For centuries we, as human beings have had a need to protect our property.
These days, the property can be described as our physical possessions, information, or our families.
Organisations are the same, they may have expensive manufacturing equipment or computers that cost thousands of pounds.
Organisations may also develop or design products, which will create intellectual property.
This intellectual property may be of interest to other companies or people.
Most importantly, organisations have a responsibility to keep their employees safe whilst at work.
Access Control Systems are used to secure parts of a building, site or estate.
They ensure that what we are trying to protect remains secure, however it’s not limited to “keeping the bad guys out”.
If may also be used to ensure that employees are kept safe.
Imagine for a second, a chemical plant where chemicals are being handled or manufactured.
There is lots of dangerous equipment in use that needs specialist training before we even consider the chemicals!
In this instance, we may want to ensure that only people who have had that specialist training and are therefore safe to work in that area can gain access.
Why not use another method, such as a key or mechanical PIN Pad?
Keys do not restrict where someone can access based on a specific time or day – if a person has a key, they can enter an area any time they like.
Keys can quickly become expensive to manage. On the surface, keys appear to be cheaper than an access control system.
Physical keys quickly become expensive to manage – issuing, duplicating and returning keys is time-consuming and expensive.
If you use PIN Codes, when was the last time you routinely changed the code?
Do you always ensure that when someone leaves, that the code is changed to prevent them gaining access?
What information an access control system needs to work
An access control system is primarily interested in three things:
The access control system needs to identify us as people, or a Vehicle if we are controlling access to Vehicles.
We might use an identifier, such as a card, PIN code or biometric credential such as a fingerprint to identify people, and number plates or long-range tags for Vehicles so that the system knows who we are.
The access control system also needs to know where we would like to go.
This is so that the system can determine whether we should be allowed to go into that particular area.
We use a logical representation of a physical door, a group of doors, vehicle gate or turnstile to determine where someone would like to go.
Once we have identified ourselves and where we would like to go, the access control system is also interested in when we would like to access the door.
Some organisations may impose time restrictions to prevent employees access the building outside of core working areas where there is less supervision in case someone does something they should not be doing.
We also need to take into account public and bank holidays as some organisations will not want their employees gaining access to their building during a holiday.
Regulatory compliance is a consideration in some industries.
In the Financial services sector, for example, an employee should not be allowed to enter the building if they are on annual leave.
Authorisation templates combine the Who, Where and When to define access permissions.
This authorisation template is used by the access control system to make a decision on whether to grant or deny access.
Authorisation templates are usually linked to a specific job role, such as an IT Technician or Security Officer.
Some authorisation templates may be quite broad in scope, and could, for example, allow access to all zone 1 doors on an entire site or building, or could be very specific, such as 6 IT professionals who should have access to the Datacentre door.