Access control is a form of physical security that manages who has access to an area at any given time. Access control systems restrict access to authorized users and provide a means to keep track of who enters and leaves secured areas.
Electronic access control systems are widely used across industries, and include the implementation of electrified doors, turnstiles, guards and gates to keep an area secure. For example, in a door entry system in an access-controlled building, authorized persons use credentials (physical, digital via a mobile device, or biometric) to make unlock requests at readers, which send information to an Access Control Unit (ACU), also known as an access control panel or a controller. The ACU then triggers the electrified door hardware to unlock if authorized. This is also commonly referred to as a door access control system or door entry system.
The following guide will teach you the primary aspects of access control systems and give you an overview of the latest access control technologies. Let's get started!
When planning a new access control system implementation or performing a security audit checklist of your current environment, there are many factors to consider, and it's easy to let an important element fall through the cracks. Don't worry, this section of our access control system guide will walk you through each part of the process carefully. When choosing a physical access control system, consider the following factors.
Security should be your top concern when selecting a door entry system: hardware must be tamper-proof, software should be updated routinely to protect against potential vulnerabilities, and credentials should not be unencrypted, easily copied, or shared. Also, look for a system that enables modern security practices like multi-factor authentication to ensure that administrative control stays in the right hands.
User experience is another important factor when it comes to access control technology. Your access control system should be easy to configure for administrators, as well as convenient for employees and tenants to use.
In tandem with user experience, the reliability of your door access is crucial. Look for an electronic access control system with a proven track record of server uptime and a consistent unlocking experience. Vendors are constantly improving traditional access methods through biometrics, PIN codes and, more recently, smartphone credentials. However, many of these solutions are either unreliable or create too much friction at the entry point. Best-in-class reliability calls for multiple forms of communication to authenticate an action. When you use Bluetooth, Wi-Fi, and cellular data simultaneously, the signal to unlock an entry is more reliable and the user can seamlessly enter a given space.
In addition, choose an access control security system with greater flexibility, which allows you to configure the convenience and security of each door or entry per individual end user requirements. In order to meet those security requirements, the access control technology should ideally have two-factor authentication or multi-factor authentication.
Another factor that is probably top of mind: cost of access control systems. Most electronic access control systems range from $1,000 to $4,000 per door installed for hardware and installation. You'll need to decide how many doors and entries you want to secure: exterior doors, interior doors, parking gates, elevators, and so on. By going with a cloud-based solution, you will likely pay a monthly subscription rate, but you will significantly reduce upfront costs with no need to install or maintain an on-site server.
Meeting a business's compliance needs is one of the biggest considerations in choosing access control technology. With many different requirements, it can be difficult to track which standards are most important. Here are some of the more common requirements you may be asked to meet:
PCI - Requirements 9 and 10 are common areas to address in physical and network security. Requirement 9 mandates organizations to restrict physical access to a building for onsite personnel, visitors and media. The business should have adequate controls to ensure that no malicious individuals can steal sensitive data. Requirement 10 relates to the need to track and monitor systems.
HIPAA - Although most think of this requirement within the healthcare context, employers also deal with a large amount of health information. For instance, when an employee requests medical leave, employers need to keep any documentation of that absence confidential. In order to meet this requirement, businesses can use access control to keep this information locked in a storage room.
SOC 2 - This auditing procedure enforces protection of employee and client privacy by requiring service providers to manage data. Companies in the SaaS space are eligible to receive SOC 2 certification by purchasing an access control system with two-factor authentication and data encryption. Any business dealing with customer data must also protect PII (personally identifiable information) from unauthorized access.
ISO 27001 - This information security standard requires that management systematically examines an organization's security risks and audits all threats and vulnerabilities. It also requires a comprehensive set of risk avoidance or transfer protocols and that the organization has an overarching management process to ensure that information security continues to meet the business's needs on an ongoing basis.
MPAA - Organizations dealing with content, such as video and audio, seek security protocols to prevent pirating, theft and other types of breaches. Although the MPAA doesn't mandate compliance, sticking to this best practice helps members ensure content protection during production, post-production and distribution. Access control can help manage entry and exit points in addition to logging, monitoring and a variety of other systems.
