This primer provides fundamental information on the planning, implementation, and ongoing management of physical access control systems. Looking especially at the full cycle of implementation from the end-user's standpoint, the article highlights important and often unforeseen issues that frequently accompany access control projects. Planning for these common issues frequently translates into saved time, resources, and investment, whereas a lack of awareness can lead cost overruns, lost time, and ultimately an unreliable system.
Access control projects should occur in four stages:
Training and Ongoing System Management
Stage One: Planning
Here are the aspects of planning that project planners and end-users often overlook.
To begin the planning stage start by asking the fundamental question:HIPAA, SOX, FIPS-201 or numerous others? Or did your organization recently have an incident that an access control system may have prevented?
"What am I looking to accomplish with this system?"
Are you a security manager looking to protect your facility from intruders? Or a human resources manager looking to integrate your time and attendance system with access control? Or looking to achieve regulatory compliance with
Security projects are frequently reactive. I receive many calls from businesses seeking to implement security systems resulting from a singular and isolated incident. Before making the final decision to implement access control be sure you have weighed the cost/benefits ratio for your organization. Seeking solutions that employ access control requires significant resource coordination. A properly planned and implemented access control system can significantly mitigate risk and potentially improve efficiencies to the bottom line—unless the system is either overkill or insufficient for the specific needs it is intended to address.
Planning Stage Project Improvement Questions and Considerations:
1. Who will oversee the project in all of its phases? Access control project require coordinated efforts of numerous individuals and departments. An individual knowledgeable about your facility layout will play a critical role. This person will need to conduct walk-throughs with the access control system integrator and should be familiar with your fire alarm system, electrical systems and general building systems. In specialized environments, other individuals must also take part in the walkthrough, such as building management personnel in leased environments or the Human Resources department when integration with time and attendance systems is on tap. A missed walkthrough by a crucial individual or department can easily cost weeks of time to reschedule.
Trying to delegate out the necessary walk-throughs, interactions with contractors, contract negotiations, project oversight, and planning is a frequent and big mistake. Even in small office environments, access control projects will touch many departments and systems: building/facilities, the fire alarm system, various contractors, human resources and a host of other examples. These aspects of the project should be handled by an individual or by a coordinated team if practical. Poor project oversight will result in misinformation and wasted time.
2. Who will need to be involved?
Note: For key employees, involvement will extend through the later stages of the project. Understanding and communicating these requirements now will help set their expectations and will help you schedule necessary meetings, inspections and sign-offs down the road.
3. One crucial party often overlooked is the organization's information technology department. All access control systems reside at minimum on a PC, and almost always transmit data across the network, even in smaller environments. Consult with the IT group during the planning stage and schedule their involvement during the later system implementation phase.
4. The fire alarm system is oftentimes particularly challenging to successful access control implementations. Building codes from the National Fire Prevention Association such as NFPA 72 and NFPA 101 Life Safety Code must be consulted during the planning stages of an access control project. These codes often (but not always) require that an access control system be connected to the Fire Alarm Control Panel (FACP). From the planning perspective this FACP connection is frequently a major issue. If your FACP is leased, part of a larger building fire alarm system, a proprietary system, or otherwise "locked", you will need to coordinate the unlocking of this panel with whichever 3rd party has ownership of that system. Your local AHJ (Authority Having Jurisdiction) has the final say on your access control system. Normally the role of AHJ is designated by the fire alarm department serving your facility. Other jurisdictions may have a Codes Department official designated to perform the role of AHJ. Be sure that your security contractors have experience working with this individual. As permits are often required for low-voltage work be sure to coordinate with your contractor on who will pull the permits. It is crucial to have these pulled well before your installation kicks off. Be sure to continually monitor the permit process; I have seen numerous job hold-ups due to the contracting party or contractor not performing due diligence on the permit process. Lastly, know that fire alarm codes are a highly organic subject matter. While the codes are vigorous and detailed, systems, buildings, code interpretations and AHJ's will influence the installation of your system. This knowledge is especially helpful if you are managing a diverse array of facilities. Be sure local project managers have a firm grasp of the above issues.
5. Do you have enough copies of your blueprints? Blueprints are oftentimes the bane of an access control project. Have your facility blueprints available in duplicate copies, enough for all your bidders and other parties to work with. Blueprints usually take a long time to obtain and typically need to be sent out to a third party capable for quality copies. Without blueprints your contractors will be making pencil sketches of your facility, you won't have anything formal to submit (if required) to the AHJ, and you willnot have an accurate layout of your system for future use.
