Access control sounds like something we should only encounter in high-security settings, but it is more commonplace than you might think. Access control is any tool or system designed to ensure only authorized personnel can enter a particular space or acquire a specific resource. Everything, from your car key to the PIN-code on your apartment building’s lobby door to the host at your favorite restaurant, are types of access control.
Electronic access control (EAC) systems provide the same type of service but with many additional benefits. How do EAC systems work, and why might you be better off using one in your organization? Let’s find out.
EAC systems use a combination of credentials, credential readers, and attached computer systems to offer a higher, more reliable level of security and safety. EAC systems are designed to control where and when people and assets can move. They are also designed to provide a high degree of accountability for their users and administrators.
EAC systems are used to control access to restricted rooms or buildings, but you can also use them to secure more specific assets. For example, you can use them to limit access to vehicles or sensitive equipment storage lockers.
EAC systems come in all shapes and sizes, but each has a few essential components.
To control access, you need to set an access control point, a location or container through which someone can’t pass without first authenticating themselves. For example, a control point might be a locked entryway or at the door of a storage compartment.
Credentials authenticate the identity of an individual when they request access. Credentials usually take the form of something they possess—like a swipe card or RFID fob—or something they know, like a PIN code.
In recent years, biometrics, such as user fingerprints or unique iris eye patterns, have grown in popularity as access control credentials. Also increasingly common are secure smartphone credential apps that authenticate the carrier.
Electronic access control systems need some way to read the credentials a user presents. The reader is usually mounted on, or nearby, the access control point and connects to the EAC’s computer management system.
The management system responds to access requests, verifies the user’s identity via their credentials, and then authorizes or denies their request. Through computer and mobile device interfaces, human operators can monitor and manage the system. They can usually perform the following actions:
In addition to credential readers, EAC systems can sometimes include an access panel at control points. These panels allow for additional interaction between the user and the management system. For example, operators can require users to complete a signout or signing checklist when they perform an equipment transaction. Access panels sometimes also include a camera, to photograph the user making the access request for added accountability.
The access control process typically involves a user presenting their credentials—like an RFID smart card—to a credential scanner at a security checkpoint. The scanner checks their credentials. It also checks conditions, like the time of day, the number of users already signed in, and any other conditions you’ve programmed into the management system.
The EAC system then either approves or denies access, logs the access attempt, and optionally takes further action based on policies you set. For example, the system could notify security personnel when it denies an access attempt at a sensitive location.
Contemporary EAC systems most commonly employ either individual, role-based, or department-level access permissions. Ideally, you will want to use a system capable of utilizing a combination of all three, because each has its place.
Individual-level access permissions are appropriate for managing exceptional circumstances. For example, when you have a junior staff member who needs access to a high-security space to work on a special project.
Role-based or job-based permissions are useful for well-structured environments where all personnel performing a set duty need to access the same spaces and assets. For example, you want all mechanics to access the motor pool and break room, but not the production floor. Meanwhile, all engineers need to access the production floor and break room, but not the motor pool.
Department-level permissions are best suited for high-security environments where workers and assets are segregated into locations that you want to control strictly. For example, you want only personnel in the engineering department to access the electrical generator rooms at an electrical utility.
Organizations that decide to deploy electronic access control are usually looking for one of several key advantages.
Automating your access control eliminates the possibility of human error causing a security breach. Readers don’t accidentally misread someone’s name on a name tag, forget to log an entry, or allow the same piece of equipment to be reserved multiple times in the same time slot.
EAC systems are consistent and reliable in how they grant access. Because they’re electronic, they can also easily log every single authentication request and any other meaningful event that occurs within the system. Logging and documenting access requests is a requirement of many governments and industry standards, including ISO 27001.
Electronic logging provides a granular level of detail on access requests in your organization. EAC systems are capable of collecting data in much greater volumes than human security officers can. These systems can also sift through that data quickly, looking for hidden trends you might not otherwise see.
EAC systems carry upfront costs, but they are very cost-effective purchases in the long run. They provide access control 24/7. EAC systems never get tired and never need shift changes. Suppose you have a cleaning crew coming in off-hours. In that case, you can ensure every one of their access requests is verified and logged without a human security officer needing to be on-site to monitor whether they’ve entered a restricted area.
EAC credentials take only seconds to create and modify. They do away with master and sub-master key systems that require entire facilities to be rekeyed if one critical key is lost. In EAC systems, elevated access is tied to a user’s account in the computer system, not to a piece of metal they carry around in their hand.
Suppose a security officer, or someone else with elevated access, loses their swipe card. In that case, it takes just a moment to flag and deactivate that card in the management portal. If someone finds it and tries to use it, the EAC system will deny their access request, and you can trigger an immediate alert for security officers to respond.
Are you planning to build a world-class security program for your organization?
Everything You Need to Know About Workplace Safety Programs
Choosing the right EAC system for your organization doesn’t need to be complicated. At a high level, you need to do the following:
Deploying an electronic access control system will affect your entire organization. Before you even begin planning, get stakeholder representatives from every affected group within your organization involved. That will include security, IT, physical plant, and possibly other groups, like accounting and compliance officers.
Then, collect the requirements for a new access control system from each stakeholder. As a group, agree on the metrics you’ll need to monitor when the system is live to assess performance properly.
Determine the specific individual, role, and group-level access types you will need to set. Lastly, determine the events that require alerts to be issued, such as failed access requests to highly sensitive areas. All of these items make up your administrative requirements.
Identify the control points you’ll want to use for access control and determine where different components, like the readers, access panels, and the IT infrastructure for the management system, will need to be located. These make up your physical requirements.
Then, with your administrative and physical requirements defined, you can begin researching which access control technology will best fit your needs. When possible, integrate the credentialing method for your new EAC system with any existing credential system you already have in use.
Work with a reliable service provider. Electronic access control systems are still evolving, which means you need a business partner to rely on for service and support.
Also, remember that you’re installing more than just hardware. Software systems need to be installed. You must document use policies and train employees. You should expect to perform all of these tasks alongside the physical installation before the system goes live.
Electronic access control is a cost-effective solution that can provide better safety and security than human security officers or manual access control methods alone. EAC also provides excellent data for auditing, better accountability, and regulatory compliance.
Do you want to learn more about how electronic access control and other safety and security measures can benefit your organization?
Sign up for our Five-Week Asset Security Boot Camp for Corporations today.