Access control systems for people, property and information

Alfie Hosker, Technical Manager, Secured by Design looks at all things access control – from the systems that manage entry to the complex legal and operational requirements for compliance.

Fundamental systems supporting modern security

Access control systems are fundamental to modern security, acting as the primary barrier against unauthorised entry to buildings, specific areas or even sensitive data.

More than just a simple lock and key, access control represents a managed process that dictates who can enter or exit, where they can go and when they are permitted to do so.

This proactive management tool is vital for maintaining security, preventing crime and ensuring the safety of occupants in almost every conceivable environment, from high-rise residential blocks to critical healthcare facilities.

Defining access control

The term ‘access control’ broadly covers any system allowing residents or visitors to enter or exit through an otherwise secure doorway.

For clarity and operational purposes, the definition can be split into two primary functions, as detailed by the ‘Secured by Design Homes Guide’:

1. Visitor door entry systems – these systems manage the access of non-occupants. They enable a visitor to call a specific dwelling, establish a two-way audio-visual conversation and allow the occupant to remotely unlock the communal entrance door. Key features include the ability for the resident to see and identify the caller before answering, ensuring control and choice over interaction. For multi-occupancy buildings, this process is repeated at subsequent communal entrances for building compartmentation
2. Proximity access control systems – these are primarily for authorised occupants, staff or service providers. They grant electronic access via communal entrance door-sets when a valid credential – such as a key fob, card or sometimes a radio transmitter – is presented to a proximity reader. These systems are highly flexible, allowing authorised access to be restricted to certain areas and specific times of the day

Crucially, a comprehensive access control system must have an auditable component.

The system must record and identify the location, user, type, time and date of every system event, with sufficient memory storage for a period of not less than 30 days.

This auditable data is invaluable for police, building owners and residents, serving both as an environmental management tool and as evidence in the event of an investigation into criminal activity.

Types of access control

The implementation of access control utilises various technologies, each offering a different level of security and convenience. Common types include:

• Key fob/proximity access control – involves presenting an identity badge, card or key fob against a reader to grant entry. This is a common and flexible solution, often featuring restricted electronic keys that are security encrypted to prevent unauthorised copying
• Biometric access – utilises unique individual characteristics, such as fingerprints, iris scans or facial recognition, to authenticate legitimate access
• Mobile credentials – smartphones can be used as access control devices through apps or NFC, allowing users to gain access by presenting their phones to a reader. The introduction of IoT and app-related technology is becoming more widespread

The rationale for installation

The decision to install an access control system is driven by the need for enhanced security and management.

Authorities – whether landlords, business owners or facility managers – gain the ability to manage the movement of people and vehicles meticulously.

Core benefits include: Enhanced security – direct control over who enters a building or specific area prevents unwanted access and deter crime; auditable movement – the system’s event log provides detailed records of movement, which is critical for security investigations and provides accurate details vital in the event of an emergency evacuation; flexibility and management – electronic systems can offer a distinct advantage over traditional key-based security.

Strategic deployment: The SARA Model

Access control can be employed in almost all circumstances to make a physical environment safer.

However, successful implementation requires a problem-solving approach.

The SARA model – scanning, analysis, response, assessment – provides a rational method for determining when and how an access control system is the appropriate solution:

• Scanning – identifying and prioritising potential crime and disorder problems
• Analysis – gathering information to identify the underlying causes
• Response – developing and implementing tailored activities
• Assessment – measuring the impact of the response and making necessary modifications for continued success

Critical considerations and requirements

Selecting an appropriate system hinges on matching the technology to the specific environment.

For instance, a block of flats would benefit from an audio-visual control panel for visitors and proximity fob readers for residents.

Furthermore, specific critical requirements must be addressed, particularly regarding safety and compliance.

Emergency access

Access control systems must never impede the Fire and Rescue Service (FRS) in an emergency.

The system must incorporate features to allow the FRS unrestricted access to all floors.

This typically involves: Electronic release mechanisms for communal doors and stairwells, activated via an Access Control Box (ACB); the ACB contains a restricted key system, agreed upon with the local FRS and must be tested and certified to high security standards (e.g., LPS 1175, STS 202); internal systems must integrate with ‘firefighter’s mode’ for lifts; for emergency egress, while break glass devices are common, vandalism-resistant stainless steel self-resetting emergency exit systems are often preferred, provided the installation fully complies with building regulations.

Legal and data compliance

The use of access control systems, especially those linked to video surveillance, brings significant legal responsibilities: Disability Discrimination Act = systems must be installed in compliance with the provisions of the latest version of the Act; Data Protection – if CCTV is involved, a Data Controller must be identified and comply with the GDPR and the DPA; this includes having a clear and justifiable reason for recording, informing people with signage that recording is taking place, holding footage securely and deleting it regularly and responding to Subject Access Requests within one month.

Failure to comply can result in regulatory action by the Information Commissioner’s Office (ICO) and may render footage inadmissible in court.

Maintenance and installation

To ensure continuous security, access control systems require a comprehensive maintenance program encompassing all components, including cameras, readers and control panels.

Crucially, installation should only be entrusted to experienced and trustworthy professionals.

Builders, developers and local authorities are advised to select installers affiliated with independent third-party assessment bodies, such as the NSI or the SSAIB.

These bodies audit members and ensure compliance with current British and European standards, providing assurance of a reliable and effective security solution.

In conclusion, a well-specified access control system is a dynamic management tool that delivers security, safety and accountability.

Its effective deployment requires a clear understanding of the threats, a strategic application (ideally guided by the SARA model) and strict adherence to safety and data protection regulations.

This article was originally published in the April edition of Security Journal UK. To read your FREE digital edition, click here.