Showing posts with label PD6662. Show all posts
Showing posts with label PD6662. Show all posts

Saturday, April 7, 2018

Guide to design Access Control

Guide to Design Access Control

Access control systems provide authorized individuals safe and secure access in and out of various parts of your business while keeping unauthorized people out. They can range from electronic keypads that secure a single door to large networked systems for multiple buildings. Access Systems also greatly simplify management of your facility: no need to replace lost keys, hunt down old keys from terminated employees, or wonder who has access to which areas.

Designing an access control solution requires decisions on 8 fundamental questions. This in-depth guide helps you understand the options and tradeoffs involved in designing an excellent access control solution.

BS EN 50133-1:1997 European Standard for Access Control Systems Requirements of an access control system for use in security applications. When a part of an access control system (e.g access point interface) forms a part of an intruder alarm system, that part shall also fulfil the relevant requirements of alarm intrusion standards.
This standard addresses the security application for each access point.  An access control system may consist of any number of access points.
Different levels of confidence in identification of users requesting access at an access point have resulted in the definition of recognition classes.
The diversities of the market needs for access control systems have led to taking into account systems with or without logging or time logging.
Access point actuators such as electric door openers, electric locks, turnstiles and barriers are covered by CEN/TC 33 standards.

EN 50131 was phased in to replace British Standards BS4737, BS7042 and BS 6799 and was adopted in October 2005 utilizing PD 6662:2004, an enabling document which facilitated the introduction of EN 50131 into the UK.

PD6662 differs from former British Standards in the following ways:
It determines not only the system but also the component design requirements for Intruder and Hold-up Alarm systems.
A comprehensive Risk Assessment is required to determine the design criteria of the system.
Applicable to both hard-wired and wire-less installations.

Grading of systems is required to reflect "the risk". I.E. Grade 1 - Low Risk, Grade 4 - High Risk.


The eight fundamental questions are:
  1. Are the Benefits Worth the Cost?
  2. What Do You Secure?
  3. What Forms of Authentication and How Many Do You Need?
  4. What Kind of Reader Should You Use?
  5. What Kind of Lock Should You Use?
  6. What Do You need at the Door Besides a Reader and Lock?
  7. How Do You Connect the Reader to the Network?
  8. What Type of Access Control Management System Should You Use?
This report focuses on selecting and designing electronic access control system (using cards, pins, biometrics, etc.) rather than key based ones.

Cost
While electronic systems are far more sophisticated and can be more secure, most people still use keys. The reason is simple: cost.
Industry averages for electronic access control ranges Rs. 20K to Rs. 30K per door installed. Locksets, on the other hand, run between Rs. 5K to upwards of Rs. 50K, depending on the level of security required.

While electronic systems provide many benefits over keys, they will cost thousands more per door than keys/locks. As such, you may determine the cost of electronic systems cannot be justified or that only certain doors are worth installing electronic access control.
Bottom of Form

What are the benefits?
To determine if electronic access control is worth the cost, understand if the following benefits apply to your use:
  • An access control system simplifies management of access to the building. Keys do not need to be made and distributed to employees or contractors. Credentials (either permanent or temporary) are issued to the respective party, and that is it.
  • The potential risk associated with a misplaced or stolen key is significantly reduced. Typically if a key to an exterior door is lost, best practice and common sense would mandate re-keying the facility, lest that key fall into criminal hands. Re-keying is typically a large expense.
  • Improved audit trail: With keys, no record is kept of who came and went through each door, and when. Intrusion detection and surveillance systems may provide some idea, but not as simply, or in as much detail.
  • With keys, in many facilities, staff must manually lock and unlock doors at the beginning and end of business. This requires time and introduces the risk of forgetting or not properly locking a door. Doors controlled by an access control system, whether controlled by a card reader or not, may be automatically unlocked in the morning and locked at night on a schedule, or when the intrusion detection system is disarmed and rearmed.
What do You Secure?
After answering the why, the second question when planning an access control deployment is what. What assets are to be secured? Doors which are infrequently used, or by a very limited number of staff, such as closets, typical non-critical offices, and mechanical spaces, typically are not worth the expense of adding access control, unless a legitimate risk to high-value assets is expected.