CJIS - In 1992, the FBI created this organization to monitor criminal activities through analytics and statistics. Today, the organization has a few best practices related to security and authentication. From an access control perspective, this includes restricting access based on physical location or time of day.
Effective physical access control system practices require being proactive. By taking on these considerations, you can develop a basic framework for your company's access control needs to maximize security and ROI.
Access control models originated as network security concepts (e.g., controlling access to files on a network rather than entries in a building) but are sometimes used in the context of physical security. The three most common models of physical access security are:
Discretionary access control (DAC) - The business owner decides which people have rights to a specific area in a building through some type of control panel. It is the least restrictive model because business owners are not security experts and may inadvertently provide the wrong level of access to an individual. Because it poses additional risk, this model is the least popular on this list.
Mandatory access control (MAC) - This model is often used in organizations that require a high amount of confidentiality. MAC utilizes a central authority to classify the access given to each employee through established guidelines. Large organizations, specifically in tech, may find MAC to be suitable for their company by having a Chief Security Officer in headquarters responsible for determining policy across many different locations. MAC enables companies to have consistent access control practices in place without compromising best practices.
Role based access control (RBAC) - Most of today's businesses deploy this model to segment access based on job titles. The system administrator will use practices such as "least privilege" and "separation of privilege" to ensure each role only receives access to the areas they need. Role-based access may incorporate rules such as when a group can enter the building. Some advanced access control vendors allow administrators to create rules for guests using a mobile device. Although RBAC might seem complex, it is relatively easy to implement and the most secure.
There are a few key components to an electronic access control system: readers, ACUs, and credentials. With a traditional lock-and-key door access method, you just need physical locks and metal keys for each entry. However, every time an employee leaves, every lock needs to be re-tooled, and all keys need to be remade and distributed. In a building with an electronic access control system, authorized persons use credentials to make unlock requests at readers mounted proximate to entries, which send information to an Access Control Unit (ACU) that makes access control decisions to release electrified door locking hardware.
There are several types of credentials available to businesses in today's modern physical security environment. Below are the most popular methods of credential available.
RFID key cards and fobs - These tend to be popular choices for access control because they're relatively inexpensive. The underlying technology in key card entry systems and key fob access control is RFID (Radio Frequency Identification). RFID key cards come in a variety of formats and protocols, but the three main types are:
Proximity cards - These cards communicate using low frequency fields (typically 125 kHz). They typically use the Wiegand protocol and have a short read range of 1-10 cm. Proximity cards typically provide no encryption.
Contactless smart cards - These cards contain a smart card microchip and communicate using high frequency fields (13.56 MHz). One of the common protocols for these cards is ISO/IEC 14443-A and the read range is one centimeter to one meter, depending on whether the credential has its own power source and size of the RFID card reader. These types of credentials can provide encryption but it is not always enabled.
Swipe cards (also known as magstripe cards) - Use the same technology as credit cards: a magnetic stripe stores data, which is read by a swipe card reader. The kinds of swipe cards used in access control are high-coercivity (HiCo), meaning they require more magnetic energy to encode which makes them harder to erase and therefore more secure and reliable than low-coercivity (LoCo) cards. However, swipe cards are still considered less secure than RFID cards because they're usually not encrypted and are easy to clone.
Key cards and fobs are cheaper and easier to manage than traditional metal keys, but aren't always the most secure or reliable. Here are a few reasons why they are far from an optimal solution:
Easily lost or stolen It's common for employees to forget or misplace their key cards on a regular basis. In addition, visitors can inadvertently forget to return cards, creating a security risk.
Not always secure - Not all key cards provide the same level of protection – some cards, like MIFARE DESFire EV1, are designed to prevent key cloning. Other cards that use the Wiegand protocol, which are more common, are more vulnerable to sniffing and copying.
Cumbersome to use - With all the convenience RFID technology provides over traditional keys, it still requires a user to fish their key card or fob out of their pocket/bag to present to a reader.
PIN code - A PIN reader uses PIN codes instead of physical credentials to grant access. Depending on the model, a PIN reader might operate as standalone and only accept one master PIN code, or it may connect to an access control system where users have individual PIN codes that determine which entries they have access to and during which times. The problem with PIN codes is that they're both easily forgotten and easily shared, meaning they're not ideal for areas that require high security. Each time a user leaves the organization, the PIN has to be changed. The only workaround would be giving each user their own PIN, however, this would create additional security vulnerabilities and require more administrative bandwidth.
