Overcoming the Perils of Access System Implementation

Five common pitfalls and how to avoid them

IT likes to standardize on hardware and software so that bugs can be fixed globally. Software standardization extends to version control and the testing of any and all changes, updates and patches before they are introduced into a production environment. So an access control server or workstation, with application software running under Windows, needs to be checked to ensure that the hardware follows the IT shop's standards, that the operating system is the same version that is used by all other machines in the department, that communications software and network security software match the standard, and that the access control application software does not negatively impact security or performance.

All members of the security system design and implementation team, including the manufacturer, the design consultant and, in particular, the systems integrator/contractor, need to be able to talk to the network gurus in their own language, and they need to coordinate this phase of the work very closely and in full cooperation with the IT department. In some cases, for example where the access system stands alone and does not need the corporate LAN or WAN, a dedicated and unconnected security network may obviate the IT coordination task. However, if the installation includes such items as network cabling, switcher, routers and hubs, IT may claim that it has a corporate responsibility for any network installed within the facility, even if it does not connect to the main LAN or WAN.

The security professional should also understand the limitations of using a corporate network. Unless the network is designed for complete redundancy, there will be occasions when the network needs to be powered down for planned maintenance, and networks and the hardware supporting them have been known to fail unexpectedly. Although most access control systems provide a measure of operational redundancy—intelligent field panels may continue to make entry control decisions when communication to its server is severed—alarm conditions cannot be annunciated at the system server or a monitoring workstation when the connection is down. For mission-critical applications, a redundant communications path such as a dial-up phone line should be considered in the design.

Pitfall No.3: Who forgot the badge cards?

Access control cards are viewed as small, unsophisticated, cheap and simple, and they often get overlooked in the planning and implementation of a new or upgraded access control system. Certainly they are small, but the rest of that impression is off the mark. If you plan to issue new access control badges to the user population, this piece of the project needs its own requirements analysis, design, procurement and production tasks to be well coordinated with the main body of the project.

While you may ultimately select a simple, single-function card, now is the time to investigate leveraging the services the card can provide. Most card manufacturers offer multiple identification technologies combined on a single card. For example, the physical security system may use the older proximity technology, but a new logical (data) access control system may call for more sophisticated smart card features, such as encrypted passwords, and the company cafeteria may be planning to go cashless with a “pursing” application on a smart card or on a magnetic stripe. Other potential applications include parts allocation in a manufacturing facility and book lending at a library.

The planning phase is the best time to canvas other potential adopters of the card, since significant savings can be made and user acceptance is greatly enhanced if the individual needs to carry only one credential. However, beware adopting changes to the card for blue-sky applications that are still a gleam in someone's eye, because these may not make it off of the drawing board before the card reaches the end of its useful life. And remember that volume counts when negotiating for the supply of multi-technology cards that are not available off the shelf.

The delivery schedule for the badge cards should be arranged well in advance of system launch since, depending on the number of applications for which the card will be used, there is plenty of work to be done once the cards have arrived. If the cards will include user photos (was a new badge printer ordered, and when will it be delivered?), the print layout for the card needs to be designed, tested and approved, and the taking of user photographs needs to be scheduled (typically over a period of a few weeks to allow for the road warriors in the company). Badge card printers are not the fastest producers so, where a large volume of new cards is required, ensure that there is plenty of time scheduled for the printing or arrange for the loan or lease of additional printers.