Guide to Design Access Control
Access control systems provide authorized individuals safe
and secure access in and out of various parts of your business while keeping
unauthorized people out. They can range from electronic keypads that secure a
single door to large networked systems for multiple buildings. Access Systems
also greatly simplify management of your facility: no need to replace lost
keys, hunt down old keys from terminated employees, or wonder who has access to
which areas.
Designing an access control solution requires decisions on 8
fundamental questions. This in-depth guide helps you understand the options and
tradeoffs involved in designing an excellent access control solution.
BS EN 50133-1:1997
European Standard for Access Control Systems Requirements of an access control
system for use in security applications. When a part of an access control
system (e.g access point interface) forms a part of an intruder alarm system,
that part shall also fulfil the relevant requirements of alarm intrusion
standards.
This standard addresses the security application for each
access point. An access control system may consist of any number of
access points.
Different levels of confidence in identification of users
requesting access at an access point have resulted in the definition of
recognition classes.
The diversities of the market needs for access control
systems have led to taking into account systems with or without logging or time
logging.
Access point actuators such as electric door openers, electric
locks, turnstiles and barriers are covered by CEN/TC 33 standards.
EN 50131 was phased in to replace British Standards BS4737,
BS7042 and BS 6799 and was adopted in October 2005 utilizing PD 6662:2004, an
enabling document which facilitated the introduction of EN 50131 into the UK.
PD6662 differs from former British Standards in the
following ways:
It determines not only the system but also the component
design requirements for Intruder and Hold-up Alarm systems.
A comprehensive Risk Assessment is required to determine the
design criteria of the system.
Applicable to both hard-wired and wire-less installations.
Grading of systems is required to reflect "the
risk". I.E. Grade 1 - Low Risk, Grade 4 - High Risk.
The
eight fundamental questions are:
- Are the Benefits
Worth the Cost?
- What Do You
Secure?
- What Forms of
Authentication and How Many Do You Need?
- What Kind of
Reader Should You Use?
- What Kind of
Lock Should You Use?
- What Do You need
at the Door Besides a Reader and Lock?
- How Do You
Connect the Reader to the Network?
- What Type of
Access Control Management System Should You Use?
This
report focuses on selecting and designing electronic access control system
(using cards, pins, biometrics, etc.) rather than key based ones.
Cost
While electronic systems are far more sophisticated and can
be more secure, most people still use keys. The reason is simple: cost.
Industry averages for electronic access control ranges Rs. 20K to Rs. 30K per door installed.
Locksets, on the other hand, run between Rs. 5K to upwards of Rs. 50K, depending on the level
of security required.
While electronic systems provide many benefits over keys,
they will cost thousands more per door than keys/locks. As such, you may
determine the cost of electronic systems cannot be justified or that only
certain doors are worth installing electronic access control.
What
are the benefits?
To
determine if electronic access control is worth the cost, understand if the
following benefits apply to your use:
- An access
control system simplifies management of access to the building. Keys do
not need to be made and distributed to employees or contractors.
Credentials (either permanent or temporary) are issued to the respective
party, and that is it.
- The potential
risk associated with a misplaced or stolen key is significantly reduced.
Typically if a key to an exterior door is lost, best practice and common
sense would mandate re-keying the facility, lest that key fall into
criminal hands. Re-keying is typically a large expense.
- Improved audit
trail: With keys, no record is kept of who came and went through each
door, and when. Intrusion detection and surveillance systems may provide
some idea, but not as simply, or in as much detail.
- With keys, in
many facilities, staff must manually lock and unlock doors at the
beginning and end of business. This requires time and introduces the risk
of forgetting or not properly locking a door. Doors controlled by an
access control system, whether controlled by a card reader or not, may be
automatically unlocked in the morning and locked at night on a schedule,
or when the intrusion detection system is disarmed and rearmed.
What do
You Secure?
After
answering the why, the second question when planning an access control
deployment is what. What assets are to be secured? Doors which are infrequently
used, or by a very limited number of staff, such as closets, typical
non-critical offices, and mechanical spaces, typically are not worth the
expense of adding access control, unless a legitimate risk to high-value assets
is expected.
Typical
spaces we see access control applied:
- Exterior Doors:
Typically, exterior doors are the first thing to be secured.
This simplifies access to the building, so staff do not need keys, while
keeping unauthorized persons out of all entrances except those intended.
Visitors may be directed to a particular entrance where staff can receive
them. Typically, this is done in one of two ways. (1) Remotely: In this scenario,
visitors to the facility utilize an intercom (audio/video is most
definitely preferred) to speak to reception or security staff, who then
remotely release the door so they may enter. (2) In-person: In this
scenario, visitors simply enter the building through an unlocked set of
doors and speak to reception staff. In both instances, the visitor may be
kept outside of the facility entirely, or they may be allowed access into
the building into a lobby or vestibule, which is secured by a second
access controlled door.
- Gates: Entry gates
are commonly added to an access control system. This moves access to the
perimeter, from the door, often desirable in high crime areas or
high-security facilities. This is typically paired with surveillance
and/or video intercom so staff may visually confirm who requesting entry
is. The gate may then be remotely released for deliveries or
visitors. Wireless interfaces make access control of gates
easier, by avoiding trenching costs. The gate is usually controlled via
interface to a gate operator or through specialized locks made for the
application.
- HR and
Accounting Areas housing confidential company
records are often next to be secured.
- Inventory and
Warehouse Areas:
Storage rooms and warehouses are easy targets for both internal and
external threats. Securing entrances to these areas reduces access,
provides a log of activity, and introduces an extra obstacle for anyone
intending to steal supplies or equipment.
- Data Closets: Along with
network security becoming a bigger issue, access control of data centers
and IDF’s has increased. Considering the server room is often the brains
of an organization’s operation, this is a good practice. Specialized
systems exist for securing cabinets in larger, often multi-user, data
centers.