Biometrics - In access control technologies, credentials can be categorized as something you have (a key card), something you know (a PIN code), or something you are. Biometric credentials fall under that last category; they include data like fingerprints, palm veins, facial features, and retinas. Biometric reader pricing ranges from low end (a fingerprint scanner) to high end (multi-input readers). However, some employees may not feel comfortable using biometrics for office access. They also tend to be faulty in inclement weather and high humidity, are prone to accumulating dust or sand, plus fingerprint readers run the risk of creating hygiene issues.
Mobile - Mobile credentials let you use your smartphone to unlock entries. In the access control administrative software, a user is assigned a mobile credential. The user installs the access control mobile app on their smartphone, logs in, and approaches a reader. The user then makes an unlock request using their smartphone—either by tapping a button in the app, holding up the phone to the reader, or by simply waving their hand in front of the reader while their phone is in their pocket or bag. This request can be sent to the ACU through the reader via Bluetooth Low Energy, via Wi-Fi, or cellular data. Once the mobile credential is authenticated and authorized, the entry unlocks. Most mobile devices have a built-in biometrics, like FaceID and fingerprint scans, or require a user’s unique password to unlock the phone, which can provide an extra layer of multi-factor authentication for mobile credentials.
Readers - Readers are devices installed near entries that receive inputs from user credentials which they then relay over a wired or wireless connection to ACUs installed nearby.
Entries - Entries include any electrified or automated opening: doors, parking gates, turnstiles, elevator floors, storage cabinets—anywhere that access needs to be restricted. Door contact sensors indicate whether a door is propped open or closed, or forced open without valid authentication or request to exit. Request to Exit (REX) motion sensors and buttons are used to unlock doors when someone exits an entry from the inside.
Locking hardware - Door entries are configured with electric strikes, electromagnetic locks, push bars, or other electrified hardware.
ACUs - Readers send credential data to an ACU (also known as a controller or a control panel) which decides if a user has access or not. If they have access, the ACU then instructs the door locking hardware to unlock. One ACU usually supports between 2 and 8 readers. For securing single offices, server rooms, supply closets, or a small retail space, a Single Door Access Control System is a good option.
Software - All of this hardware is managed with access control software — an application where you define users, manage credentials, access schedules, entries, and so on. The information defined in the access control software syncs with the ACU, which is how it knows whether to grant or deny access.
Authentication - First, a credential is authenticated. After a user presents a credential (mobile credential or card/key fob) at a reader, that credential's data is sent to the Access Control Unit (ACU), where the ACU determines if this credential is known and recognized by the system.
Authorization - Next, the ACU determines if the user to which this valid credential belongs is authorized for access—does the user have access to this particular entry? Are they using the right kind of credential and trigger type for this entry? Are they attempting to unlock the entry within any applicable schedules? In order to be authorized, a user must:
Have approved access to the entry they're trying to unlock
Use one of the predefined allowed credential types (for example, mobile credential)
Use one of the predefined allowed trigger types (for example, onsite 2FA)
Make the unlock request within any schedules defined on the entry or assigned to the user or their group
Ensure other restrictions, such as a system lockdown, are not currently triggered
Access - Once authenticated and authorized, the ACU then sends a command to the door locking hardware to unlock the entry. In the case of electromagnetic locks, power is temporarily interrupted when unlocked (also known as fail safe) whereas with door strikes power is temporarily applied to unlock the door (also known as fail secure).
Manage - Managing an access control system includes adding or removing entries, users, credentials, schedules, and alerts using administrative software that syncs automatically with Internet-connected ACUs. The newer cloud-based access control systems integrate with directory services like Google G Suite and Azure Active Directory, streamlining the management process. They also provide the most flexibility for service enhancements compared to legacy systems which are client-server based.
Audit - Administrators can audit access control systems by generating reports for access logs, including both user activity and entry activity. This is useful for general system reviews; ensuring that the system is working as expected and that there are no issues with accessing entries. Reports are also helpful for meeting compliance standards, such as HIPAA, that require a certain level of physical access control. Additional audit capabilities are provided by access control systems that integrate with Visitor Management Systems, Video Management Systems (VMS), and other security type platforms.
