Access Control Best Practices

Six ways to avoid mistakes when deploying your new system


Whether your electronic access control system project is a first-time installation or an upgrade, there are some common mistakes that can be avoided with proper planning.

While this article focuses on first-time installations — because there are more potential pitfalls — an upgrade will share many of the same challenges.

It is natural for a security manager to have a great deal of excitement about a project — after all, a new access control system has great potential to improve facility security and day-to-day operations. But, it is important to lay the groundwork for a new project — use this list of best practices to guide you through the process, while carefully contemplating any potential problems that could surface during each stage.

 

Best Practice: Document Functional Requirements

The elimination of mistakes when installing a new access control system must start with the initial design stage, where the system scope is outlined and documented through functional requirements — statements that reflect how the equipment will provide a needed protection for a security function. This statement does not specify any electronic equipment — it simply says in plain English what must be accomplished.

This is a stage that is often overlooked and will result in additional cost when you realize the system does not address all the important security issues you wanted it to. These requirements should be developed and reviewed with all organizational stakeholders, including upper management, security management, security personnel, Facilities, IT and others. The functional requirements of the system should be listed by priority, and they should address the organization’s key business security concerns and risks.

An example of a typical access control functional requirement is that physical and electronic access to the company data center must be controlled and all entries and log-ins documented at all times.

Not all functional requirements should be resolved with electronics. There are many ways to meet a functional requirement, such as Crime Prevention Through Environmental Design (CPTED) or through administrative processes. An example of a CPTED solution in a lobby might include a partial wall or planters that force pedestrian traffic past a receptionist before reaching the elevators or doorways into a more secure part of the building. CPTED and administrative solutions would not be obvious without functional requirements; in fact, the initial tendency is to start placing card readers and security cameras, alarms, etc., on a building plan and calling it a security design.

 

Best Practice: Share and Review Everything Up and Down the Ladder

As the design process proceeds, it is important to review the plan with all stakeholders at each level of design (10%, 30%, 60%, 90%, etc.). This includes all levels of security personnel, from officers to management — you need buy-in from the people operating, responding and maintaining the system, and they need to understand the plan to address the various functional requirements.

Understanding how the system operates and design acceptance is important for all stakeholders. Management needs to be kept informed to be sure they understand the costs and benefits of the system and how it will solve the functional requirements.

This will minimize changes to the design in the final stages, thus saving potential extra expenditures during the design and installation phases.

 

Best Practice: How to Choose and Plan Cards or Badges

Just because a particular technology has a ton of bells and whistles does not mean you should be more or less compelled to choose it. A small installation, for example, may not need every state-of-the-art feature available on the access control market. Mistakes made in the selection of the electronic access control technology itself will obviously not produce the desired result.

This content continues onto the next page...