- Classrooms: With computers
being a common target of theft in schools, locking classrooms is often
desirable. Installing electrified locks on each classroom also provides
lockdown capability, so in emergencies security staff may lock down the
entire campus with a single action.
- Cabinets: Specialized
locks for use on cabinets have are available so that access control may be
moved to the specific asset instead of the door.
- Key Control
Cabinets:
Many organizations, even those who use EAC extensively, still need to
manage a certain quantity of keys, whether for vehicles, cabinets, or
other purposes. Often, these keys are kept in a cabinet or on a backboard,
which are conspicuous and an easy target for any criminal. Simply using a
securely mounted cabinet with an electrified lock reduces this risk. More
elaborate systems for key management exist as well, providing control and
audit trail down to the level of the individual key.
What
forms of authentication and how many do you need?
A key
goal of access control is to selectively let people in. To do so, you need to
choose a technique for people to prove that they have legitimate access to an
entrance. This proof generally falls under the common mantra, something you
know, have or are. Lets look at the practical options used in real-world
security systems:
- Something you
Know:
This is the most common technique in accessing computers and second most
in accessing doors. The best examples of this are passwords or pincodes.
Since they are so easy to share and steal from an authorized user (it is
essentially free to replicate them), most physical access control systems
stay away from using this as the only means of authentication.
- Something You
Have:
This is the most common technique used in physical access and best
represented by the card or fob. The user carries this physical token with
them and presents it at the entrance. It is generally considered stronger
than pincodes because they are harder to reproduce. On the other hand, it
is possible to reproduce and the risk that the card is shared is still a
threat.
- Something You
Are:
This is the least common technique used in security but generally
considered the strongest. Good examples include fingerprint, face,
vein and hand geometry. These are fairly hard to fake (Hollywood movie
counterexamples notwithstanding). However, biometrics are still quite
rarely used statistically. Even for the ones that are considered to work
well, the price increase over cards makes it hard for most to justify.
You can
use these in combination. Indeed, this approach, called 'multi-factor
authentication' is very popular among security practitioners. You can have dual
or triple mode authentication where users are required to use a pin and a card
or a card and fingerprint or all three together. If both or all do not pass,
entrance is denied. The big plus for this approach is that it makes it much
harder for an illegitimate user to get in. The big downside is that it becomes
inconvenient to users who will be locked out if they forget one and will take
more time and hassle to get in each time they check in. Because of this, the
number of factors of authentication usually increases with the overall level of
security or paranoia of the facility (e.g., condos are single factor, military
bases can be triple, etc.).
What
kind of electrified lock should I use?
In all locking systems, the locking device represents the
physical security barrier. Locking devices include Magnetic Locks (Maglocks),
Electric strikes, Deadbolts, Magnetic Shear Locks and Electrified locksets.
These devices are mounted on the door and door casing. Examples of Locking
Device types follow. 'Clicking' on any of the device photos will open a new
window with direct access to pricing, and product datasheets for further and
more detailed reference.
· Magnetic
Locks/ Electromagnetic lock, magnetic lock, or maglock is
a locking device that consists of an electromagnet and armature plate. By
attaching the electromagnet to the door frame and the armature plate to the
door, a current passing through the electromagnet attracts the armature plate
holding the door shut. Unlike an electric strike a magnetic lock has no
interconnecting parts and is therefore less suitable for super high
security applications because it is possible to bypass the lock by disrupting
the power supply. Nevertheless, the strength of today's magnetic locks compares
well above that of conventional door locks and they cost less than conventional
light bulbs to operate. Power supplies incorporating a trickle-charged
lead-acid battery pack should be used to retain security for short-term power
outages. Magnetic locks possess a number of advantages over conventional locks
and electric strikes. For example, their durability and quick operation can
make them valuable in a high-traffic office environment where electronic
authentication is necessary.
· Easy to install: Magnetic locks are generally
easier to install than other locks given there are no interconnecting parts.
· Quick to operate: Magnetic locks unlock
instantly when the power is cut allowing for quick operation in comparison to
other locks.
· Suffer less damage: Magnetic locks may also
suffer less damage from multiple blows than conventional locks.
Disadvantages
· Requires continuous power: To remain locked,
the magnetic lock requires a constant power source. The power drain of the lock
is typically around 3 watts, far less than that of a conventional light bulb
(around 60 watts), but it may cause security concerns as the device will become
unlocked if the power source is disrupted. In comparison, electric strikes can
be designed to remain locked should the power source be disrupted.
Nevertheless, this behavior may actually be preferable in terms of fire safety.
· Electric
Strikes replaces the fixed strike faceplate often used
with a latchbar (also known as a keeper). Like a fixed strike, it normally
presents a ramped surface to the locking latch allowing the door to close and
latch just like a fixed strike would. However, an electric strikes ramped
surface can, upon command, pivot out of the way of the latch allowing the door
to be pushed open (from the outside) without the latch being retracted (that
is, without any operation of the knob) or while excited the knob or lever can
be turned to allow egress from the secured area. Electric strikes generally
come in two basic configurations:
Fail-secure
· Also called fail-locked or non-fail safe. In
this configuration, applying electric current to the strike will cause it to open.
In this configuration, the strike would remain locked in a power failure, but
typically the knob can still be used to open the door from the inside for
egress from the secure side. These units can be powered by AC which will cause
the unit to "buzz", or DC power which will offer silent operation,
except for a "click" while the unit releases.
Fail-safe
· Also called fail-open. In this configuration,
applying electric current to the strike will cause it to lock. In this
configuration, it operates the same as a magnetic lock would. If there is a
power failure, the door would open merely by being pushed/pulled open. Fail
safe units are always run using DC power.
