Over the last decade or so, huge strides have been taken in the field of corporate access control. Nowadays, access to an entire organisation’s many and varied satellite offices dotted all over the globe can be controlled by a central server communicating with a number of distributed panels. These are then used to control ingress and egress through doors, lifts and car parks by virtue of various types of well-developed reader technology.
The natural drive in product development has been to make the access control software as functionally rich as possible. Often described as multi-functional, the cards or badges used to open doors might also be deployed for computer access, cash transactions and personal identification.
In essence, system providers have focused on making the systems simple to use, certain in the knowledge that little end user training will be needed and that the systems devised will be able to manage entire enterprises. With the correct privileges, for example, a security guard can open and close the door to a bullion room from the other side of the world. Conversely, by altering certain parameters the workforce of an entire corporation might find themselves locked in or out.
When he was looking to source an access solution for financial services company the Halifax, Tony Ridley – the plc’s manager of security services – wanted "operational advantages". He told SMT: "We wanted to be able to add and remove cards in an instant if they were lost, stolen or simply damaged."
As befits an organisation employing over 36,000 people and up to 4,000 subcontractors, security is at the top of the agenda (not least because of what the plc ‘does for a living’, of course). With maximum flexibility in mind, Tony Ridley specified a Public Access Terminals (PAT) system that would offer not only an access solution, but would also double-up on cashless vending and provide photo ID to boot.
"If you go for a contactless card solution," added Ridley, "you’re obviously going to eliminate wear and tear on the cards. The great benefit, though, is that the system we chose involves the user having to hold the card virtually against the reader. With conventional proximity solutions, doors may be opened from much greater distances – a process that runs the risk of allowing unauthorised users to gain access to secure areas."
Using the PAT system has also enabled Ridley to grant access for certain members of staff in particular buildings or rooms. "Time dependency can be built in, and we’ve brought Girovend on board for cashless payment," said Ridley.
Machines located near the staff restaurant cash tills allow personnel to replenish their cards with credits. "Staff are now tending to take much greater care over their access cards," added Ridley. "Losses have been reduced significantly since we introduced cashless vending."
The system that Ridley has chosen – namely the Enterprise Security and Information (ESI) system – also boasts reporting functions with read outs of which doors, turnstiles and entrances have been used by particular members of staff at specific times. In turn, such information may then be used alongside CCTV footage as corroborative evidence in allegations of unlawful behaviour.
Access in the education sector
True versatility is a quality that all-too-few student ID and access control systems possess. Most of the packages that appear on the market are designed to be capable of working with solutions from the same developer and nothing else. Such an approach is flawed with, disadvantages in a number of situations (in particular wherever access control functions need to be integrated with existing legacy photo ID systems).
Exactly that situation faced the security team at South Bank University. The team was considering the addition of an access control solution to its current ID card production software. Having chosen an ESI system (with an eventual 18,000 issued cards), the completion of each phase of the scheme’s development will see the installation of an additional 20 turnstiles. These will supplement those already located in the University’s renowned Learning Resource Centre.
In use, mag-stripe readers at each turnstile are connected to the ESI for education software. This links to the University’s own SQL database, dynamically retrieving information from the server on the status of each student. Any out-of-date cards cannot then gain access.
And it’s here that the ‘three tier’ architecture PAT has developed for the ESI really comes into its own as far as the end user is concerned. ESI makes use of a link that requests selected information from the main University database. The software then deploys this information to enable individual cards to operate the appropriate access rights assigned to them. This process is fully automated, allowing ESI to be completely separated from the University’s main database.
One benefit is that it’s then virtually impossible for data to be corrupted or deleted, be it maliciously or inadvertently.
As most colleges and universities already have their own databases, of course, PAT provides these dynamic links that can interface with a variety of databases. In the case of South Bank University, an SQLv7 server was already installed courtesy of a third party organisation, and proved suitable for the task at hand.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
