitors until authorities are called
  • Provides an audit trail for personnel and visitors
Mantrap Cons:
  • Highly secure doors are more expensive
  • May not permit movement of large boxes, dollies, deliveries, etc.
  • May fail during electrical power outage unless backup exists
  • If not properly implemented according to policy and design, may present a safety risk
The goal of any security risk assessment is to develop a protection strategy that mitigates risk to people, property and information systems, and, for security mantraps, the primary goal is to prevent unauthorized entry. The security risk assessment process begins with asset identification and valuation, followed by evaluation and analysis of associated threats, vulnerabilities and potential loss impact. Finally, security measures are recommended and form the basis of an integrated protection strategy.