· Electric
Deadbolts are recommended for high security interior door
and cabinet applications where electromagnetic locks are not required. Electric
bolt locks include long life solenoid driven direct throw mortise bolts, some
models offer right angle bolts for narrow frames and door stiles and surface
mounted bolt locks for door and cabinet applications. Compatible with virtually
any access control system, electromechanical bolt locks are available in
failsafe and fail secure modes
· Magnetic
Shear Locks are recommended to provide superior failsafe
holding force and aesthetics for most types of doors, including high profile
frameless glass doors. Representing the latest evolution in the development of
magnetic locks, shear locks incorporate several features to ensure that the
door seamlessly locks and releases without hindrance.
· Electrified
Locksets look and function like a typical cylindrical or
mortise style mechanical lock. However, incorporate internal solenoids to
enable the lock and latch feature. Building and fire life safety code compliant
for fire rated office doors, corridor doors, lobby doors, exit doors and
stairwell doors. Whether failsafe or fail secure, controlled access and remote
control capability is provided while the door stays latched even when unlocked,
maintaining fire door integrity.
What
kind of reader should You Use?
Readers
allow users to request doors to be unlocked and come in a wide variety of
options.
Keypad:
A very simple form of access control, in which the user enters his or her PIN
number at a keypad device to open the door. Keypads suffers from the inherent
security flaws of PINs described above.
Card
Readers: There are numerous card technologies currently in use in the industry,
both contact and contactless.
- Contact readers include
magnetic stripe, Wiegand, and barcode. Of the three magnetic stripe is the
only technology still widely used today. Barcode finds some use, mostly in
legacy systems, but is so easily duplicated - one simply has to copy the
barcode - it has fallen out of favor. Magnetic stripe readers are still
regularly used on college campuses and in other facilities, especially
where cards are used for purposes other than simply access. Mag stripe was
common for cashless payment, but many of those applications are being
filled by smart cards today. Contact readers are easily damaged by
vandals, by inserting foreign objects, or even gum, into the slot. This is
one of the reasons contactless proximity cards have become more common.
- Contactless
readers include
standard prox, contactless smart card, and other technologies, some
proprietary to a specific manufacturer. HID prox readers are by far the
most widely implemented technology in access control, with almost every
manufacturer supporting, and many reselling them. Regardless of which
specific reader you use, the technology is basically the same for purposes
of this discussion: the reader emits a field which excites a coil on the
card, which then transmits an embedded number to the reader. Smart card
technology has had somewhat limited acceptance due to higher pricing when
it was introduced. With prices falling in line with those of standard
prox, however, we recommend all new installations use smart card
technology. We will contrast the two technologies in a future report.
Also, a word of warning when selecting readers: proprietary card and
reader technology will almost always require that all readers be changed
and cards reissued should a facility change access control systems in the
future. For this reason, we recommend against using them, instead favoring
standard technologies.
Biometrics: For
access control purposes, we typically see one of three or four biometric
readers used: Fingerprint, iris, hand geometry, and retina, with fingerprint
readers being by far the most common. No matter which reader you choose, there
are several drawbacks to consider:
Access
time is typically longer than when a card is used. In high-throughput areas,
this may be a problem. You would not want to require an incoming shift of
workers in a factory to filter through biometric readers for building access,
for example.
Biometric
readers generally require an additional weatherproof enclosure. This adds
expense and slows access time more. Additionally, many of these enclosures
require an employee to manually open and close them, which increase risk of
human error. Failing to close a weatherproof enclosure after use may damage the
reader.
Compared
to card readers, biometric readers are expensive. This is offset somewhat by
eliminating the expense of cards, but it must be taken into account. If you go with Biometric devices then always select controller cum reader. During design of biometric based access control, you must take the template capacity.
What
type of reader should I use?
Whichever
technology is chosen, form factor must be taken into account. Readers come in a
variety of form factors, from miniature to oversized, depending on the
application.
Miniature
readers may be used to be aesthetically pleasing on an aluminum-framed door,
for example, while a 12” square reader may be positioned at the parking garage
entry for better read range. Generally speaking, the distance at which a card
can be read increases with the size of the reader. Standard read range is
between one and four inches.
What else do I need at the door - Door Access Control
Egress Devices?
To ensure free pass to exit a secure door, all locking
systems include a quick exit device. Examples include; push-to-exit buttons,
request-to exit bars, motion detectors, emergency (break-glass) exit and Time
delayed exit. These buttons are mounted in the interior, on the casing
surrounding the door (mullion mount) or on a wall near the door (gang mount).
Examples of Egress Device types follow. 'Clicking' on any of the device photos
will open a new window with direct access to pricing, and product datasheets
for further and more detailed reference.
The
devices above require power, of course, so power supplies are another
consideration when designing an access control system. There are three methods
by which door devices may be powered:
- A power supply
centralized with the access control panel. This is the simplest method,
requiring the least high voltage to be run and thus reducing cost. However,
voltage drop may become an issue, so calculations must be performed to
take this into account.
- A power supply
local to the door. This is common in cases where electrified hardware is
used. The power draw of an electrified device is normally much greater
than a mag lock or electric strike, so local power is installed, to avoid
voltage drop issues. The downside of this is that it adds another point of
failure, as opposed to a single central power supply.
- Power over
Ethernet. A relatively recent development to the industry, power over
Ethernet is being utilized to power single-door (or in some cases
two-door) controllers, which in turn supply power to all the attached
devices. In our experience, this is normally enough to power typical
strikes and mag locks, but not latch retraction devices. Power draw also
varies by manufacturer, so care must be taken to make sure enough power
exists to operate the selected lock.
No matter which method you use for powering devices at the door, fire alarm interface may need to be considered. Typically, doors in the path of egress are required to allow free egress in the case of fire. Note that this does not necessarily mean they must unlock, a common misconception. Doors equipped with electric strikes are not required to unlock if they also are equipped with panic hardware. Mag locks are, however, in almost all cases required to unlock. Remember this when considering locks for your access control system, as simply pulling a fire alarm pull station may leave the building completely vulnerable if mag locks are used.
