Access Control Best Practices

Six ways to avoid mistakes when deploying your new system

Most card technology is based on either proximity or contactless smart cards — one thing to remember is that these technologies are not interchangeable unless a dual-technology card or reader is used. It is important to consider both how the access control system will function now and in the future when making this choice, or you could be stuck having to make an upgrade sooner than you wish. Many times, the IT department has already selected an enterprise-wide smart card, so be sure they are included in the discussion.

Most card manufacturers are pushing the smart cards. There is nothing wrong with this technology, but it should be decided early on how much memory is needed on the card — which also means considering any possible non-security uses of the card, such as for payments, etc. Be sure to allocate the card memory for the various user groups before detailed design is started. These user groups should be defined up front and agreed to by all stakeholders.

Once the groups are defined, there must be a plan in pace outlining which group or groups can load data onto the card and what memory locations can be used. It is usually a mistake to allow just any user group to load data into the enterprise electronic access control system. This same approach can be used with a proximity card, but the actual data is the same for all users with this technology, because there is only one unique card ID number.

Other card/badge issues that must be solved include the amount, type, font size, location, etc., of data that will appear on the card. If a picture of the employee will be used, the size, background, colors, card orientation, setting for any access card printers and picture location on the badge must be defined.

If added security, such as a hologram, is to be incorporated on the access card, it should be decided early in the process. Any aspect of the production, distribution, allocation and storage of the card/badge must be defined and documented, as well as which facility or facilities the card will be used in. If other groups of people, such as contractors, will be given an access card, the same issues must be addressed, and the card/badge itself should look somehow different (colors, orientation, etc.) than an employee card/badge.


Best Practice: Get Management and Employees Involved and Trained

Management and employees must be involved in the card/badge process. If the card has a picture and other data, management needs to approve the layout, colors and design, and the information that appears on the card.

Employees need to be involved to ensure acceptance of the card’s appearance and end-functionality. With a proximity or contactless smart card, the distance the card can be properly read by the reader will vary by the antenna size (inside the reader itself) and surrounding interference, such as steel. One way to mitigate problems is to train the employees to use a tap-and-go reader approach (The card is lightly touched to the reader). Having employees use a reader that is set up just for them to try their access card will eliminate reader operation issues and database errors.

There must be some type of feedback when an employee tries to use their card, such as a green light and/or sounder that indicates a good read.


Best Practice: Plan for Growth

Another potential pitfall with your new access control system is failing to understand the scope of the installation. Is this system designed for a single facility or multiple facilities across the country or globe? If there are multiple enterprise locations, all employees should have the same card, and that card should work at every applicable facility. This will eliminate multiple cards for access between sites and facilities.

The various site security managers should be able to allow access to more sensitive card-controlled locations, based on each employee’s specific needs. Thus, the system must be able to load and program cards across multiple enterprise sites. These concerns — along with replacing lost cards, card lifetime, employees leaving the company, etc. — should be addressed in a “card manufacturing process and distribution” document.

Be sure you have accounted for future growth of the electronic access control system. After the system is installed, you will invariably receive requests to install additional readers that may not have been anticipated.