What is physical access control?

Physical access control systems (PACS) are a type of physical security designed to restrict or allow access to a certain area or building. Often, PACS are installed in order to protect businesses and property from vandalism, theft, and trespassing, and are especially useful in facilities that require higher levels of security and protection. Unlike physical barriers like retaining walls, fences or strategic landscaping, physical access control procedures control who, how and when a person can gain entry. The following are the main components of a physical access control system:

  • Access point: The entrance point where the barrier is needed. Common physical access control examples of access points include security gates, turnstiles and door locks. A secure space can have a single access point, like an office inside a larger complex, or many access points.

  • Personal credentials: Most PACS require a user to have identifying credentials to enter a facility or access data. Physical access control examples of credentials include fobs and key card entry systems, encrypted badges, mobile credentials, PIN codes and passwords. Personal credentials tell the system who is trying to gain entry.

  • Readers and/or keypads: Stationed at the access point, readers send data from credentials to a control panel to authenticate the credential and request access authorization. If using a keypad or biometric reader (such a fingerprint scan, facial ID, or retina scan), users will enter their PIN or complete a scan prior to obtaining access.

  • Control panel: The PACS control panel receives the credential data from the reader and verifies if the credential is valid. If the credential data is approved, the control panel transmits authorization data to the access point via the access control server, and the door will unlock. If the credential data is not approved, the user will not be able to gain entry. 

  • Access control server: The access control server stores user data, access privileges, and audit logs. Depending on your system, the server might be on-premises, or managed in the cloud. System maintenance and software updates should be performed regularly to protect the system from hacking and possible security breaches.

Physical access control vs. logical access control

While physical access control is the restriction of access to a certain building or space, that often isn’t enough protection in today’s world. A locked door is a pretty good way to keep unwanted people out of a space, but how can you make sure the right people have access to your data? That’s where logical access control comes in. While physical access control systems employ credentials like keycards, key fobs, or mobile credentials to restrict, allow and manage who can enter a space or building, logical access control takes security one step further by requiring identity authorization, and using processes like entry schedules and entry requirements to limit access. 

In other words, there are two requirements to gain entry: something you have, and something you know. Something you have might be a keycard or fob, and something you know will be a more personal identifier that is harder for another person to obtain, like a PIN code, password, or facial ID.

Advanced physical access control systems, for example, will use this multi-factor authentication method by combining a physical barrier, like a gate, door or a turnstile, with a user authorization credential, like a password or biometric scan, to ensure only authorized individuals have access to high-security areas. Using a mobile credential for access can automatically incorporate the extra protection of logical access control. Your smartphone requires a password, fingerprint or FaceID to unlock, which makes it harder for would-be criminals to gain entry — they would need to have possession of the phone and be able to unlock it, just to get through the door. When it comes to protecting your data, using physical access control systems that employ multi-factor authentication is the first step in a comprehensive cybersecurity plan in the digital age.

What to look for in physical access control systems

With recent advancements in security technology, physical access control systems are now available with many enhanced features and options. One choice you will need to make when planning and budgeting for a physical access control system is the type of credentials you want to use. If you are opting for a more budget-conscious credential selection, keycards seem like the right choice up front. However, keycards may end up costing you more over time, simply because they are frequently lost and need replacing. Not to mention that a lost keycard can pose a security threat if it ends up in the wrong hands. If keycards or fobs are still the right choice for your business, make sure you purchase encrypted keycards, or use two-factor authentication for an added layer of protection. For the best in security and value, a mobile credential gives your users the convenience of using their mobile phone to enter and exit the building, with multi-factor biometric authentication built right in. You won’t have to replace keycards, and smartphones are less likely to be lost, left at home, or passed around the office. 

Another factor to consider when planning your physical access control procedures is maintenance and system management. Many legacy access control systems use cumbersome readers and on-site servers, which require in-person management and maintenance. Delays in system updates can put your system at higher risk of a breach, and older readers are prone to tampering. Plus, if credentials need to be reassigned or newly created, an administrator will likely need to be on-site to handle the request. If you anticipate needing access to your system remotely, or want the latest security updates in real-time, you should consider systems that use more modern software, When selecting a PACS for your building, there are added benefits to using a physical access control system that runs on a cloud-based platform. 

What is physical access control that runs on the cloud?

With this type of PACS, your access control hardware (readers, hubs and control boards) communicates with software via the cloud for a more flexible, scalable security solution. Here are some benefits of using a cloud-based PACS:

  • Ability to remotely control the hardware from anywhere, including triggering unlocks and lockdowns

  • Instant credentialing for new users, as well as the ability to revoke access immediately

  • Ability to receive real-time notifications for access events and potential threats

  • Maintenance and troubleshooting can be done remotely in the cloud without needing to be on-premises

  • System updates are automatically downloaded from the cloud, meaning you always have the most up-to-date security measures in place

  • Real-time audit trails for all access activity, stored in the cloud so it can be accessed from any authorized device

  • Ability to integrate your physical access control system with other building security software, such as video surveillance, visitor management, communication tools, and space management solutions

Planning your physical access control system

Before you start implementing a new physical access control policy in your building, there are a few questions to ask to determine if your current system meets your needs, and what might be missing. 

  • What are your main security concerns? 

  • How many buildings do you need to secure?

  • Do you have ancillary structures like parking garages that need physical access control?

  • How many entrances and exits will need physical access control? 

  • How many users will require daily or temporary access?

  • Do you have different levels of access to accommodate in your organization? 

  • What types of credentials do you need?

  • Does your physical access control system need to meet any compliance requirements?

Another factor to consider during the physical access control planning process is the enhanced safety features and benefits of the system. In the aftermath of the COVID-19 pandemic, many workplaces are left vulnerable with staff working from home, and once employees do return to work, the security systems in place aren’t equipped to handle the new normal. Choosing a system that has touchless access capabilities like wave-to-unlock, features to help with capacity tracking, plus fully remote access for administrators, for example, gives you more flexibility and peace of mind to reopen your facility safely. A COVID-19 workplace safety guide can help you determine what to look for in a physical access control system that makes your building a safer, healthier workplace.

Once you have a new system installed, make sure your administrators, IT providers, and any staff that will use the system are well-versed in the new physical access control procedures. Your physical access control system policies will likely change with a new system, requiring users to either download a new mobile app to activate mobile credentials, or hand in their old badges and receive new encrypted credentials. Likewise, additional training may be needed for administrators who will need to add and revoke access for users, as well as at the user level to demonstrate how to use new credentials. Proper training for physical access control procedures will prevent misuse of the new system once it’s installed. Also, communicating the updated physical access control policies prior to installation will help facilitate a smoother transition for everyone.

Access control is just one component of your workplace or building security, but it should not be overlooked. Having a functioning system and the right physical access control policy in place can mitigate breaches by keeping potential criminals out, and only allowing authorized users in. Use a security audit checklist to ensure you are doing everything necessary to ensure the safety of your perimeter and data secure, but also your staff and employees.

Additional Resources