We also recommend using supervised power supplies for access control applications. These power supplies supply contact closure upon AC fault conditions, or battery fault if backup power is being used, alerting the access control system that power to the door is lost. This allows more proactive monitoring, instead of waiting for a user to discover that a door does not open, or in the case of a mag lock, that it does not lock.
Push-To-Exit / Egress Switch Buttons as the name
implies Push-To-Exit buttons are wall mounted near the exit point and contain
directions on a large green or red button. Depressing the button releases the
door.
Push Bars attach across the inside
of the door at the height of the door latch. You exit the door by pressing against
the bar. The action of pressing the bar releases the latch and the door opens.
Emergency Exits attach on a wall
near the exit point. Emergency exits are available is two general types, the
first is a 'break-glass' model. To gain exit, you break the glass face. The
action depresses a button inside the switch and releases the door. The second
type uses a pull down handle to release the door.
Motion Sensors function by
detecting a vehicle or person approaching an exit and unlock the door. In addition
to motion sensors, several other type of free exit systems are available
including: loop detectors and photo cells or beams
Delayed Egress function by
starting a timer once the device is activated. Delayed egress can include voice
commands and sounds explaining the door will open in 'x' seconds. For example,
once depressed. a delayed egress can count down from 15 seconds to zero and
then release the latch opening the door. Delayed egress devices provide the
emergency opening functional of a free exit system while providing a delay for
enhanced security.
What
Type of Access Control System Should I Use?
Three
types of management exist for access control systems:
- Embedded: Also called
web-based or serverless, the access control system is managed wholly
through the access control panel, via web page interface or occasionally
software. Typically functionality is limited in this method, due to the
limitations of what can be done in a standard browser (without added
plugins, Flash, ActiveX, etc.), which will work on all platforms: Windows,
Mac, Linux. Enrollment and logging functions are easily available, but
real-time monitoring is more of a challenge. Cost is reduced, since no
server must be supplied.
- Server-based: The more
common method, puts administration, management, and monitoring of the
access control system on a central server. Client software installed on
management or monitoring PC’s connects to this server to perform necessary
functions.
- Hosted: Relatively new
to the industry, hosted access control systems are managed by a central
server which manages multiple end users’ systems from “the cloud”. The
only hardware required on site is the access control panel with an
internet connection. User interface is usually through a web portal,
making hosted access a combination of web-based and server-based
management. The hosting company must manage the system as a traditional
server-based system would be managed, but to a user, all interface is via
the web.
When selecting
an access control system, consider what features you will need at the present
time, and consider where the system will go in the future. Some questions to
ask:
- Does it use
standard card readers? While HID are well-known as access
control industry juggernauts being OEM’d or supported by the vast majority
of manufacturers, not every system utilizes compatible readers. Some
manufacturers support only proprietary readers which would typically need
to be replaced should the system be changed to a different vendor’s
product in the future. Others utilize different cabling topologies, which
usually require less cable to each door, typically a single cable, with
all the devices at the door connecting to an intelligent reader or small
controller. If future-proofing is a concern, as it typically is and should
be, select systems which utilize standard wiring schemes.
Another
consideration when discussing “openness” of a system is whether the selected
manufacturer uses open platform control panel hardware or their own proprietary
panels. If the system runs on open hardware, most, if not all, of the head end
panels may be reused when changing to a competitive system. Mercury
Security is the largest supplier of OEM hardware to the access control
industry, with manufacturers such as Lenel, Honeywell, and more using their
hardware. HID’s network-based Edge and VertX platform are
seen second-most often.
In the
case of a small organization with a handful of doors, open platform hardware
may be a non-issue. If the required feature set is small, and the likelihood of
moves and expansions is low, a proprietary web-based platform will suffice.
However, for enterprise-level systems, non-proprietary hardware is highly
recommended to avoid becoming trapped by a single vendor.
- Do you require
integration to other systems? Integration of surveillance systems (or
other systems) with an access control system has grown in popularity
in the past few years. For our purposes, we are specifically discussing
software-based integration. Integrations via inputs and outputs, or RS-422
command strings, have been in use for many years and are very functional,
but nowhere near the level of a true software integration. Some features
you may expect via software integrations:
- Integrating
surveillance with access control allows access events to be presented to
an operator with corresponding video. This reduces investigation and
response time of the guard force. Integrated systems may also slew PTZ
cameras in the direction of a forced door or access denied event.
- Integrating
intrusion detection with access control allows for arming and disarming of
the system via card swipe. Sometimes this is based on the first person
in/last person out, using people counting features of the access control
system. We feel cardswipe arming/disarming is a security risk, however, as
a lost card now unlocks the door and disarms the building, leaving the
facility-wide open for any thief. Integrating the intrusion detection
system also allows for arming and disarming from the access management
software, as well.
- It should be
noted that these integrations are rarely very “open”. Most commonly, the
video management, intrusion detection, and access management systems must
be from the same manufacturer. At best, an access control system will
support a handful of video platforms. Intrusion integration has
historically been strictly limited to the same manufacturer.
- While intrusion
and surveillance integrations are the most common, other systems may be
integrated to the access control system as well, depending upon the
capabilities of the ACS platform. If the intent is to use the ACS as a
full security management platform, displaying and correlating all alarms,
fire alarm, building automation, perimeter detection, or other systems may
also be considered for integration. The capabilities of some access
management system are beginning to approach those of true PSIM platforms,
though typically without the procedure element common to PSIM.
- Many systems,
especially web-based varieties, feature only integration to video, if any
integration exists at all. This is especially common among the smaller
access-control-only manufacturers. Integration to third-party systems is
usually not a free feature of the software, either, and buyers should beware
of licensing fees before making purchasing decisions. The only integration
commonly free is with a manufacturer’s own video management or DVR
systems.
