Consultation with the customer is the first and most vital stage of designing an access control system. This should involve both those responsible for security and the users of the system in order to understand and clarify their requirements. The buildings must be surveyed in order to determine the number and location of the physical barriers required to keep out unauthorised personnel. These doors, lifts, turnstiles and car park barriers will be controlled by the system.
There may be a need to define high and low priority security areas within and around the buildings as well as how, where and by whom the system will be administered.
End user requirements include not only security but also how the system will integrate with the normal functions of the building and its employees, tenants and visitors.
The consultation should aim to agree a level of access control that is practical, while maintaining the appropriate level of security to ensure the system is used effectively.
Designing a PAC access system
For each system, it is necessary to specify the doors through which access is to be controlled. The building is then split into a series of ‘areas’ with each area, typically one room, having one or more doors providing access.
When cards or electronic keys are added to the system, they are allocated access to specific areas. This will allow them to open the door(s) leading to the specified areas.
In the simple example (Fig 1.) the following areas would be defined:
- Reception
- Office 1
- Office 2
- Manager
- Accounts
Note: If a reader is on the exit door then you would also have to define an area “outside” so that presenting a key to the exit reader would open the door and allow access to outside.
In the simple system, once the areas have been defined, access to the areas is defined in terms of the doors used to access those areas. For example, to enter reception you need access through door 1, for Office 2 you need access through doors 1 and 2, and so on.
Also note that if a reader is on both sides of the door then the system considers it as TWO doors. For example, there is a door from accounts to the Manager’s office (door 6a) and one from the Manager’s office to accounts (door 6).
Obviously, for a large system, it would be very tedious and time consuming to allocate access to people only via doors. For example, if ten people worked in Office 1 then you would have to allocate access through doors 1 and 5 and for larger systems it could be 10 doors, 20 doors or more. To make things easier, the software uses Access Groups. Access Groups are quite simply a collection of doors. For example, you might have an Access Group called ‘Accounts’ which includes doors 1, 3 and 3a, another called Manager containing doors 1- 6a inclusive, another called Office Staff containing doors 1, 2 and 5 and so on. Once these have been defined, you can then assign an Access Group, rather than individual doors, to a card holder. Once assigned, the card will provide access to all the areas in the Access Group.
Time Profiles are another feature of the software which are used to control access. This allows you to restrict access at certain times and can be assigned to a card or door. If a Time Profile is assigned to a card, the card will only be valid during the period(s) specified.
If a Time Profile is assigned to a door, the door will automatically unlock for the specified period. If anyone wishes to enter outside the specified period then a valid key is required.
A Time Profile consists of up to three Time Periods, each of which has a start time, end time and one or more days. The following are two examples of how Time Profiles may be used: It may may be assigned to an ID device It could be set up for cleaners who only come in from 18:00 to 19:30 Monday to Friday and 09:00 to 12:00 on Saturday. This would mean that the keys allocated to the cleaners would only be valid during these times.
It may be assigned to an access point It may be that the general public is allowed access to a reception area between 09:30 and 12:30 and 13:30 to 16:30 on Mondays to Fridays with an hour closed for lunch. The time profile generated would have two time periods, one before lunch and one after lunch. When assigned to Door 1, it would automatically unlock at 09:30, lock at 12:30, unlock at 13:30 and lock again at 16:30. Staff who required access outside these times would need to present their card to the reader to gain access.
A time profile may be assigned to a PIN pad
A Time Profile can be set up for a reader with PIN pad so that the ID device is all that is required to gain access at certain times of the day.Outside the times both PIN number and ID device will be required to gain access.
Recording transactions
Each time a card is used, the system records which card was used, when it was used and at which door. The outcome of the card use – ‘Access Authorised’, ‘Access Denied’ etc – is also recorded. All transactions are recorded and stored. You can then search this database and generate a variety of reports.
The reporting facility can be used to monitor attendance, but it is recommended that dedicated readers (i.e. not used to control access) are used. If this is done then IN and OUT readers are required. When you arrive at work you present your key to the IN reader and present it to the OUT reader when you leave. The system can then generate a series of attendance reports based on the transactions from the IN and OUT readers.
PC communications with door controllers
This section provides examples of different configurations of PAC Vision and PAC for Windows(TM) systems.
The first requirement of any PC based system (whether a single PC or networked PCs) is to communicate with the access control hardware. This is achieved through one or more PC serial or network ports. Usually only one port is required (additional network port in the case of PAC Vision).
It is through the serial and network ports that:
- All changes made to the system are sent to the door controllers
- All events that occur at the door controllers are received.
There are three ways through which the PC can communicate with the door controllers:
- The PC Interface Kit allows up to eight door controllers to be administered. It consists of an AC powered box with connections for the PC serial port, the first door controller (up to 1000m away) and a desktop reader.The desktop reader is used for reading ID devices into the system.
- The Central Network Controller (CNC) is used on larger systems. It allows up to 32 door controllers to be administered through a local port. It also has three RS232 serial ports that allow the use of dial-up modems to control remote sites. The CNC contains a proximity administration reader built into its front panel. A connection on the back allows for wiegand or magstripe readers to be attached for administration.
- PAC Vision can communicate via the network port communicating over a TCP/IP network (LAN or WAN) and Lantronix devices.
- TCP/IP Communications
- On PAC for Windows(TM) systems a CNC can be connected to a Piper unit. This allows TCP/IP communications over a LAN or WAN with PAC’s 2200 door controllers with Piper units attached.
Subscribe to the IFSEC Insider weekly newsletters
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