Typical spaces we see access control applied:
  • Exterior Doors: Typically, exterior doors are the first thing to be secured. This simplifies access to the building, so staff do not need keys, while keeping unauthorized persons out of all entrances except those intended. Visitors may be directed to a particular entrance where staff can receive them. Typically, this is done in one of two ways. (1) Remotely: In this scenario, visitors to the facility utilize an intercom (audio/video is most definitely preferred) to speak to reception or security staff, who then remotely release the door so they may enter. (2) In-person: In this scenario, visitors simply enter the building through an unlocked set of doors and speak to reception staff. In both instances, the visitor may be kept outside of the facility entirely, or they may be allowed access into the building into a lobby or vestibule, which is secured by a second access controlled door.
  • Gates: Entry gates are commonly added to an access control system. This moves access to the perimeter, from the door, often desirable in high crime areas or high-security facilities. This is typically paired with surveillance and/or video intercom so staff may visually confirm who requesting entry is. The gate may then be remotely released for deliveries or visitors. Wireless interfaces make access control of gates easier, by avoiding trenching costs. The gate is usually controlled via interface to a gate operator or through specialized locks made for the application.
  • HR and Accounting Areas housing confidential company records are often next to be secured.
  • Inventory and Warehouse Areas: Storage rooms and warehouses are easy targets for both internal and external threats. Securing entrances to these areas reduces access, provides a log of activity, and introduces an extra obstacle for anyone intending to steal supplies or equipment.
  • Data Closets: Along with network security becoming a bigger issue, access control of data centers and IDF’s has increased. Considering the server room is often the brains of an organization’s operation, this is a good practice. Specialized systems exist for securing cabinets in larger, often multi-user, data centers.
  • Classrooms: With computers being a common target of theft in schools, locking classrooms is often desirable. Installing electrified locks on each classroom also provides lockdown capability, so in emergencies security staff may lock down the entire campus with a single action.
  • Cabinets: Specialized locks for use on cabinets have are available so that access control may be moved to the specific asset instead of the door.
  • Key Control Cabinets: Many organizations, even those who use EAC extensively, still need to manage a certain quantity of keys, whether for vehicles, cabinets, or other purposes. Often, these keys are kept in a cabinet or on a backboard, which are conspicuous and an easy target for any criminal. Simply using a securely mounted cabinet with an electrified lock reduces this risk. More elaborate systems for key management exist as well, providing control and audit trail down to the level of the individual key.
What forms of authentication and how many do you need?
A key goal of access control is to selectively let people in. To do so, you need to choose a technique for people to prove that they have legitimate access to an entrance. This proof generally falls under the common mantra, something you know, have or are. Lets look at the practical options used in real-world security systems:
  • Something you Know: This is the most common technique in accessing computers and second most in accessing doors. The best examples of this are passwords or pincodes. Since they are so easy to share and steal from an authorized user (it is essentially free to replicate them), most physical access control systems stay away from using this as the only means of authentication.
  • Something You Have: This is the most common technique used in physical access and best represented by the card or fob. The user carries this physical token with them and presents it at the entrance. It is generally considered stronger than pincodes because they are harder to reproduce. On the other hand, it is possible to reproduce and the risk that the card is shared is still a threat.
  • Something You Are: This is the least common technique used in security but generally considered the strongest. Good examples include fingerprint, face, vein and hand geometry. These are fairly hard to fake (Hollywood movie counterexamples notwithstanding). However, biometrics are still quite rarely used statistically. Even for the ones that are considered to work well, the price increase over cards makes it hard for most to justify.
You can use these in combination. Indeed, this approach, called 'multi-factor authentication' is very popular among security practitioners. You can have dual or triple mode authentication where users are required to use a pin and a card or a card and fingerprint or all three together. If both or all do not pass, entrance is denied. The big plus for this approach is that it makes it much harder for an illegitimate user to get in. The big downside is that it becomes inconvenient to users who will be locked out if they forget one and will take more time and hassle to get in each time they check in. Because of this, the number of factors of authentication usually increases with the overall level of security or paranoia of the facility (e.g., condos are single factor, military bases can be triple, etc.).

What kind of electrified lock should I use?
In all locking systems, the locking device represents the physical security barrier. Locking devices include Magnetic Locks (Maglocks), Electric strikes, Deadbolts, Magnetic Shear Locks and Electrified locksets. These devices are mounted on the door and door casing. Examples of Locking Device types follow. 'Clicking' on any of the device photos will open a new window with direct access to pricing, and product datasheets for further and more detailed reference.
·  Magnetic Locks/  Electromagnetic lock, magnetic lock, or maglock is a locking device that consists of an electromagnet and armature plate. By attaching the electromagnet to the door frame and the armature plate to the door, a current passing through the electromagnet attracts the armature plate holding the door shut. Unlike an electric strike a magnetic lock has no interconnecting parts and is therefore less suitable for super high security applications because it is possible to bypass the lock by disrupting the power supply. Nevertheless, the strength of today's magnetic locks compares well above that of conventional door locks and they cost less than conventional light bulbs to operate. Power supplies incorporating a trickle-charged lead-acid battery pack should be used to retain security for short-term power outages. Magnetic locks possess a number of advantages over conventional locks and electric strikes. For example, their durability and quick operation can make them valuable in a high-traffic office environment where electronic authentication is necessary.
Advantages
·  Easy to install: Magnetic locks are generally easier to install than other locks given there are no interconnecting parts.
·  Quick to operate: Magnetic locks unlock instantly when the power is cut allowing for quick operation in comparison to other locks.
·  Suffer less damage: Magnetic locks may also suffer less damage from multiple blows than conventional locks.

Disadvantages
·  Requires continuous power: To remain locked, the magnetic lock requires a constant power source. The power drain of the lock is typically around 3 watts, far less than that of a conventional light bulb (around 60 watts), but it may cause security concerns as the device will become unlocked if the power source is disrupted. In comparison, electric strikes can be designed to remain locked should the power source be disrupted. Nevertheless, this behavior may actually be preferable in terms of fire safety.

·  Electric Strikes replaces the fixed strike faceplate often used with a latchbar (also known as a keeper). Like a fixed strike, it normally presents a ramped surface to the locking latch allowing the door to close and latch just like a fixed strike would. However, an electric strikes ramped surface can, upon command, pivot out of the way of the latch allowing the door to be pushed open (from the outside) without the latch being retracted (that is, without any operation of the knob) or while excited the knob or lever can be turned to allow egress from the secured area. Electric strikes generally come in two basic configurations:

Fail-secure
·  Also called fail-locked or non-fail safe. In this configuration, applying electric current to the strike will cause it to open. In this configuration, the strike would remain locked in a power failure, but typically the knob can still be used to open the door from the inside for egress from the secure side. These units can be powered by AC which will cause the unit to "buzz", or DC power which will offer silent operation, except for a "click" while the unit releases.