- How will the
system be used? If all the system must do is unlock doors when a card is
presented, simply to replace keys, make sure that the enrollment features
of the system are simple to use. Chances are that live monitoring will not
be crucial in a system such as this. Access logs should be simple to
review, as well.
- If the system
will be used in a live-monitored scenario, it should offer all relevant
information in a streamlined fashion, without clutter. Typically this will
consist of an event list, in which all system events scroll through as
they occur. Map views may also be useful, depending on the facility. This
way an operator may see exactly where an alarm is occurring, speeding
response. Cameras and other integrated system devices are also commonly
shown on the map for ease of use.
Door Access Control Features [ What options and features
are available?]
Timing - lets
you set specified times when a door should lock and unlock. Particularly useful
for doors that are open to the public at some times but only to employees at
others.
Tracking -
Any computerized access control system will do some basic tracking of usage.
Check out the available reports and see if they provide the level of detail you
need.
Battery backup - keeps your
premises secure for hours, even during a power failure.
Template layouts - lets you
create a graphic blueprint of your building and point and click your way around
to change permissions for different doors.
Badge printing - The vendor may
be able to supply a specialized printer so you can create new cards as needed,
with or without photos.
For some types of access control systems, you may also want
voice communication capabilities, such as an intercom or a telephone‐entry
system. A simple intercom allows visitors to talk to a central control booth.
Telephone‐entry systems, common in large apartment buildings,
allow visitors to dial a specific unit to request entry and let residents
unlock the door using their phone.
Special
Considerations
Outside
the typical door access scenario, there are some special use cases of access
control we may run into:
- Elevators: There are two
methods of restricting access to an elevator (1) Call the elevator car
upon a valid card read, instead of pushing a button. This method puts a
single reader outside the elevator. A user presents his or her credential
to call the car. Once in the elevator, the user has access to any floor he
or she chooses. This is a simpler and less costly method of restricting
access, since only a single card reader must be installed, but may not be
applicable in all scenarios, if access to individual floors is desired.
(2) Allow selection of individual floors based on the credential
presented. In this scenario, when the user enters the elevator, the floors
he or she is restricted to are lit, and floors they’re not allowed access
to remain unlit. They will only be allowed to take the elevator to floors
they’re given access to. There are multiple drawbacks to this method,
although it may be unavoidable if this sort of security is required.
First, it requires a card reader be mounted in the car, which requires
interfacing with the elevator’s traveller cable/ flat Cable, or wireless transmission
be used. Second, it requires an input and output for each floor to
activate and deactivate each of the buttons, which may be labor intensive
depending on how many floors there are in the building.
- Harsh
Environments:
When utilizing access control in harsh environments, all of the devices in
the system must typically be intrinsically safe, also called explosion
proof. What this means is that the device will not spark and potentially
create an explosion. While there are card readers specifically produced
for these environments, typically they consist of a standard card reader
mounted in an explosion-proof instrument enclosure, readily available from
electrical distributors, and easily fabricated in the field.
- Mustering: A function of
certain access control systems, mustering counts employees exiting the
building via a designated reader or group of readers. So, in case of
emergency, security and safety staff may see how many employees and
visitors, in some systems, are still in the facility. Specialized wireless
readers may also be used for mustering, In this case, the security officer
carries a reader and has employees swipe their credentials as they reach
the mustering point.
Suppose you need to design 2door, where both side card reader for 100nos Card holder. What is the MOQ.
Option 1:
Sl No
|
Short Description
|
Long Descriptions
|
Unit
|
Total Qty.
|
1
|
Door Controller
|
2 Door / 2 reader Door Controller
|
No.
|
2
|
2
|
Power Supply
|
Power Supply for controller
|
No.
|
2
|
3
|
Proximity Reader
|
Proximity Readers for Entry &
Exit
|
No.
|
4
|
4
|
Proximity Card
|
Proximity Cards
|
No.
|
100
|
5
|
EM Lock
|
Singe leaf lock ( 600 lbs)
|
No.
|
2
|
6
|
EDR
|
Emergency Break glass switch
|
No.
|
2
|
7
|
MC
|
Magnatic Contuct
|
No.
|
2
|
8
|
Access Software
|
Access Control Software
|
Set
|
1
|
9
|
Patch Cord
|
Patch Cord 3 M
|
No.
|
2
|
10
|
Network Switch
|
4port Network Switcher
|
No.
|
1
|
11
|
Access Workstation
|
PC i5 with windows operating
system, complete with keyboard, mouse
|
No.
|
1
|
12
|
4C Cable
|
Supply,
Laying & Testing of 4cx1.5 sq.mm
cable
|
RM
|
30
|
13
|
2C Cable
|
Supply,
Laying & Testing of 2cx1.5 sq.mm
cable
|
RM
|
40
|
14
|
25mm PVC Conduit
|
Supply,
Laying & Testing of 25mm dia. PVC type conduit
|
RM
|
60
|
Option 2:
Sl No
|
Short Description
|
Long Descriptions
|
Unit
|
Total Qty.
|
1
|
Door Controller
|
Standalone Door Controller cum
reader.
|
No.
|
2
|
2
|
Power Supply
|
Power Supply for controller
|
No.
|
2
|
3
|
Proximity Reader
|
Proximity Readers for Entry &
Exit
|
No.
|
2
|
4
|
Proximity Card
|
Proximity Cards
|
No.
|
100
|
5
|
EM Lock
|
Singe leaf lock ( 600 lbs)
|
No.
|
2
|
6
|
EDR
|
Emergency Break glass switch
|
No.
|
2
|
7
|
MC
|
Magnatic Contuct
|
No.