When purchasing access control systems, it's important to look at the benefits and drawbacks with each type of system. One of the biggest decisions you'll have to make is whether or not you want a solution to be on-premises, web-based, or hosted in the cloud. Here's an overview of the types of hosting options available:
Server-based - Traditional access control solutions use dedicated onsite servers that communicate with readers over legacy, unencrypted Wiegand wiring. In the case of multiple buildings or sites, separate servers and software must be purchased, installed, and maintained at each location in order for the system to operate. Software updates typically are done by an integrator, who performs the upgrade on-location via their truck and equipment.
Embedded (aka web-based) - Browser-based access control systems operate similarly to dedicated server systems but also include a web application. Internet access is not required for the application to work; the application connects to the LAN and can be accessed on any device within that network.
There are also several costs related to hosting the software. Here are a few examples:
PCs/servers host the access control software - In legacy access control security systems, dedicated hardware is required in order to run and manage the access control system. This hardware must be purchased and then maintained throughout the life of the access control system. This also requires more room in the server closet.
Additional workstations to manage the access control system - In addition to the access control server, workstations are often used to make maintaining the system more flexible and remote-friendly. The cost of hardware for additional workstations is especially an issue for large, multi-building sites which require additional workstations to be installed at each location.
Administrative software licenses - Software that is installed on dedicated servers and workstations often require individual licenses to operate. Also, major software upgrades might come with additional costs, including any IT resources needed to perform the upgrade.
Key cards/fobs - Key cards and fobs might seem like a small expense, but the upfront cost of providing credentials to employees and tenants is a factor to consider. Also, the cost of replacing lost and stolen credentials can add up quickly.
Ongoing maintenance and upgrade costs - Often, legacy access control systems are maintained by dedicated IT resources, which can be expensive.
There are several additional challenges associated with legacy access control systems. First, they are high maintenance. The main difference between legacy systems and cloud-based systems is that in legacy systems, the software resides on hardware maintained by the end user offline. In cloud-based systems, it resides in the cloud (i.e. on a remote system of servers) maintained by a third party.
Another problem is that legacy systems can't be managed remotely. Since the access control software can only be accessed over a LAN, administrators must use in-network devices to make changes to the system, making it difficult to manage if you aren't on-site. In addition, legacy door access systems typically use outdated security methods, and they're limited in the types of credentials they support: usually only PIN pads, key cards, and fobs.
Cloud-based - Cloud-based access control runs the access control software in the cloud (i.e. on a remote server) that regularly syncs with the local ACUs. Because the software is cloud-based, administrators can easily add new users or revoke access using any web-enabled device, and the ACU is updated automatically. This type of access control system requires internet access, but can still function without it—any updates made using the software will take effect after Internet access is restored.
In a cloud-based access control system, the hardware is installed on site and configured using the cloud software. Users, entries, schedules, and site information are set up in the software and then automatically synced with the ACUs. Similarly, unlock requests and entry status changes are reported to the cloud software in real time. In the case of power and Internet outages, the system will still function but communications between the software and the ACUs will only take place once power and Internet are restored.
There are several benefits that come with implementing a modern, cloud-based access control system:
Increase security with reduced overhead - A modern access control system keeps unauthorized persons out while also making it easy to revoke access or remotely lock entries at any time. Cloud-based systems are easier to install, configure and manage, reducing the need for ongoing, costly IT resources. In a mobile-enabled system, administrative overhead is reduced as you don't need to print, issue, collect and track physical badges, fobs, and keycards (but you can still utilize these credentials in conjunction with a mobile credential capability if preferred).
Better accessibility - Instead of traditional locks and keys or access cards that are easily lost or cloned, mobile credentials offer an easier, more secure way to enter access-controlled spaces. Guest access links let you easily provide access to visitors via email or SMS, and remote unlock capabilities mean you can unlock entries from anywhere to allow access for a delivery, maintenance, or even an employee who needs after-hours access. Plus, cloud-based access control is ideal for providing access across multiple buildings and sites because it's designed to scale with your needs.