6. Who will manage the access control database (and how)? In the planning stage you should put together your list of employees who will need access to the facility. You should give particular thought to the organizing of this database. Almost all access control systems will have a very granular ability to manage your employees' ability to pass through the various controlled doors in your facility. It is practical to set up employees' facility access in accordance with their schedules, and also take holidays into account. Whatever schedules your facility operates under should be taken into account. Also consider temporary employees, janitorial services, and any other non-employees who may need access to your facility. Having as much detail as you can available during the planning stage will save significant time later when you program the system. If you are switching to a new access control system, be sure to save the databases in existing systems for the transition. Some contractors may even program your database prior to installation; this can be a major time saver! Why not have your cards and users programmed in and ready the system to go online as soon as it's powered up?
Stage Two: Procurement
By now you should have assigned all key personnel attached to the project, consulted with the relevant building codes mentioned above, obtained and made copies of your blueprints.Now you are ready to begin making contact with access control vendors.
Good vendors are hard to find. There are security companies of every size and scale, from global to local, available to install your access control system. Though most all of them are capable of installing your system, honing in on the "right" one is more difficult.
Procurement Stage Pointers and Questions: 1. A good starting point is to obtain quotations from at least three vendors.
2. I also encourage you to set up an initial walkthrough inclusive of all your potential vendors. By doing this you'll be more likely to get quotations from your vendors with minimum differences. Comparing disparate scopes of work is confusing and not usually viable from a financial analysis standpoint. Differing equipment, software features, and system interpretations by vendors can quickly dismantle the ability to compare your quotations. Try to find three vendors who can provide quotations on the same system. By standardizing on a particular system you'll eliminate much of the difficulty of analyzing the hardware aspect of your bid.
3. In deciding on a standard system, you should consider whether you want to select from an open-architecture platform, or a proprietary system. This is especially relevant if you plan to use a single platform to manage multiple facilities. Certain geographical areas may not have suitable support for a proprietary system. This is another good time to liaison with your IT personnel, who may need a system that can operate under varying network architectures.
Here are some other helpful vendor qualifying questions you can ask during the procurement stage:
A. How many access control projects similar in scope and size have you completed in the past year? Can you provide references from these clients?
B. Is your system proprietary (meaning it can only be installed and maintained by certified individuals), or open-architecture (usually interchangeable between companies, and between a wider variety of devices and platforms?)
C. If we signed a contract today for the installation of the access control system, how long will it be until you can begin the installation? -- Companies can often have backlogs extending for 6-8 weeks, or have to order parts which can create an equally long wait time for installation. Look for a vendor who will commit to a specific installation date, and take note of how long it takes vendors to respond to this request.
D. Does the vendor have a guaranteed service response time in the event of a problem with the system? (24-hour or same day is ideal). Also, ask whether you'll be calling a local representative or a corporate call center environment for service requests and other inquiries. Will your local representative be available for help after the system goes online? How long has he or she worked for the company? Take note how long it takes you to receive responses to phone and email messages from your potential vendors. If they are slow during the sales phase, they're likely to be slow when it comes to service.
E. What are the financing options? Look for a company that offers purchase, rental, and third party lease options. Specify that you want all three options presented in your quotations. Involve your organization's finance individuals during procurement. Tax implications, setting up net payment arrangements, depreciation of equipment, and contract reviews are all important financial aspects of the access control system that need to be accounted for during the procurement stage. Once a final vendor is selected, be sure to take the time to set up interaction between your finance department and the vendor's billing issues frequently eat up time and make everyone unhappy, but can often be avoided with a few minutes of due diligence during the planning stage.
F. Be sure to ask your vendors for a maintenance agreement quotation. Generally, maintenance agreements cover the loss of equipment due to general failure. Be sure to ask what the manufacturer's warranty is for all the equipment being installed. Some manufacturers offer one- to three-year warranties on their equipment—but systems integrators may or may not honor those warranties. Be sure to get it in writing! Look for a company that honors or exceeds the manufacturer's warranty, and ideally covers both the materials and the time a technician spends at your site. Ask the vendor to provide an hourly maintenance price as well. If your manufacturer's warranty is for several years it may be financially advantageous to pay the integrator by the individual service call, rather than via a recurring maintenance fee.
Stage Three: Project Management
The procurement phase (if you handle it correctly) ends when you have signed an agreement with a vendor. Now you are ready to start project management of the installation process. You should have a project schedule in place, making sure to send it to the necessary individuals in your organization (most of whom you already involved in the planning stage). It's a good idea to prepare all employees for the presence of installation technicians, as they will likely be running cabling throughout your facility, using power tools, and otherwise marking a definite presence in your building. Cutting door strikes and mounting access control hardware often requires that doors and areas of your facility will be out of use for significant time periods. Keep close contact with the lead technician on the job, as he or she will best know the daily work schedule and can help you to prepare whichever employees and work spaces will be affected during the installation process.