|
2
|
8
|
Access Software
|
Access Control Software
|
Set
|
1
|
9
|
Patch Cord
|
Cat6a Cable
|
RM
|
30
|
10
|
Network Switch
|
4port Network Switcher
|
No.
|
1
|
11
|
Access Workstation
|
PC i5 with windows operating
system, complete with keyboard, mouse
|
No.
|
1
|
12
|
4C Cable
|
Supply,
Laying & Testing of 4cx1.5 sq.mm
cable
|
RM
|
30
|
13
|
2C Cable
|
Supply,
Laying & Testing of 2cx1.5 sq.mm
cable
|
RM
|
40
|
14
|
25mm PVC Conduit
|
Supply,
Laying & Testing of 25mm dia. PVC type conduit
|
RM
|
60
|
Testing
This phase might begin staggered as various parts of the implementation
phase are completed. At some point, testing will often involve the authority
having jurisdiction (AHJ), particularly in the life-safety areas of your access
control system.
Testing is often very methodical. It should include
checklists, and all relevant parties must sign off on the results. Make sure to
save copies for your records.
It is also recommended that, within a few weeks prior to actually starting to
use the access control system, all operations, management and service personnel
be trained. Training, if not properly implemented, will make for a bumpy
transition to that new access control system.
Maintaining
The system will need ongoing maintenance, so a maintenance contract
proposal is in order. This is a wonderful source of recurring revenue. Most
decent-sized security projects will require ongoing maintenance programs
because these kinds of projects are never fully completed.
So now we return to the beginning of the project cycle, with
changes and add-ons, beginning a project cycle all over again. Such is life in
the day of a project manager.
Life-Safety Rules, Terminology are Paramount
Since most access control systems are basically designed to keep someone
out, important measures need to be observed so as not to accidentally keep a
person from exiting a building.
A key factor when working with access control systems is the
important considerations of fire/life-safety rules. The most important rules
are listed in the American National Standards Institute (ANSI) and National
Fire Protection Association (NFPA) 101 Life Safety Code(r). This is required
reading for all who specify, sell, install and service access control
systems.
Dealers should be knowledgeable of safety terminology, such
as knowing the difference between fail-safe and fail-secure.
Though it is typical to have free egress in a commercial
building, there are ways to supervise and monitor an unauthorized exit. A
suggested sensor for exiting through a door is the request-to-exit (RQE)
sensor. The RQE is a motion sensor that senses only personnel who are directly
in front of an exit door. Another option is having a door push bar also
connected with the magnetic door lock.
Often, a happy compromise between allowing someone to exit
but not exiting unnoticed or undeterred can be reached by using an electronic
egress delay. Many RQE units, such as a door push bar, allow for an
unauthorized exit but only after a short delay period in which a local audible
and report alarm have occurred.
Typically, a bar would need to be pushed for more than two
seconds and would not allow full unlocking of the door until after 15 seconds
(an AHJ can make that up to 30 seconds). Still enough time to exit from a fire,
yet enough time for security personnel to take action.
Choosing a Door Access Control Manufacturer and Vendor
As with any major business purchase, it is worth taking the
time to ask a lot of questions when choosing an access control manufacturer and
support vendor. You want a vendor who is large enough to be stable and provide
timely customer support when you need it, yet small enough to be responsive to
your needs. Flexibility is also important: the vendor should be able to adjust
to your specific requirements. The best vendors will ask you questions as well.
They will walk you through the specification process and help you design the
solution that best fits your needs. They do not need to see your facility, but
they may ask you to send digital pictures of specific entry points. Avoid
vendors who have the perfect system for you; after five minutes of
conversation; and by the way, it is on sale this week only!
Most access control vendors work with a wide range of
customers, but you should look for one that has experience in your industry. In
particular, do not work with a company that handles mostly residential systems:
for your business, you need commercial‐grade access control. Many
manufacturers produce residential versions that are considerably cheaper; but
they are not as reliable and not built for the same amount of use as commercial
systems. Also, look for a vendor who supports multiple brands of hardware.
Access control hardware is fairly standardized and will work with most
controllers. However, controllers and software are more specialized, so make
sure the dealer you choose has significant experience supporting the brands you
decide on. Factory certification from manufacturers indicates a greater level
of training and support, but it is not essential.
Integration and Installation
In addition to providing you with the right products, the
vendor you choose will also be responsible for providing going support and
helping to integrate it with any other related systems you have. There is no
real standard for connectivity between access control and alarms, time and
attendance and video surveillance, so there will always be some additional
custom work involved in creating links between these systems. Most important,
there are local and national codes governing the types of locks and hardware
that can be used on fire and exit doors, so make sure you are familiar with the
ordinances in your area. Some of Controller haveing inbuild fire integration port, in case of fire access door is unlock. If this dedicated port not there then you need to pass lock power through fire control module NC & COM.
Door Access Control System Buying Tips
Stay in touch - Keep your building management in the loop as you
select and install a security access control system; you may need permission to
do certain types of installation.
Safe or secure - Different types of locking hardware can be "fail
secure" meaning if the power goes out, the door remains locked from the
outside, or "fail safe" meaning the door will unlock completely in a
power failure. Both safety regulations and your own security requirements can
have an impact on which type is right for your situation. (Remember that in a
power failure, security doors must allow anyone inside to exit.)
Reuse equipment - Hardware, locks, sensors, and card readers or keypads;
are fairly interchangeable between different security access control systems,
so upgrades and add ons can incorporate existing materials.
Do not overbuy - Securing door after door inside your facility is
likely to frustrate employees more than increase security. Do not feel like you
have to include every door in a security access control system: a mix of card
access and plain old keys is often the best combination. Focus your access
control points on the perimeter of your building.
Example & FAQ:
Q. In my office has only one door – Main entrance, I need
to control unwanted person from there. Along with I want to record in time
& out time for their attendance.