Seamless integrations with smart office technology - Modern cloud-based access control systems are designed to work with the latest technologies. Make the most of your access control by integrating with HVAC, lighting, alarm systems, as well as directory services (like Azure Active Directory, Office 365, G Suite, and Okta) and messaging platforms like Slack. It can even integrate with visitor management systems like Envoy to provide a complete end-to-end guest experience. Compare this to more traditional electronic access control systems, which are often proprietary and only offer a few select native integrations.
Future-proofed - Cloud-based systems provide the greatest combination of security, flexibility, speed and reliability, with new enhancements and updates delivered in real-time so your system is always running on the most secure platform.
Access control systems have long been treated like essential commodities—and for good reason. Door access control systems are the front line in securing any business's door or entrance. As a result, there are several industries that can benefit from a secure access control solution.
Here are some of the most common applications for access control across industries:
Commercial real estate - As offices evolve to accommodate more flexible working conditions, businesses need to provide next-generation commercial building security systems with fast and reliable access control. In addition, commercial access control needs to have an open API that can connect to modern apps such as Slack and other office support systems, such as guest management, and video surveillance systems, to provide a truly user-friendly interface. The right commercial access control solutions can increase worker satisfaction, reliably keep employees safe and effectively manage various risks.
Multi-store retail - Would you give away free products? Without the right access control security system in place, you may be doing just that. Shrink, whether it's from employees or shoplifters can play a significant role when it comes to a company's bottom line. An employee-friendly retail security system helps staff get in and out of the building, stores and reports that information, while not requiring them to worry about keeping and securing keys or badges. Given high turnover rates in the retail industry, smart retail access control allows employees to be added and removed from the access control directory when they are deleted from other management systems allowing for necessary scheduling and credential changes without extra labor.
Enterprise businesses - When it comes to security for a multi-site enterprise, one of the biggest challenges is finding a door access control system that can scale. Traditional legacy access control systems require individual servers for each location, as well as additional administrative support to ensure employees across each location have the access privileges they need. Cloud-based enterprise security and access control can offer the added scalability, flexibility and interoperability needed to secure many different locations at once. Remote access is key to reducing administrative and IT burden for a multi-location business, allowing all users, entries, and schedules to be managed at a granular level from a single interface anywhere in the world.
Multi-tenant housing - For years, security protocol in multi-tenant housing meant having a door buzzer on a lobby entrance with an intercom. Upscale buildings often augmented this with doormen who checked in any visitor that entered to ensure only authorized guests were permitted. However, with rising rents in metropolitan areas, landlords need to think strategically on how to lower their costs while adding value. Adding a state-of-the-art apartment building access control system accomplishes just that. Through the installation of a mobile access system, landlords can give tenants an easier way to access common spaces such as mailrooms, garages and gyms. In addition, access control can be used as a marketing tool by empowering tenants with the ability to grant mobile guest passes to delivery services, dog walkers and postal workers.
Education - Whether you're in a K-12 setting or a university, protecting students and teachers is a top priority. As violence becomes more prevalent on school campuses, school administrators need to ensure that students feel safe in their learning environments. With mobile credentials, schools can create a welcoming environment that will ensure student safety by making sure only those who are students and faculty have access to a campus. On top of the different security demands including lockdown capabilities, public schools often need to meet a certain attendance quota for tax purposes. By looking for a school security system and access control solution with an open API, administrators can actually turn security into a profit center by integrating the system with their time and attendance software. This helps schools increase funding, therefore improving the education for students.
Religious institutions - Unfortunately, religious institutions are vulnerable to vandalism, burglary and violence. However, they also want to project a welcoming atmosphere and openness to all of their congregants. This can create a significant challenge: a security gap can make the institution vulnerable to attacks, while too much protection can appear intrusive. A state-of-the-art access control solution can solve this problem by blending into its physical surroundings, supporting multiple access methods to foster accessibility, and having a strong lockdown capability. Outside of the service itself, a religious institution often needs to provide access to temporary visitors such as volunteers or parents. With a flexible church security system and access control solution, clergy can focus more on serving their community instead of worrying about their safety.
Healthcare - Access control in the healthcare industry requires an innovative approach that requires the ability to access main and internal entrances. In addition, any access control solution must possess data that integrates with various rules, such as shift changes or specific department access. In addition, healthcare facilities rely on access control to ensure narcotics, substances and medical records can only be reached by authorized users.