Fail-safe
·  Also called fail-open. In this configuration, applying electric current to the strike will cause it to lock. In this configuration, it operates the same as a magnetic lock would. If there is a power failure, the door would open merely by being pushed/pulled open. Fail safe units are always run using DC power.

·  Electric Deadbolts are recommended for high security interior door and cabinet applications where electromagnetic locks are not required. Electric bolt locks include long life solenoid driven direct throw mortise bolts, some models offer right angle bolts for narrow frames and door stiles and surface mounted bolt locks for door and cabinet applications. Compatible with virtually any access control system, electromechanical bolt locks are available in failsafe and fail secure modes

·  Magnetic Shear Locks are recommended to provide superior failsafe holding force and aesthetics for most types of doors, including high profile frameless glass doors. Representing the latest evolution in the development of magnetic locks, shear locks incorporate several features to ensure that the door seamlessly locks and releases without hindrance.

·  Electrified Locksets look and function like a typical cylindrical or mortise style mechanical lock. However, incorporate internal solenoids to enable the lock and latch feature. Building and fire life safety code compliant for fire rated office doors, corridor doors, lobby doors, exit doors and stairwell doors. Whether failsafe or fail secure, controlled access and remote control capability is provided while the door stays latched even when unlocked, maintaining fire door integrity.

What kind of reader should You Use?
Readers allow users to request doors to be unlocked and come in a wide variety of options.
Keypad: A very simple form of access control, in which the user enters his or her PIN number at a keypad device to open the door. Keypads suffers from the inherent security flaws of PINs described above.
Card Readers: There are numerous card technologies currently in use in the industry, both contact and contactless.
  • Contact readers include magnetic stripe, Wiegand, and barcode. Of the three magnetic stripe is the only technology still widely used today. Barcode finds some use, mostly in legacy systems, but is so easily duplicated - one simply has to copy the barcode - it has fallen out of favor. Magnetic stripe readers are still regularly used on college campuses and in other facilities, especially where cards are used for purposes other than simply access. Mag stripe was common for cashless payment, but many of those applications are being filled by smart cards today. Contact readers are easily damaged by vandals, by inserting foreign objects, or even gum, into the slot. This is one of the reasons contactless proximity cards have become more common.
  • Contactless readers include standard prox, contactless smart card, and other technologies, some proprietary to a specific manufacturer. HID prox readers are by far the most widely implemented technology in access control, with almost every manufacturer supporting, and many reselling them. Regardless of which specific reader you use, the technology is basically the same for purposes of this discussion: the reader emits a field which excites a coil on the card, which then transmits an embedded number to the reader. Smart card technology has had somewhat limited acceptance due to higher pricing when it was introduced. With prices falling in line with those of standard prox, however, we recommend all new installations use smart card technology. We will contrast the two technologies in a future report. Also, a word of warning when selecting readers: proprietary card and reader technology will almost always require that all readers be changed and cards reissued should a facility change access control systems in the future. For this reason, we recommend against using them, instead favoring standard technologies.
Biometrics: For access control purposes, we typically see one of three or four biometric readers used: Fingerprint, iris, hand geometry, and retina, with fingerprint readers being by far the most common. No matter which reader you choose, there are several drawbacks to consider:
Access time is typically longer than when a card is used. In high-throughput areas, this may be a problem. You would not want to require an incoming shift of workers in a factory to filter through biometric readers for building access, for example.
Biometric readers generally require an additional weatherproof enclosure. This adds expense and slows access time more. Additionally, many of these enclosures require an employee to manually open and close them, which increase risk of human error. Failing to close a weatherproof enclosure after use may damage the reader.
Compared to card readers, biometric readers are expensive. This is offset somewhat by eliminating the expense of cards, but it must be taken into account. If you go with Biometric devices then always select controller cum reader. During design of biometric based access control, you must take the template capacity. 

What type of reader should I use?
Whichever technology is chosen, form factor must be taken into account. Readers come in a variety of form factors, from miniature to oversized, depending on the application.
Miniature readers may be used to be aesthetically pleasing on an aluminum-framed door, for example, while a 12” square reader may be positioned at the parking garage entry for better read range. Generally speaking, the distance at which a card can be read increases with the size of the reader. Standard read range is between one and four inches.

What else do I need at the door - Door Access Control Egress Devices?

To ensure free pass to exit a secure door, all locking systems include a quick exit device. Examples include; push-to-exit buttons, request-to exit bars, motion detectors, emergency (break-glass) exit and Time delayed exit. These buttons are mounted in the interior, on the casing surrounding the door (mullion mount) or on a wall near the door (gang mount). Examples of Egress Device types follow. 'Clicking' on any of the device photos will open a new window with direct access to pricing, and product datasheets for further and more detailed reference.
The devices above require power, of course, so power supplies are another consideration when designing an access control system. There are three methods by which door devices may be powered:
  • A power supply centralized with the access control panel. This is the simplest method, requiring the least high voltage to be run and thus reducing cost. However, voltage drop may become an issue, so calculations must be performed to take this into account.
  • A power supply local to the door. This is common in cases where electrified hardware is used. The power draw of an electrified device is normally much greater than a mag lock or electric strike, so local power is installed, to avoid voltage drop issues. The downside of this is that it adds another point of failure, as opposed to a single central power supply.
  • Power over Ethernet. A relatively recent development to the industry, power over Ethernet is being utilized to power single-door (or in some cases two-door) controllers, which in turn supply power to all the attached devices. In our experience, this is normally enough to power typical strikes and mag locks, but not latch retraction devices. Power draw also varies by manufacturer, so care must be taken to make sure enough power exists to operate the selected lock.
No matter which method you use for powering devices at the door, fire alarm interface may need to be considered. Typically, doors in the path of egress are required to allow free egress in the case of fire. Note that this does not necessarily mean they must unlock, a common misconception. Doors equipped with electric strikes are not required to unlock if they also are equipped with panic hardware. Mag locks are, however, in almost all cases required to unlock. Remember this when considering locks for your access control system, as simply pulling a fire alarm pull station may leave the building completely vulnerable if mag locks are used.

