DIY Access Control Functionality Survey
We’re an installation company that works primarily in alarms and access control and are interested in getting together an access control functionality survey – do you know of one, or do you have any ideas that might get us started?
A: What it sounds like you’re looking for is a survey that will offer you a snapshot of the site, the system and its functionality and we have a few ideas starting with the site and moving on to the systems and management functions. This list is shooting from the hip – there’s going to be some crossover with alarm systems and integrated CCTV functionality here.
Does the site have an external perimeter?
Does the site share external walls?
How many entrance points does the site have?
Is there a manned gatehouse?
What does the gatehouse manage?
If the site gets many deliveries, how are these managed, are events stored?
Is LPR used at entry points and time and date stamped?
How many entrance points are access controlled?
Are access points and adjacent structures suitably hardened against physical attack?
Are windows protected by film, defended by glass break sensors?
Are internal spaces and access routes monitored after hours by sensors?
Are secure spaces protected by monitored intrusion sensors?
Are controlled access points always locked?
Do controlled access points fail secure or fail safe?
What are the locking mechanisms – strikes, mag locks, mechanical locks, wireless locks?
Who manages mechanical keys – is there a smart key management system?
What is their rating against fire, physical attack?
If access points are controlled after hours, what is the time scheduling?
Are the access points covered by CCTV cameras?
Is face recognition technology used at the access points?
Who has access to those cameras and from what locations?
Is the site manned 24 hours a day?
Does the site have a backup power supply?
What is the access control solution installed at the site?
Where is the access control system located and who can access it?
What is the authentication technology, is it 1 or 2 factor?
Are high security readers used for high security areas – biometrics?
If biometrics is used, what biometric technology is employed?
If a card is used must it be worn as an ID badge?
If a smart device is used, what are the security settings required for the device?
What are the authentication rules?
Is there mechanical override of access points?
Is the system and all its sensors remotely monitored?
Are access controlled doors monitored for state with threshold breaches reported?
Do locks feature tamper alarms?
What is the management software of the access system?
Who is responsible for responding to security incidents, alarms, alerts?
Are all access and alarm events logged?
Is the management system accessible via an app – who gets notifications, who can access?
Is the site managed by an enterprise solution/PSIM, who has admin rights, operator access ?
Is the system on a shared network or a dedicated network?
Is the access system controller-base, server-based, virtual server-based?
If a virtual server, who is responsible for emergency response to failure?
Does the access system have UPS support?
Is the network room and security closets secure, alarmed, monitored?
Can anybody access the gates/entrance doors or is access limited?
Does the site include turnstiles, mantraps, etc?
Is vehicle access to the site controlled?
Does the access control function begin in the foyer?
Who authorises site entry, what are entry procedures?
Who authorises authentication, what are ID checks, visitation checks?
What are the procedures for authentication in event of an emergency?
What is the process for emergency access?
Who is responsible for managing these processes?
Is there a visitor management solution?
Must visitors identify themselves using official ID like DL?
Must all staff and visitors wear ID badges?
Must staff escort all visitors?
Who manages this solution daily and who is responsible for security incidents?
Who has a relationship with local police and emergency services?
How many master users have access to all areas of the site?
How many administrators have access to the entire management system?
Are staff encouraged to challenge anyone without an access/ID badge?
Are alarm events set to a local security team, a remote monitoring team?
Are emergency exits able to be used from within only?
Who has responsibility for maintenance, repairs and upgrades?
Who responds to alarm events during business hours, after business hours?
Are all staff appraised of emergency procedures for events like fire, threat?
We could go on and on with this but there’s a degree of brain fry starting to happen – this should give you a place to start. You are also going to need to give weighting to these questions in order to establish a site’s overall security status – perhaps a 1-5 star value allows most nuance while retaining simplicity.
Obviously, take a long look around the sites you are working on – some will be easier – small commercial, industrial with tight teams. Others, like shopping centres, with huge numbers of shoppers and contractors, are going to be way harder. When things get complex, you need a good consultant.