Government - In 2004, then-President George W. Bush ordered the sweeping Homeland Security Presidential Directive-12, which states that all access control systems must be upgraded to include Personal Identification Verification credentials in accordance with the National Institute of Standards and Technology guidelines. Given the risks facing government facilities such as access to sensitive areas, crisis management and unauthorized facility access, working on the national level requires meeting several security standards. The local level has lower certification standards, providing elected officials with more flexibility in choosing an access control provider.
Sporting and entertainment event venues - Sports leagues and musicians alike are providing more access to fans than ever before. But how much access is too much? Arenas pose a unique challenge for several reasons. Stadiums can hold tens of thousands of people, making the arena itself particularly vulnerable to acts of mass violence. In addition, athletes, media and vendors all require access to different rooms, each with distinct security requirements. With the right access control solution in place, security teams can create a nuanced policy that is inviting for fans, but doesn't sacrifice safety.
Data centers - Many businesses store servers in a room dedicated to the continuous operation of a company's network. Unlike an office, this area is exclusively accessed by IT staff. However, like the modern office, IT positions are becoming more flexible with the rise of remote work. As a result, businesses are adapting to accommodate the needs of today's employees. IT departments require a versatile solution that is easy to manage remotely Given the sensitivity of many data centers, it's crucial to have reliable access to these rooms with a system that is indestructible from a security perspective.
Oil and gas - Given the volatility of oil prices, a breached refinery could cause an international crisis. Therefore, it is crucial for sites to be closely monitored at all times. While most sites already have video surveillance, many refineries are utilizing access control to reduce the number of operators needed at a given site. In particular, the integration of access control to video surveillance enables license plate recognition technology to ensure that only authorized vehicles are entering the site. Through an intelligent system, the reader could check a license plate against a database and grant access to the required areas remotely.
Hospitality - As companies like AirBnB and Homeaway disrupt the hospitality industry, hotels are under increased pressure to make their lodging amenable to guests while maintaining a high level of security. As a result, they are adding amenities such as concerts, shops, full bars and more all within the confines of a hotel. But, with each additional service comes additional security vulnerabilities. A mobile access solution can help mitigate the challenges of having multiple vendors through easy-to-use credentialing and guest passes that can be transferred via text message. In addition, hotel managers can assign each vendor specific access privileges so they can spend more time building their customer relationships.
Transportation - Public transportation stations pose several security challenges as they deal with a large number of people and constantly changing traffic patterns. In addition, the stations are typically small and sit outside the secured area of public transit. This often leaves employees and critical assets exposed to many security threats, which can ultimately impact public safety. An IoT-enabled access control system improves employee safety in the station's office without the annoyance of needing a key or badge. In addition, it can play a valuable role in time and attendance by tracking when the employee arrives so managers have an accurate record at all times, and know who is where in case of any safety/security issues.
Airports and seaports - Airports have both hard and soft targets, creating unique safety challenges. While TSA focuses mainly on securing the terminals to prevent criminal activity in an aircraft, there are a number of vulnerabilities around the airport as well. Vehicle entry points at the perimeter are often unmanned, for example. As a result, restricted access areas can become surprisingly vulnerable without an access control solution that is both secure and employee friendly. Seaports face similar challenges as a large open venue that has to maintain compliance according to ISPS standards. This means that any companies with business on a port must meet strict security measures. An innovative access control system helps manage all employees and vehicles to ensure proper access to that port.
Banking - Financial institutions are constantly under attack. Banks are vulnerable to a host of threats including robbery, fraud and terrorism. However, brick-and-mortar banks are beginning to cut back on the number of tellers and staff as a majority of consumers opt to bank on a mobile app or online. This leaves branches with increased pressure to secure storage rooms, back offices and other areas that are susceptible to breaches. Instead of using easy-to-hack keypads, an IoT access control system can lock storage closets and offices without the presence of a physical guard. Banks need the capability to easily manage the security at each branch without requiring the physical presence of an officer.