We also recommend using supervised power supplies for access control applications. These power supplies supply contact closure upon AC fault conditions, or battery fault if backup power is being used, alerting the access control system that power to the door is lost. This allows more proactive monitoring, instead of waiting for a user to discover that a door does not open, or in the case of a mag lock, that it does not lock.
  Push-To-Exit / Egress Switch Buttons as the name implies Push-To-Exit buttons are wall mounted near the exit point and contain directions on a large green or red button. Depressing the button releases the door.

  Push Bars attach across the inside of the door at the height of the door latch. You exit the door by pressing against the bar. The action of pressing the bar releases the latch and the door opens.

  Emergency Exits attach on a wall near the exit point. Emergency exits are available is two general types, the first is a 'break-glass' model. To gain exit, you break the glass face. The action depresses a button inside the switch and releases the door. The second type uses a pull down handle to release the door.

  Motion Sensors function by detecting a vehicle or person approaching an exit and unlock the door. In addition to motion sensors, several other type of free exit systems are available including: loop detectors and photo cells or beams

  Delayed Egress function by starting a timer once the device is activated. Delayed egress can include voice commands and sounds explaining the door will open in 'x' seconds. For example, once depressed. a delayed egress can count down from 15 seconds to zero and then release the latch opening the door. Delayed egress devices provide the emergency opening functional of a free exit system while providing a delay for enhanced security.

What Type of Access Control System Should I Use?
Three types of management exist for access control systems:
  • Embedded: Also called web-based or serverless, the access control system is managed wholly through the access control panel, via web page interface or occasionally software. Typically functionality is limited in this method, due to the limitations of what can be done in a standard browser (without added plugins, Flash, ActiveX, etc.), which will work on all platforms: Windows, Mac, Linux. Enrollment and logging functions are easily available, but real-time monitoring is more of a challenge. Cost is reduced, since no server must be supplied.
  • Server-based: The more common method, puts administration, management, and monitoring of the access control system on a central server. Client software installed on management or monitoring PC’s connects to this server to perform necessary functions.
  • Hosted: Relatively new to the industry, hosted access control systems are managed by a central server which manages multiple end users’ systems from “the cloud”. The only hardware required on site is the access control panel with an internet connection. User interface is usually through a web portal, making hosted access a combination of web-based and server-based management. The hosting company must manage the system as a traditional server-based system would be managed, but to a user, all interface is via the web.
When selecting an access control system, consider what features you will need at the present time, and consider where the system will go in the future. Some questions to ask:
  • Does it use standard card readers? While HID are well-known as access control industry juggernauts being OEM’d or supported by the vast majority of manufacturers, not every system utilizes compatible readers. Some manufacturers support only proprietary readers which would typically need to be replaced should the system be changed to a different vendor’s product in the future. Others utilize different cabling topologies, which usually require less cable to each door, typically a single cable, with all the devices at the door connecting to an intelligent reader or small controller. If future-proofing is a concern, as it typically is and should be, select systems which utilize standard wiring schemes.
Another consideration when discussing “openness” of a system is whether the selected manufacturer uses open platform control panel hardware or their own proprietary panels. If the system runs on open hardware, most, if not all, of the head end panels may be reused when changing to a competitive system. Mercury Security is the largest supplier of OEM hardware to the access control industry, with manufacturers such as Lenel, Honeywell, and more using their hardware. HID’s network-based Edge and VertX platform are seen second-most often.
In the case of a small organization with a handful of doors, open platform hardware may be a non-issue. If the required feature set is small, and the likelihood of moves and expansions is low, a proprietary web-based platform will suffice. However, for enterprise-level systems, non-proprietary hardware is highly recommended to avoid becoming trapped by a single vendor.
  • Do you require integration to other systems? Integration of surveillance systems (or other systems) with an access control system has grown in popularity in the past few years. For our purposes, we are specifically discussing software-based integration. Integrations via inputs and outputs, or RS-422 command strings, have been in use for many years and are very functional, but nowhere near the level of a true software integration. Some features you may expect via software integrations:
  • Integrating surveillance with access control allows access events to be presented to an operator with corresponding video. This reduces investigation and response time of the guard force. Integrated systems may also slew PTZ cameras in the direction of a forced door or access denied event.
  • Integrating intrusion detection with access control allows for arming and disarming of the system via card swipe. Sometimes this is based on the first person in/last person out, using people counting features of the access control system. We feel cardswipe arming/disarming is a security risk, however, as a lost card now unlocks the door and disarms the building, leaving the facility-wide open for any thief. Integrating the intrusion detection system also allows for arming and disarming from the access management software, as well.
  • It should be noted that these integrations are rarely very “open”. Most commonly, the video management, intrusion detection, and access management systems must be from the same manufacturer. At best, an access control system will support a handful of video platforms. Intrusion integration has historically been strictly limited to the same manufacturer.
  • While intrusion and surveillance integrations are the most common, other systems may be integrated to the access control system as well, depending upon the capabilities of the ACS platform. If the intent is to use the ACS as a full security management platform, displaying and correlating all alarms, fire alarm, building automation, perimeter detection, or other systems may also be considered for integration. The capabilities of some access management system are beginning to approach those of true PSIM platforms, though typically without the procedure element common to PSIM.
  • Many systems, especially web-based varieties, feature only integration to video, if any integration exists at all. This is especially common among the smaller access-control-only manufacturers. Integration to third-party systems is usually not a free feature of the software, either, and buyers should beware of licensing fees before making purchasing decisions. The only integration commonly free is with a manufacturer’s own video management or DVR systems.
  • How will the system be used? If all the system must do is unlock doors when a card is presented, simply to replace keys, make sure that the enrollment features of the system are simple to use. Chances are that live monitoring will not be crucial in a system such as this. Access logs should be simple to review, as well.
  • If the system will be used in a live-monitored scenario, it should offer all relevant information in a streamlined fashion, without clutter. Typically this will consist of an event list, in which all system events scroll through as they occur. Map views may also be useful, depending on the facility. This way an operator may see exactly where an alarm is occurring, speeding response. Cameras and other integrated system devices are also commonly shown on the map for ease of use.
Door Access Control Features [ What options and features are available?]
Timing - lets you set specified times when a door should lock and unlock. Particularly useful for doors that are open to the public at some times but only to employees at others.
Tracking - Any computerized access control system will do some basic tracking of usage. Check out the available reports and see if they provide the level of detail you need.
Battery backup - keeps your premises secure for hours, even during a power failure.
Template layouts - lets you create a graphic blueprint of your building and point and click your way around to change permissions for different doors.
Badge printing - The vendor may be able to supply a specialized printer so you can create new cards as needed, with or without photos.

