Why electronic access control

A classic mechanical-key system protects a building only until an employee leaves without returning the key, or loses it. Then the correct option is rekeying the locks — a serious expense, multiplied across every affected door.

An electronic access control system replaces the key with an identification medium (card, fob, fingerprint, face) and moves the authorisation logic to a central computer. Quantifiable benefits:

  • Instant revocation — an employee who leaves loses access to all doors in 5 seconds, at no cost;
  • Full audit — the system records who, when, on which door, with filterable reports;
  • Granularity — schedules, levels, dependence on the presence of others (anti-passback, visitor escort);
  • HR and time-attendance integration — a single card for both access and attendance;
  • Intruder alarm coordination — auto arm/disarm based on the last employee leaving.

For any building with over 20 employees, the ROI is under one year compared with the cost of rekeying locks and time lost managing physical keys.

Reader types

The technology has matured radically in the last ten years. Current readers use:

  • MIFARE / DESFire proximity cards — the de facto standard. DESFire EV2 or EV3 are encrypted, practically impossible to clone. Older Em-Marin or HID Prox cards are obsolete — they can be cloned with under €100 of equipment.
  • Fobs / card-fobs — same principle as a MIFARE card, but in a more compact form.
  • PIN code — used as a second factor, rarely as a sole factor (risk of code sharing).
  • Fingerprint — local or centralised biometrics. Mind GDPR: biometric data is considered sensitive.
  • Facial recognition — growing, with similar GDPR controversies. Modern performance (IR cameras and 3D algorithms) is very good, but implementation requires legal counsel.
  • Mobile credentials (Bluetooth/NFC) — the phone becomes the key. HID Mobile Access, Salto KS, Aperio solutions. Very convenient for users, but dependent on phone battery.

For a typical B2B building, we recommend DESFire EV3 + optional PIN on critical doors (server room, warehouse, director’s office).

System topology

Three architectures are in use:

Classic centralised — each door connected via Cat.6 to a local controller or a controller integrated in a cabinet. Readers and electric strikes connect to the controller. The controller communicates with the management server via Ethernet or RS-485. Robust solution, requires significant cabling.

IP per door — each door has its own IP controller that communicates directly with the server. Cabling is only Ethernet (PoE), no local controller. More scalable, more flexible, but cost per door is higher.

Hybrid — a combination: main doors on IP, interior doors on a local controller. Optimal cost-flexibility ratio for most projects.

For a building with 40-60 doors, the hybrid solution is generally the most cost-effective.

Rights hierarchy

A well-designed system allows rights to be defined across multiple axes:

  1. Who (user/role) — permanent employee, temporary employee, visitor, supplier, contractor.
  2. Where (door/zone) — individual doors, door groups, floors, sections.
  3. When (schedule) — time slot, weekdays, public holidays, special periods.
  4. How (factor) — card only, card + PIN, biometrics, dual-auth (two people present).

A few rules for a healthy hierarchy:

  • Do not administer users individually — define roles (Production Worker, Shift Manager, Maintenance) and associate rights to the role. On hire/leave, only the role changes, not each right manually.
  • Define permanent schedules — “Normal working hours”, “Night maintenance”, “Visitors 9-17”, and associate them with roles.
  • Limit administrators — system administration rights should be held by 2-3 people maximum, with full audit of changes.

Integration with CCTV and intruder alarm

An access control system in isolation is utilitarian; integrated with CCTV and the intruder alarm it becomes a complete security platform.

With CCTV — every access event (card X, door Y, time T) gets a reference to the corresponding video fragment. The operator sees access data and image simultaneously. Tailgating attempts (one person entering behind another without a card) are detected automatically through video analytics.

With intruder alarm — arming/disarming happens automatically based on the presence/absence of cards. The last employee leaving arms the building without manual effort. The first employee in the morning disarms with their card.

With the fire detection system — on fire alarm, doors with electric strikes automatically unlock for evacuation (P118/3 requirement).

With the building’s BMS — lighting, HVAC, lift schedules synchronise with the access programme.

GDPR compliance

The data collected by an access control system is personal data. To be GDPR-compliant:

  • Legal basis — legitimate interest (security of goods and persons), formally declared in the processing register.
  • Information notice — employees are informed in writing about the data collected, purpose, retention period. Documented in the employment contract or GDPR annex.
  • Data minimisation — collect only what you need. Biometric data requires special justification (impact assessment).
  • Data retention — access logs are typically kept 6-12 months, then automatically deleted. Configurable in the system.
  • Employees’ rights — access to their own data, rectification, within legal limits.

The IGPR security systems licence we hold covers the design and installation of these systems in compliance with the GDPR framework and the specific legislation on the protection of objectives.

Mistakes to avoid

Four pitfalls encountered in projects coming for audit:

  1. Unencrypted readers (HID Prox, Em-Marin) in a building that requires real security — the investment in DESFire is recovered with the first prevented incident.
  2. No UPS for the controller — a power outage leaves the building either locked or open, depending on the electric strike type.
  3. Magnetic locks without a position sensor — the system does not know the door is open, only that the lock is energised/de-energised. You lose part of the audit value.
  4. Local management software, no backup — own server in the technical room, with no off-site backup. A hardware incident wipes years of history.

A project done right is invisible to the user (card touches, door opens) and fully visible to the administrator (audit, reports, alerts). That’s where the difference lies between an investment and a recurring cost.