Warehousing - Today's warehouses are becoming smarter and more automated than ever before. However, the security outside the warehouse often lags behind from a technological perspective. Many companies are still using traditional locks or key pads to get into storage rooms and administrative offices. The problem is that a lost key can create a significant expense and key codes are easy to share with other employees. Through a smart access control system, warehouses can ensure their inventory is safe at all times - and even work with a robot to ensure a safe, efficient operation.
Gaming - Casinos rely on strict physical access control security in order to keep cash and chips safe. Most rely on key management systems to track access to different safes and drawers. For some casinos, this means storing hundreds of keys, all of which require a tiresome amount of accountability and reporting to ensure employee honesty. Thanks to modern access control, this process is no longer necessary for casinos. In fact, with the right strategy, chips and cash can be better managed entirely through mobile access.
In the wake of the coronavirus pandemic, organizations will need to adapt their access control to adhere to new safety precautions. Office buildings are prime places for viruses like COVID-19 to spread, with a large number of people coming and going, plus common entry points like lobbies, checkpoints, and elevators. Use a COVID-19 Workplace Safety Guide to help future-proof your access control system and provide a safer work environment. When adapting your procedures to prioritize health and wellness in the workplace, consider whether your access control technologies have the following features and capabilities.
Hands-free technology -- Features such as touchless access control, automatic door openers, and contactless elevators eliminate common touch points to reduce liability.
Capacity management -- Cloud-based systems can utilize open APIs to integrate with occupancy tracking and management software to automate and enforce social distancing.
Health screening and verification -- Automate digital symptom verification forms and on-site temperature screenings by integrating with your physical access control system. Only healthy individuals will be granted access.
Remote management -- An essential capability for the post-coronavirus workplace, remote access control management allows admins more flexibility to adjust access privileges, change door schedules, and accommodate an increasingly remote workforce.
Selecting the right access control system can be an exhaustive task. After all, there are hundreds of solutions on the market, all with distinct features. Determining the right solution will depend on a variety of factors such as the size of your business, budget, the number of readers you need, and your building's business objectives. Whether you're working with a systems integrator, architect or researching on your own, there are a number of questions you can ask to ensure that the system you are implementing is right for you:
How reliable is your access control system?
Electronic access control systems rely on various technologies such as biometrics, Wi-Fi, NFC and Bluetooth. The problem is that these technologies require 24/7 uptime or some type of accurate reading in order for the system to work. However, no system is without complications; often reasons such as misread fingerprints, extreme weather, or random internet outages can cause the system to fail. As a result, most access control systems have at least some reliability issues, creating a poor user experience. Make sure your system is set with backup options in case of outages, or have a plan in place for when things go wrong.
Does the access control system integrate with existing security infrastructure?
Most buildings have some type of video surveillance in place to ensure employee safety and protect the business from theft. However, with the advent of video management systems (VMS), organizations can now perform more complex functions such as people counting, license plate recognition and even predict incidents, like tailgating, before they happen. Having an access control system that integrates with your VMS enables businesses to operate their security operations more efficiently and collect more data. In addition, they can connect with other systems such as guest management systems and alarm systems.
How does your system work with intrusion detection?
Many of the newer access control companies have the ability to integrate intrusion detection technology into their system. Intrusion detection allows companies to lock, unlock, and rearm doors all at once by using some type of credential such as a card, fob or even mobile device. This functionality prevents an employee from needing to lock every door in the office and setting an alarm before he or she leaves for the day.
Can this system integrate with existing office automation functions?
Some access control systems have added intelligent automation to integrate seamlessly with various business apps, devices and other smart office solutions. Adding this level of functionality enables businesses to use their access control system creatively for functions such as visitor management, lighting and HVAC, plus space management and room booking. As IoT-enabled devices shift from disrupting the home to the office, it will be important to look for solutions that can enable complete office automation.
Will my employees be able to easily use this system?
While your employees are likely to welcome using their smartphones opposed to the burden of remembering a fob or key card, some technological upgrades will create added friction. For instance, many of today's mobile access control systems require the user to unlock their phone before using. Since this adds extra steps, users might simply prefer a more intuitive key card than smartphone credential technology In addition, biometrics solutions require the user to have a clean fingerprint or line up their eyes directly with the reader, which can delay users by several seconds and create frustration. The ideal access control solution is one that doesn't require the app to be open, and/or the phone to be placed over the reader—the user just needs to walk up to the door and wave a hand in front of a reader to gain access.