For some types of access control systems, you may also want voice communication capabilities, such as an intercom or a telephoneentry system. A simple intercom allows visitors to talk to a central control booth. Telephoneentry systems, common in large apartment buildings, allow visitors to dial a specific unit to request entry and let residents unlock the door using their phone.

Special Considerations
Outside the typical door access scenario, there are some special use cases of access control we may run into:
  • Elevators: There are two methods of restricting access to an elevator (1) Call the elevator car upon a valid card read, instead of pushing a button. This method puts a single reader outside the elevator. A user presents his or her credential to call the car. Once in the elevator, the user has access to any floor he or she chooses. This is a simpler and less costly method of restricting access, since only a single card reader must be installed, but may not be applicable in all scenarios, if access to individual floors is desired. (2) Allow selection of individual floors based on the credential presented. In this scenario, when the user enters the elevator, the floors he or she is restricted to are lit, and floors they’re not allowed access to remain unlit. They will only be allowed to take the elevator to floors they’re given access to. There are multiple drawbacks to this method, although it may be unavoidable if this sort of security is required. First, it requires a card reader be mounted in the car, which requires interfacing with the elevator’s traveller cable/ flat Cable, or wireless transmission be used. Second, it requires an input and output for each floor to activate and deactivate each of the buttons, which may be labor intensive depending on how many floors there are in the building.
  • Harsh Environments: When utilizing access control in harsh environments, all of the devices in the system must typically be intrinsically safe, also called explosion proof. What this means is that the device will not spark and potentially create an explosion. While there are card readers specifically produced for these environments, typically they consist of a standard card reader mounted in an explosion-proof instrument enclosure, readily available from electrical distributors, and easily fabricated in the field.
  • Mustering: A function of certain access control systems, mustering counts employees exiting the building via a designated reader or group of readers. So, in case of emergency, security and safety staff may see how many employees and visitors, in some systems, are still in the facility. Specialized wireless readers may also be used for mustering, In this case, the security officer carries a reader and has employees swipe their credentials as they reach the mustering point.
Suppose you need to design 2door, where both side card reader for 100nos Card holder. What is the MOQ.
Option 1:
Sl No
Short Description
Long Descriptions
Unit
Total Qty.
1
Door Controller
2 Door / 2 reader Door Controller
No.
2
2
Power Supply
Power Supply for controller
No.
2
3
Proximity Reader
Proximity Readers for Entry & Exit
No.
4
4
Proximity Card
Proximity Cards
No.
100
5
EM Lock
Singe leaf lock ( 600 lbs)
No.
2
6
EDR
Emergency Break glass switch
No.
2
7
MC
Magnatic Contuct
No.
2
8
Access Software
Access Control Software
Set
1
9
Patch Cord
Patch Cord 3 M
No.
2
10
Network Switch
4port Network Switcher
No.
1
11
Access Workstation
PC i5 with windows operating system, complete with keyboard, mouse
No.
1
12
4C Cable
Supply, Laying & Testing of  4cx1.5 sq.mm cable
RM
30
13
2C Cable
Supply, Laying & Testing of  2cx1.5 sq.mm cable
RM
40
14
25mm PVC Conduit
Supply, Laying & Testing of 25mm dia. PVC type conduit
RM
60
Option 2:
Sl No
Short Description
Long Descriptions
Unit
Total Qty.
1
Door Controller
Standalone Door Controller cum reader.
No.
2
2
Power Supply
Power Supply for controller
No.
2
3
Proximity Reader
Proximity Readers for Entry & Exit
No.
2
4
Proximity Card
Proximity Cards
No.
100
5
EM Lock
Singe leaf lock ( 600 lbs)
No.
2
6
EDR
Emergency Break glass switch
No.
2
7
MC
Magnatic Contuct
No.
2
8
Access Software
Access Control Software
Set
1
9
Patch Cord
Cat6a Cable
RM
30
10
Network Switch
4port Network Switcher
No.
1
11
Access Workstation
PC i5 with windows operating system, complete with keyboard, mouse
No.
1
12
4C Cable
Supply, Laying & Testing of  4cx1.5 sq.mm cable
RM
30
13
2C Cable
Supply, Laying & Testing of  2cx1.5 sq.mm cable
RM
40
14
25mm PVC Conduit
Supply, Laying & Testing of 25mm dia. PVC type conduit
RM
60