A. This is very common who has small office. You required
one no of Standalone Controller Cum reader (Card Reader / Biometric) install at
Entry gate/Door. For Exit either you required one no Egress Switch / Exit
Switch. Or you can use Reader (Card / Biometric). Remember you required door
locking devices Like: EM Lock, Strikes Lock etc. You required one Attendance
Software to get in time & out time with other specified reports. Based on
your controller you reqired access card (EM / Proximity / HID proximity etc). Also
take measure of communication cable.
Q. We need access control for my office Main door &
server room.
A. There are two nos door under access control. We design
two way to secure customer office.
1. Standalone: If you use this type of design then you need
Controller cum reader for both door entry. Two nos Egress Switch (If controller
handle Exit Reader, then you can put Reader also) & Two nos EM Lock to
secure there both room. The controller havening access management software. You
can get report from there. Based on your controller you required access card
(EM / Proximity / HID proximity etc). Also take measure of communication cable.
2. You can take 2-Door Controller having 4nos reader
option. Now you take 2 / 4 nos proximity card reader, 2nos Egress Switch, 2nos
EM Lock. The controller havening access management software. You can get report
from there. Based on your controller you required access card (EM / Proximity /
HID proximity etc). Also take measure of communication cable.
Q. We have 9000Sqft carpet area office, we want access
control in our office for some door.
A. You have a variety of options. Firstly, you have to
decide how many doors you want to control initially, and how many you are
likely to want to control in the future. You need to decide if you want to link
a variety of sites together, so that a person can be given access rights to a
variety of doors in a variety of principle.
Now we consider Multiple door, non-pc controlled Access
control systems. These systems are cost effective, but once again, can be time
consuming to control. Each user is issued with a fob or card. You ‘enrol’ users
onto the system using a master fob. When someone leaves, you can disable their
fob or card form the main controller. These systems give very little reporting,
and it's impossible to find out who came in at a certain time. They are ideal
where very few users need access to 1 or 2 doors. They are more convenient than
having 2 separate standalone electronic keypads, and more secure as codes are
not given out. They are not good for a large amount of doors or a larger amount
of users.
Now we consider Multiple door, PC controlled Access control
systems. There are many manufacturers of these systems, and a wide variety of options.
Once you have made the investment in the software, training, badge technology
and hardware, it’s prohibitive, in terms of cost to switch to another
manufacturer. The principle of these systems is that from a central
location, you can truly control who goes in or out of any particular door,
anywhere on the system, during what hours. There are a variety of alerts that
can be enabled, such as if a door has been held open, or forced open, or if the
emergency break glass has been broken. Typically, there is a reading
device at each door, which accepts swipe cards, or more typically is a
proximity reader. This device is able to ‘read’ the information on a badge or
fob from 2 or 3 inches. There are other readers with a longer read range, that
help people comply with the Disability Discrimination Act.
Q. How is the price calculated ?
A. We will automatically generate an approximate hardware
quote based on the number of doors you have.
Q. Who needs to be consulted or involved when considering
an Access Control solution?
A. Although an
organisation is likely to install far larger systems than Access Control, it
should be considered how many departments and individuals need to be involved.
Often an Access
Control System will involve HR, IT, Facilities Management and Security
departments as well as others such as Fire Alarm system providers, CCTV
providers etc.
Q. How can I encourage my Staff to use the system
responsibly?
A. Staff are
often reluctant to embrace Access Control, so it is important consult and explain
to staff the reasons and implications prior to installation.
It can be
explained to Staff that Access Control can help to protect their security and
their property as well as that of the organization.
Also, in the
event of a fire, an evacuation list produced by the Access Control system could
result in an individual being noted as missing and searched for by a rescue
team – both security and safety.
Q. Can I use my existing cards with a new system?
A. Yes, it is a
possibility that if you have existing cards or fobs, dependent on type, they
could be used with a new Access Control system. The type of system may be
limited and a particular type of reader used but because we can interface with
different types of reader, a significant saving is possible due to not having
to replace all of your cards.
Q. Why use a biometric solution for access control?
A. Unlike cards or keys, an individual’s fingerprint cannot be lost or stolen.
The biometric access control system is much more secure than others because it
works based upon your identity, rather than something that you have (such as
keys) or something that you know (such as a PIN number). Fingerprint-based
access control solutions are also fast, convenient, and surprisingly
affordable.
Q. How will I benefit by using fingerprint biometrics?
Fingerprint biometric readers are generally lower cost and are often used for
entry- and mid-level systems. They represent an easy and affordable way for
businesses to get started using biometric-enabled time and attendance systems.
Depending on the system, fingerprint-based biometric systems can have a
false-acceptance rate that is lower than other technologies.
Q. What is proper power supply?
A. The operating frequency of a typical switching power
supply ranges from 15 KHz to 50 KHz, and will usually generate wideband
switching noise, plus some of its harmonics may fall on or near 125 KHz, the
operating frequency of the reader. Therefore, Avoid using a switching
power supply at all times. Also, Avoid using a single power supply
for the reader and the magnetic lock. Doing so will affect reader
operation and can damage the reader.
With UPS - It is recommended that access control system be
connected to a backup power source so it will continue to operate during power
failure.
Without UPS - The system
will stop working in case of power failure. All door locks will be released
automatically. The system will restart automatically when the power is restored.
Q. In case of a power cuts, will the fingerprint reader
lose all of my time records?
A. Not at all. Each fingerprint reader stores up to 500-3000 fingerprint
templates. In case of a power outage, when the power is restored these units
will sync with the software again automatically. In case the server running
software goes down, transactions can also be retrieved from the readers
manually via an USB connection.
Q. What type of readers can I use?
A.
Access Control currently supports readers from these manufacturers.
HID iCLASS
HID Proximity
AWID
Mifare
EM
Smart Card
Biometric (fingerprint)
Q. Can my / my staffs' fingerprints
be used for any other purpose?