How will a modern access control solution evolve with my business?
The modern office is constantly changing to adapt to new challenges, protocols and worker preferences. As millennials make up the single largest segment of today's workforce, and an even more technologically savvy Generation Z enters the workforce, employers can attract top new talent by implementing access control technology that allows employees to work flexible hours. In addition, companies need a solution that can work with various apps they are already using at work. In order to make these accommodations, businesses should invest in an access control system that has open APIs, is based on the cloud and easily integrates with the rest of the office. As the Internet of Things (IoT) increases in popularity businesses should seek applications that maximize technology and are customizable to their employees' evolving needs.
What enhanced security features does your access control system have?
Problems such as cloning, lost/stolen access cards and reader vandalism are common problems in the access control industry. Any one of these problems can have a detrimental impact on your company's security. Leading access control companies are utilizing multi-factor authentication to provide clients with an added layer of protection. This helps ensure that the user trying to unlock the door is truly who they say they are. In addition, your access control solution should have a back-end system that enables real-time monitoring to determine each instance of attempted entry or failed entry, sends ajar notifications and records any other irregularities that occur at your office. Time-based entry is another feature enabled by cloud-based access control. Also consider the level of encryption needed for your organization at each level of access, from the credentials to the data that’s stored on the system.
How does your solution work with controlling elevator and garage access?
In order to add an extra layer of security, buildings are starting to deploy access control systems in elevators and garages. In fact, several corporate offices now have smart “destination dispatch” elevators, which allow passengers to request a particular floor using a touchscreen or keypad. This ensures maximum efficiency and prevents overcrowding the elevator. As part of the added intelligence, elevator access control systems are also checking to make sure each individual has access to their respective floors. Parking garages, especially in urban communities, are vulnerable to criminal activity without proper access control in place. If either of these requirements is important, ask your prospective vendor if this functionality is available and figure out what sort of manual labor is involved in installation.
Can your system handle inclement weather?
Surprisingly, durability is not a key feature with many access control solutions. This can make readers malfunction in cold environments, rain or dust. You can ask your integrator if this system has an IP65 rating if you're planning to install your reader outside.
What sort of mustering scenarios does your system handle?
Mustering is a powerful feature in the access control industry that allows admins to use access logs to locate people in a building or specific area. This capability analyzes the logs to determine where a user is in the facility, and can help with time and attendance tracking. A mustering system can use time logging to track a user's movement throughout the building by providing insights into where a user was at a given time. This is often valuable when a building administrator needs to track potential criminal activity or for safety needs.
The need for top-notch security has never been greater. In a world after 9/11 and the COVID-19 pandemic, physical security threats continue to grow, requiring more advanced technology, better data analytics, and additional safety measures for schools and businesses to keep their employees, visitors and staff protected. Access control technologies have advanced rapidly in recent years, yet only 38% of businesses use proximity readers, and only 24% use keyless door entry systems for their door access control. Using the latest access control technology ensures your system is also flexible, scalable, and interoperable for a comprehensive, scalable security solution. Because cybersecurity is a top concern for most businesses, choosing access control security with end-to-end encryption at each level (from credentials to reporting), as well as the capability to audit and track access events, will provide the highest levels of protection.
Simultaneously, employees are increasingly expecting their employers to accommodate flexible work schedules, automate everyday processes, and employ the latest hands-free technology. These requirements mean companies need to pay more attention to finding door security solutions that address both the needs of administrators and their employees. Thanks to advances in access control technologies, especially cloud-based solutions, it's never been easier to meet these challenges head-on. A door access control system with an open API architecture will allow you to connect your access control technology with other software platforms, including integrations with intrusion detection methods, video surveillance, visitor management platforms, and even space and amenity applications. When selecting your door entry system, don’t forget about the end users who will interact with it every day. Training is a common pain point for companies when switching to new access control methods, so select a door entry system that’s intuitive and simple to use, even for visitors.
Whether you just have a few doors to worry about, or a global enterprise with locations all over the world, choose an access control security that’s reliable and reputable, compatible with your current systems, convenient and easy to use, and supports all the features and credentials your business needs.