Testing 
This phase might begin staggered as various parts of the implementation phase are completed. At some point, testing will often involve the authority having jurisdiction (AHJ), particularly in the life-safety areas of your access control system.

Testing is often very methodical. It should include checklists, and all relevant parties must sign off on the results. Make sure to save copies for your records. 

It is also recommended that, within a few weeks prior to actually starting to use the access control system, all operations, management and service personnel be trained. Training, if not properly implemented, will make for a bumpy transition to that new access control system.
Maintaining 
The system will need ongoing maintenance, so a maintenance contract proposal is in order. This is a wonderful source of recurring revenue. Most decent-sized security projects will require ongoing maintenance programs because these kinds of projects are never fully completed.

So now we return to the beginning of the project cycle, with changes and add-ons, beginning a project cycle all over again. Such is life in the day of a project manager.
Life-Safety Rules, Terminology are Paramount 
Since most access control systems are basically designed to keep someone out, important measures need to be observed so as not to accidentally keep a person from exiting a building. 
A key factor when working with access control systems is the important considerations of fire/life-safety rules. The most important rules are listed in the American National Standards Institute (ANSI) and National Fire Protection Association (NFPA) 101 Life Safety Code(r). This is required reading for all who specify, sell, install and service access control systems. 
Dealers should be knowledgeable of safety terminology, such as knowing the difference between fail-safe and fail-secure.

Though it is typical to have free egress in a commercial building, there are ways to supervise and monitor an unauthorized exit. A suggested sensor for exiting through a door is the request-to-exit (RQE) sensor. The RQE is a motion sensor that senses only personnel who are directly in front of an exit door. Another option is having a door push bar also connected with the magnetic door lock.

Often, a happy compromise between allowing someone to exit but not exiting unnoticed or undeterred can be reached by using an electronic egress delay. Many RQE units, such as a door push bar, allow for an unauthorized exit but only after a short delay period in which a local audible and report alarm have occurred.

Typically, a bar would need to be pushed for more than two seconds and would not allow full unlocking of the door until after 15 seconds (an AHJ can make that up to 30 seconds). Still enough time to exit from a fire, yet enough time for security personnel to take action.

Choosing a Door Access Control Manufacturer and Vendor
As with any major business purchase, it is worth taking the time to ask a lot of questions when choosing an access control manufacturer and support vendor. You want a vendor who is large enough to be stable and provide timely customer support when you need it, yet small enough to be responsive to your needs. Flexibility is also important: the vendor should be able to adjust to your specific requirements. The best vendors will ask you questions as well. They will walk you through the specification process and help you design the solution that best fits your needs. They do not need to see your facility, but they may ask you to send digital pictures of specific entry points. Avoid vendors who have the perfect system for you; after five minutes of conversation; and by the way, it is on sale this week only!