A.
No. Fingerprints are not stored as images. They are converted to a mathematical
algorithm for smaller storage and faster comparison and cannot be changed back
to an image. Fingerprints can be copied from one terminal to another.
Q. What is TCP/IP Access Control System?
TCP/IP
Access Control System is based on TCP/IP communication protocol, which uses
network optical cable to transfer data of door control information. By TCP/IP
network, the access control system could manage doors in a same LAN, or a large
WAN, or on internet.
Q. What is the difference between
TCP/IP network Access Control System and RS485 Access Control System?
A.
The main difference between TCP/IP network Access Control System and RS485
Access Control System has two factors, first is the transmission speed, TCP/IP
is much faster than RS485(TCP/IP is 10M/100M Bytes while RS485 is 9600Baud,
1Baud=1 bit per second), second is the capacity of the whole system, the size
for RS485 and LAN is 255, the size for WAN or Internet use is unlimited.
Q. What is Wiegand?
A.
Wiegand is the most common method of communication used by access control
devices. A Interface module (IM) in the ICU of Access Control Panel for both
wiegand input and output. A card reader (Prox. card) can pass the user ID# to
the biometric access reader for verification and the IM can also output the
user ID# to access panels that emulate a card reader.
Q. What is RFID technology?
A.
RFID (Radio frequency identification) is a technology that uses radio waves to
automatically identify people or objects. There are several methods of
identification, but the most common is to store a serial number that identifies
a person or object.
Q. What is Mifare technology?
A.
Mifare technology is a 13.56 MHz contactless technology that is owned by
Philips Electronics. Card and reader manufacturers such as HID use this
technology to create unique products for use by end-users. Mifare is often
considered to be a smart card technology. This is based on the ability to read
and write to the card. In reality, Mifare is simply a memory card (as opposed
to a processor card).
Q. What is Anti-Passback?
A. Well known as Anti-Tailgating. A feature that will not allow any card/fob to re-enter unless it has been used to exit. To be able to use this function, readers are required for both entry and exit. It prevents someone using his card/fingerprint to enter a secure area and then exit when someone else open the door(tailgating).
Q. Suppose you need to design 12door, where both side card reader for 200nos Card holder. What is the MOQ.
A. Option 1:
Sl No
|
Short Description
|
Long Descriptions
|
Unit
|
Total Qty.
|
1
|
Door Controller
|
Standalone Door Network Controller
cum reader.
|
No.
|
12
|
2
|
Power Supply
|
Power Supply for controller
|
No.
|
12
|
3
|
Proximity Reader
|
Proximity Readers for Exit
|
No.
|
12
|
4
|
Proximity Card
|
Proximity Cards
|
No.
|
200
|
5
|
EM Lock
|
Singe leaf lock ( 600 lbs)
|
No.
|
12
|
6
|
EDR
|
Emergency Break glass switch
|
No.
|
12
|
7
|
MC
|
Magnatic Contuct
|
No.
|
12
|
8
|
Access Software
|
Access Control Software
|
Set
|
1
|
9
|
Patch Cord
|
Cat6a Cable
|
RM
|
100
|
10
|
Network Switch
|
16port Network Switcher
|
No.
|
1
|
11
|
Access Workstation
|
PC i5 with windows operating
system, complete with keyboard, mouse
|
No.
|
1
|
12
|
4C Cable
|
Supply,
Laying & Testing of 4cx1.5 sq.mm
cable
|
RM
|
120
|
13
|
2C Cable
|
Supply,
Laying & Testing of 2cx1.5 sq.mm
cable
|
RM
|
100
|
14
|
25mm PVC Conduit
|
Supply,
Laying & Testing of 25mm dia. PVC type conduit
|
RM
|
120
|
Option2:
Sl No
|
Short Description
|
Long Descriptions
|
Unit
|
Total Qty.
|
1
|
Door Controller
|
4Door / 8 Reader Network
Controller
|
No.
|
3
|
2
|
Power Supply
|
Power Supply for controller
|
No.
|
3
|
3
|
Proximity Reader
|
Proximity Readers for Entry &
Exit
|
No.
|
24
|
4
|
Proximity Card
|
Proximity Cards
|
No.
|
200
|
5
|
EM Lock
|
Singe leaf lock ( 600 lbs)
|
No.
|
12
|
6
|
EDR
|
Emergency Break glass switch
|
No.
|
12
|
7
|
MC
|
Magnatic Contuct
|
No.
|
12
|
8
|
Access Software
|
Access Control Software
|
Set
|
1
|
9
|
Patch Cord
|
Cat6a Cable
|
RM
|
100
|
10
|
Network Switch
|
8port Network Switcher
|
No.
|
1
|
11
|
Access Workstation
|
PC i5 with windows operating
system, complete with keyboard, mouse
|
No.
|
1
|
12
|
4C Cable
|
Supply,
Laying & Testing of 4cx1.5 sq.mm
cable
|
RM
|
160
|
13
|
2C Cable
|
Supply,
Laying & Testing of 2cx1.5 sq.mm
cable
|
RM
|
160
|
14
|
25mm PVC Conduit
|
Supply,
Laying & Testing of 25mm dia. PVC type conduit
|
RM
|
160
|
APAC is expected to hold the largest
share of the access control market in 2023. The huge population base,
increasing security concerns, growing urbanization, and increasing focus on
industrialization are driving the growth of the access control market in APAC.
The use of access control solutions in commercial and industrial verticals is
the major factor driving the growth of the market in APAC.
References:
1. Access & Identity Management Handbook.
2. Security Sales GOLD Book 2014.
3. NSI Code of Practice for Design, Installation and Maintenance of Access Control Systems NCP 109.
4.
BS EN 50133-2-1:2000 British Standards Institution 2018.
5. NFPA 101.
