Author: Rafał Gwoździowski
Small businesses also need an access control system. The reason is simple – everyone has rooms to which access should be restricted, and everyone needs somewhere to store goods or customer data. Some companies have server rooms or places where they store other valuable items. In this post, I will present the entire process step by step on how to design access control in your company: from needs analysis, through equipment selection, to design and installation. This is a practical guide that allows you to avoid common mistakes and plan a system that will stay with your company for years.
Why is it worth implementing access control in a small business?
Although it always depends on the specific case, there are several universal reasons:
- It is difficult to control who has the key, whether they have lost it, and whether someone has made a duplicate.
- There is no record of who opened the door and used the room or entered the office, and when.
- There is no integration with the alarm system or surveillance monitoring.
- If an employee loses their keys, the lock cylinders must be replaced.
- Contractors require this because they emphasise the security and protection of their sensitive data processed by, for example, their supplier.
An access control system solves these problems and generates far fewer issues than using physical keys. The most important thing is to approach this sensibly and start by considering what solutions you need.
Needs analysis
The project begins with understanding what exactly needs to be protected.
It is worth mentioning here that such an analysis and the design itself should preferably be commissioned to a designer with the appropriate qualifications, because it may seem trivial, but they know how to design access control. However, it is worth answering the following questions in advance, as the designer will ask them anyway in the course of the project:
What problems are we dealing with? E.g. theft, destruction of property.
- How many rooms require control? • Are there plans to increase the number of rooms in the future?
- Who should have access and where? • At what times and for whom is access required?
- Does the company plan to increase the number of employees?
- How do we plan to authorise users (card, PIN, virtual card in a phone, biometrics, number plate)?
- Is integration with an alarm system or surveillance monitoring required?
- Is there a plan to record working hours?
- Does the access control system need to meet the requirements of the PN-EN-60839-11-1 standard?
- Are there any requirements, e.g. from our contractors or regulatory requirements, regarding, for example, the implementation of encryption between devices, data security or the inability to use entire solutions or components from specific manufacturers?
Knowing the answers to these questions will make the conversation with the designer much more pleasant and constructive.
Selection of system components
Unlike the system designer and administrator, the system user only sees two elements – the card they use and the reader to which they apply the card or enter their PIN code. And within these two components, there are many, many differences, and it is worth being aware that a modern access control system is, first and foremost, a secure access control system, and secure means that it is encrypted, resistant to card copying and various attempts at manipulation. This is worth knowing when looking for the right solution!
User identification – proximity card, PIN or mobile phone access?
Why not all solutions? The NODER access control system uses MIFARE DESFire cards, which are a secure and encrypted card standard (unlike MIFARE Classic or Unique). Users can also use virtual cards on their iOS or Android phones, which is not only convenient but also very secure. Virtual cards are as easy to use as physical cards. For more information, see the article “Virtual access cards vs physical access cards. Mobile credentials in NODER access control”. It is worth mentioning that there is nothing to prevent the use of different forms of user identification for different rooms – access to the warehouse may require a card, and access to the server room may require a card and a PIN.
Choosing a controller – the most important element of the system
The access control controller is an element that is invisible to the user, but it is the most important element of the system. It is the controller that determines the security and stability of the system. It communicates with readers and software, and operates within the company’s computer network. How it does this, whether it works stably, quickly and flexibly, is a guarantee of successful implementation of the access control system.
What should you look for when choosing a controller?
- Does it have encryption and, if so, what kind?
- Is it a network device?
- Does it support OSDP and allow third-party readers to be connected?
- How many event logs does it store in its memory?
- Can it be integrated?
- How quickly does it update user permissions?
At first glance, these questions seem unimportant, but in practice, subsequent upgrades and fixes can be more expensive than choosing a good system from the outset.
Installation design
As I mentioned earlier, the design of an access control system should be commissioned to a design office, where the designer will also select the appropriate cabling and draw up the appropriate cable routes.
However, it is worth remembering a few basic issues in this regard:
- The access control controller must always be installed inside, i.e. in the area protected by access control, so that no one from outside or without authorisation has access to it. It should be placed in a lockable enclosure.
- Doors must be secured with an appropriate actuator, i.e. an electric strike, an electromechanical lock or another door locking device, but, very importantly, one that is appropriately selected for the construction and weight of the door and the frequency of its use.
- Each controller, reader and actuator must have an emergency power supply in case of a power failure by installing a buffer power supply with a suitably selected battery. This is to ensure that access to the premises is uninterrupted during this time.
Integrations – when are they really needed?
In a small company, you don't have to implement everything right away, but it's worth choosing a solution that gives you that option.
The most common integrations are:
➡️Connection to an alarm system. This allows us to arm and disarm alarm zones with a card or virtual card from the access control system, or configure the system so that the entry of an authorised employee disarms the alarm throughout the facility or in specific zones.
➡️Connection to a surveillance monitoring (CCTV). This allows events such as door opening or forced entry into a room, etc. to be linked to camera recordings. This makes it possible to quickly find a specific event in the recorded video material.
➡️Working time and attendance. RCP-1 terminals allow you to monitor entries and exits from the company with working time records and the HR system.
Access levels for users
A professional access control system will allow you to define multiple levels of access to rooms, i.e. who has access, when and where, e.g.:
- Warehouse access only for the warehouse keeper and manager, • HR only for the HR manager, • Main entrance for everyone from Monday to Friday 7am–6pm,
- Unrestricted access to all rooms for the owner,
- Temporary access for subcontractors to specific passages,
- One-time passes for guests,
- One-time access for service personnel after business hours,
- Permissions for managers to open doors permanently,
- Opening of gates and barriers after recognition of the vehicle registration number.
Small businesses often need simple rules, but the system should allow for expansion and smooth changes during its operation, as requirements change and it is good for the chosen solution to be prepared for this.
SUMMARY
An access control system is an investment that increases security and simplifies company management. The most important issues in answering the question of how to design access control are:
- Using secure card technology, e.g. MIFARE DESFire,
- Using an encrypted controller-reader connection,
- Appropriate selection of the controller (e.g. NODER EWE4),
- Using the help of a design office,
- Determining the required access levels,
- The possibility of integration and expansion in the future.
A well-designed system will operate for years without modifications and will grow with the company. If a company chooses professional solutions from the outset, it will avoid constant problems and upgrades. If you are interested in how to design access control, please contact us.