Most access control vendors work with a wide range of customers, but you should look for one that has experience in your industry. In particular, do not work with a company that handles mostly residential systems: for your business, you need commercialgrade access control. Many manufacturers produce residential versions that are considerably cheaper; but they are not as reliable and not built for the same amount of use as commercial systems. Also, look for a vendor who supports multiple brands of hardware. Access control hardware is fairly standardized and will work with most controllers. However, controllers and software are more specialized, so make sure the dealer you choose has significant experience supporting the brands you decide on. Factory certification from manufacturers indicates a greater level of training and support, but it is not essential.
Integration and Installation
In addition to providing you with the right products, the vendor you choose will also be responsible for providing going support and helping to integrate it with any other related systems you have. There is no real standard for connectivity between access control and alarms, time and attendance and video surveillance, so there will always be some additional custom work involved in creating links between these systems. Most important, there are local and national codes governing the types of locks and hardware that can be used on fire and exit doors, so make sure you are familiar with the ordinances in your area. Some of Controller haveing inbuild fire integration port, in case of fire access door is unlock. If this dedicated port not there then you need to pass lock power through fire control module NC & COM.
Door Access Control System Buying Tips
Stay in touch Keep your building management in the loop as you select and install a security access control system; you may need permission to do certain types of installation.
Safe or secure - Different types of locking hardware can be "fail secure" meaning if the power goes out, the door remains locked from the outside, or "fail safe" meaning the door will unlock completely in a power failure. Both safety regulations and your own security requirements can have an impact on which type is right for your situation. (Remember that in a power failure, security doors must allow anyone inside to exit.)
Reuse equipment - Hardware, locks, sensors, and card readers or keypads; are fairly interchangeable between different security access control systems, so upgrades and add ons can incorporate existing materials.
Do not overbuy - Securing door after door inside your facility is likely to frustrate employees more than increase security. Do not feel like you have to include every door in a security access control system: a mix of card access and plain old keys is often the best combination. Focus your access control points on the perimeter of your building.
Example & FAQ:
Q. In my office has only one door – Main entrance, I need to control unwanted person from there. Along with I want to record in time & out time for their attendance.
A. This is very common who has small office. You required one no of Standalone Controller Cum reader (Card Reader / Biometric) install at Entry gate/Door. For Exit either you required one no Egress Switch / Exit Switch. Or you can use Reader (Card / Biometric). Remember you required door locking devices Like: EM Lock, Strikes Lock etc. You required one Attendance Software to get in time & out time with other specified reports. Based on your controller you reqired access card (EM / Proximity / HID proximity etc). Also take measure of communication cable.
Q. We need access control for my office Main door & server room.
A. There are two nos door under access control. We design two way to secure customer office.
1. Standalone: If you use this type of design then you need Controller cum reader for both door entry. Two nos Egress Switch (If controller handle Exit Reader, then you can put Reader also) & Two nos EM Lock to secure there both room. The controller havening access management software. You can get report from there. Based on your controller you required access card (EM / Proximity / HID proximity etc). Also take measure of communication cable.
2. You can take 2-Door Controller having 4nos reader option. Now you take 2 / 4 nos proximity card reader, 2nos Egress Switch, 2nos EM Lock. The controller havening access management software. You can get report from there. Based on your controller you required access card (EM / Proximity / HID proximity etc). Also take measure of communication cable.
Q. We have 9000Sqft carpet area office, we want access control in our office for some door.
A. You have a variety of options. Firstly, you have to decide how many doors you want to control initially, and how many you are likely to want to control in the future. You need to decide if you want to link a variety of sites together, so that a person can be given access rights to a variety of doors in a variety of principle.
Now we consider Multiple door, non-pc controlled Access control systems. These systems are cost effective, but once again, can be time consuming to control. Each user is issued with a fob or card. You ‘enrol’ users onto the system using a master fob. When someone leaves, you can disable their fob or card form the main controller. These systems give very little reporting, and it's impossible to find out who came in at a certain time. They are ideal where very few users need access to 1 or 2 doors. They are more convenient than having 2 separate standalone electronic keypads, and more secure as codes are not given out. They are not good for a large amount of doors or a larger amount of users.
Now we consider Multiple door, PC controlled Access control systems. There are many manufacturers of these systems, and a wide variety of options. Once you have made the investment in the software, training, badge technology and hardware, it’s prohibitive, in terms of cost to switch to another manufacturer. The principle of these systems is that from a central location, you can truly control who goes in or out of any particular door, anywhere on the system, during what hours. There are a variety of alerts that can be enabled, such as if a door has been held open, or forced open, or if the emergency break glass has been broken. Typically, there is a reading device at each door, which accepts swipe cards, or more typically is a proximity reader. This device is able to ‘read’ the information on a badge or fob from 2 or 3 inches. There are other readers with a longer read range, that help people comply with the Disability Discrimination Act.
Q. How is the price calculated ?
A. We will automatically generate an approximate hardware quote based on the number of doors you have.
Q. Who needs to be consulted or involved when considering an Access Control solution?
A. Although an organisation is likely to install far larger systems than Access Control, it should be considered how many departments and individuals need to be involved.
Often an Access Control System will involve HR, IT, Facilities Management and Security departments as well as others such as Fire Alarm system providers, CCTV providers etc.
Q. How can I encourage my Staff to use the system responsibly?
A. Staff are often reluctant to embrace Access Control, so it is important consult and explain to staff the reasons and implications prior to installation.
It can be explained to Staff that Access Control can help to protect their security and their property as well as that of the organization.
Also, in the event of a fire, an evacuation list produced by the Access Control system could result in an individual being noted as missing and searched for by a rescue team – both security and safety.
Q. Can I use my existing cards with a new system?
A. Yes, it is a possibility that if you have existing cards or fobs, dependent on type, they could be used with a new Access Control system. The type of system may be limited and a particular type of reader used but because we can interface with different types of reader, a significant saving is possible due to not having to replace all of your cards.
Q. Why use a biometric solution for access control?
A. Unlike cards or keys, an individual’s fingerprint cannot be lost or stolen. The biometric access control system is much more secure than others because it works based upon your identity, rather than something that you have (such as keys) or something that you know (such as a PIN number). Fingerprint-based access control solutions are also fast, convenient, and surprisingly affordable.
Q. How will I benefit by using fingerprint biometrics?
Fingerprint biometric readers are generally lower cost and are often used for entry- and mid-level systems. They represent an easy and affordable way for businesses to get started using biometric-enabled time and attendance systems. Depending on the system, fingerprint-based biometric systems can have a false-acceptance rate that is lower than other technologies.
Q. What is proper power supply?
A. The operating frequency of a typical switching power supply ranges from 15 KHz to 50 KHz, and will usually generate wideband switching noise, plus some of its harmonics may fall on or near 125 KHz, the operating frequency of the reader. Therefore, Avoid using a switching power supply at all times. Also, Avoid using a single power supply for the reader and the magnetic lock. Doing so will affect reader operation and can damage the reader.
With UPS - It is recommended that access control system be connected to a backup power source so it will continue to operate during power failure.
Without UPS - The system will stop working in case of power failure. All door locks will be released automatically. The system will restart automatically when the power is restored.
Q. In case of a power cuts, will the fingerprint reader lose all of my time records?
A. Not at all. Each fingerprint reader stores up to 500-3000 fingerprint templates. In case of a power outage, when the power is restored these units will sync with the software again automatically. In case the server running software goes down, transactions can also be retrieved from the readers manually via an USB connection.
Q. What type of readers can I use?
A. Access Control currently supports readers from these manufacturers.
HID iCLASS
HID Proximity
AWID
Mifare
EM
Smart Card
Biometric (fingerprint)

Q. Can my / my staffs' fingerprints be used for any other purpose?
A. No. Fingerprints are not stored as images. They are converted to a mathematical algorithm for smaller storage and faster comparison and cannot be changed back to an image. Fingerprints can be copied from one terminal to another.

