The medium security concept for door access

OK, if you have your PSP, this is probably basic to you, but it might not be if your expertise is more in the video side of our industry. I wanted to run through the basic levels of access control and touch on the concept of “medium” security.

On a mechanical door lock hardware side, you have three basic grades of security that are assigned by the Builders Hardware Manufacturers Association, which works with ANSI standards, so these are not grades placed on a whim. I’m not going to try to explain the grades when I can quote Ingersoll Rand/Schlage, so here’s the quick summary on those grades, pulled straight from the Schlage website:

Grade 1 certification – Highest Grade Security. Grade 1 is the strongest grade that ANSI/BHMA will supply for any Residential or Commercial product.

Grade 2 certification - Highest Residential Security. Designed and built to offer excellent security and durability for most residential applications and some light commercial applications.

Grade 3 certification - Basic residential security. Grade 3 is the lowest grade provided by ANSI, the minimal acceptable quality for residential door locks.

OK, so those are your levels of door locks. Personally, I recently upgraded from a Grade 3 to a Grade 2 lock on my house, and it’s good stuff, but I wouldn’t recommend it for most businesses – although plenty of businesses do use Grade 2. If you want more discussion on that, you won’t find it in this column. If you want that, I’ll point you back to Schlage’s professional website which does a nice job talking about key attributes of Grade 1. Now, let’s move beyond Grade 1, 2 and 3, and talk low security vs. high security.

The conversation came up right before the ASIS tradeshow with Martin Huddart, the vice president for electronic access control at ASSA ABLOY. Martin and I were discussing where wireless lock technology (ASSA ABLOY has a significant variety of products in this increasingly popular area) falls into commercial security. The conversation moves beyond ANSI/BHMA grades and becomes a discussion of low security vs. high security and what lies in between.

Martin’s point is that low security is basic door locks operated by a key. They’re effective and strong, but they don’t track who opened them and also you have to consider that keys can be copied.

High security, he said, is what you have when you deliver electronic access control with a keycard system. If it’s a real-time system, it logs instantly who just accessed that door, and it supports rights-based permissions, and can also have sensors on whether the door is open or closed.

But what’s in between? Martin would suggest that high security is often “too high” for some end users’ needs even while basic door locks are “too low” for those same end users. What differentiates the two, he said, is that real-time reporting element and also the element of user identification. (There’s also a major differentiator in terms of labor, hardware and wiring needed at the door, I’d argue. Consider the cabling, power, readers, magnets and more that are part of a high-security door tied to a card access system – versus the elegant simplicity of simply mounting hardware on a mortised door.)

Low security door access neither provides an audit trail of when the door was accessed nor does it tell who accessed that door. High security provides those audit trails in real-time and allows you to instantly change door access permissions. If you add those audit trails in and also add door access permissions (and even door position), but you don’t always managed those audit trails in real-time, then you arrive at medium security. This fits the kind of technologies where the card becomes the carrier of the information or where the systems can connect over wifi. On the hardware end, the units are somewhere between a basic door lock and a full-fledge card access door point. The PIN pad or card reader is usually mounted on the door stile itself.

“Wireless locks typically have all the features [you’d find in a card access system], but with various levels of latency,” Martin explained. “So if you’re willing to live with delays like delays when transactions come back to your access control software, then wireless locks are for you.”

If you look at the access control industry, I’d say that this medium security concept that Martin espouses is probably the dominant product adoption trend. It’s finding that sweet spot between basic door locks (even if they are Grade 1) and full-fledged real-time monitored card access. I asked Martin where medium security wireless access control might fit into traditional corporate office building. Here’s what he said.

“The beauty is in the eye of the beholder. We have wireless locks protecting the executive wing of our headquarters so that after hours you can’t wander in and out of certain areas of the office building after 5 o’clock at night. So that’s a great place for a medium security solution where you don’t need full access control because a wireless lock will give you that time zone control at a lower cost than a full card access system. For office parks, it might be the computer areas, the server rooms. Maybe it’s the area you are doing product development or where you are storing your product records or your accounting records. It’s places today that generally might be open [during the work day] but present a higher level of risk. In schools it might be the classrooms. We have worked with a lot of schools that decided they wanted a higher level of security for people to access the classrooms. And certainly the front door of the school where you want higher security but you have budget constraints and can’t put card access but you do want some level of electronic access control. Typically it’s where you would find the mechanical lock today that isn’t really the ideal solution for that medium risk opening.”

For end-users the fit is obvious – it’s that middle price point between an inexpensive deadbolt and an expensive real-time card access. For our channel readers, it’s what you offer when you don’t want to be a traditional locksmith shop installing keyed units and yet you can’t get your customers to bite on a high-end card reader solution.

I’ll close with this thought – there are probably ways to further define medium security. There are four elements of electronic door security:

1. What position is the door in?
2. Who is trying to use the door?
3. Is this person allowed to use this door?
4. What time are they allowed to use this door?

Martin argues that it’s the implementation of latency into the system that makes a solution medium security, but I’d say that you also have varying levels of medium security based on whether the solution offers those four key elements. But that’s another blog post entirely.