Q. What is TCP/IP Access Control System?
TCP/IP Access Control System is based on TCP/IP communication protocol, which uses network optical cable to transfer data of door control information. By TCP/IP network, the access control system could manage doors in a same LAN, or a large WAN, or on internet.

Q. What is the difference between TCP/IP network Access Control System and RS485 Access Control System?
A. The main difference between TCP/IP network Access Control System and RS485 Access Control System has two factors, first is the transmission speed, TCP/IP is much faster than RS485(TCP/IP is 10M/100M Bytes while RS485 is 9600Baud, 1Baud=1 bit per second), second is the capacity of the whole system, the size for RS485 and LAN is 255, the size for WAN or Internet use is unlimited.

Q. What is Wiegand?
A. Wiegand is the most common method of communication used by access control devices. A Interface module (IM) in the ICU of Access Control Panel for both wiegand input and output. A card reader (Prox. card) can pass the user ID# to the biometric access reader for verification and the IM can also output the user ID# to access panels that emulate a card reader.

Q. What is RFID technology?
A. RFID (Radio frequency identification) is a technology that uses radio waves to automatically identify people or objects. There are several methods of identification, but the most common is to store a serial number that identifies a person or object.

Q. What is Mifare technology?
A. Mifare technology is a 13.56 MHz contactless technology that is owned by Philips Electronics. Card and reader manufacturers such as HID use this technology to create unique products for use by end-users. Mifare is often considered to be a smart card technology. This is based on the ability to read and write to the card. In reality, Mifare is simply a memory card (as opposed to a processor card).

Q. What is Anti-Passback?
A. Well known as Anti-Tailgating. A feature that will not allow any card/fob to re-enter unless it has been used to exit. To be able to use this function, readers are required for both entry and exit. It prevents someone using his card/fingerprint to enter a secure area and then exit when someone else open the door(tailgating).

Q. Suppose you need to design 12door, where both side card reader for 200nos Card holder. What is the MOQ.
A. Option 1:
Sl No
Short Description
Long Descriptions
Unit
Total Qty.
1
Door Controller
Standalone Door Network Controller cum reader.
No.
12
2
Power Supply
Power Supply for controller
No.
12
3
Proximity Reader
Proximity Readers for Exit
No.
12
4
Proximity Card
Proximity Cards
No.
200
5
EM Lock
Singe leaf lock ( 600 lbs)
No.
12
6
EDR
Emergency Break glass switch
No.
12
7
MC
Magnatic Contuct
No.
12
8
Access Software
Access Control Software
Set
1
9
Patch Cord
Cat6a Cable
RM
100
10
Network Switch
16port Network Switcher
No.
1
11
Access Workstation
PC i5 with windows operating system, complete with keyboard, mouse
No.
1
12
4C Cable
Supply, Laying & Testing of  4cx1.5 sq.mm cable
RM
120
13
2C Cable
Supply, Laying & Testing of  2cx1.5 sq.mm cable
RM
100
14
25mm PVC Conduit
Supply, Laying & Testing of 25mm dia. PVC type conduit
RM
120
Option2:
Sl No
Short Description
Long Descriptions
Unit
Total Qty.
1
Door Controller
4Door / 8 Reader Network Controller
No.
3
2
Power Supply
Power Supply for controller
No.
3
3
Proximity Reader
Proximity Readers for Entry & Exit
No.
24
4
Proximity Card
Proximity Cards
No.
200
5
EM Lock
Singe leaf lock ( 600 lbs)
No.
12
6
EDR
Emergency Break glass switch
No.
12
7
MC
Magnatic Contuct
No.
12
8
Access Software
Access Control Software
Set
1
9
Patch Cord
Cat6a Cable
RM
100
10
Network Switch
8port Network Switcher
No.
1
11
Access Workstation
PC i5 with windows operating system, complete with keyboard, mouse
No.
1
12
4C Cable
Supply, Laying & Testing of  4cx1.5 sq.mm cable
RM
160
13
2C Cable
Supply, Laying & Testing of  2cx1.5 sq.mm cable
RM
160
14
25mm PVC Conduit
Supply, Laying & Testing of 25mm dia. PVC type conduit
RM
160

APAC is expected to hold the largest share of the access control market in 2023. The huge population base, increasing security concerns, growing urbanization, and increasing focus on industrialization are driving the growth of the access control market in APAC. The use of access control solutions in commercial and industrial verticals is the major factor driving the growth of the market in APAC.

References:
1. Access & Identity Management Handbook.
2. Security Sales GOLD Book 2014.
3. NSI Code of Practice for Design, Installation and Maintenance of Access Control Systems NCP 109.
4. BS EN 50133-2-1:2000 British Standards Institution 2018.
5. NFPA 101.