The purpose of access control is to grant entrance to a building or office only to those who are authorized to be there. The deadbolt lock, along with its matching brass key, was the gold standard of access control for many years; however, modern businesses want more. Yes, they want to control who passes through their doors, but they also want a way to monitor and manage access. Keys have now passed the baton to computer-based electronic access control systems that provide quick, convenient access to authorized persons while denying access to unauthorized ones.
Access control is a way of limiting access to a system or to physical or virtual resources. In computing, access control is a process by which users are granted access and certain privileges to systems, resources or information
In access control systems, users must present credentials before they can be granted access. In physical systems, these credentials may come in many forms, but credentials that can’t be transferred provide the most
The Basic Parts of an Access Control System
Today, instead of keys, we carry access cards or ID badges to gain entry to secured areas. Access control systems can also be used to restrict access to workstations, file rooms housing sensitive data, printers, as well as entry doors. In larger buildings, exterior door access is usually managed by a landlord, or management agency, while interior office door access is controlled by the tenant company.
People new to access control may think the system is made up only of the card and the card reader mounted on the wall next to the door. There are a few more parts behind the scenes, all working together to make the magic of granting access to the right person. That’s what this guide is about. Reading it will give you a full and comprehensive understanding of how access control systems work and the language required to communicate with vendors.
Is it absolutely necessary that you learn about access control yourself? No, definitely not. But it will save you time if, in the middle of your project, a problem arises or an important choice must be made. You can seek advice from the installers but they’ll likely answer in access control language; however, you don’t have to take a crash course or call a security-control consultant just yet. But when you do, it helps to have a basic grasp on the subject and your education is free when an online search turns up a resource like this.
Role-Based Access Control (RBAC)

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

In our world of on-demand availability, access is extremely important and often assumed. While it’s easy to say, “I’d like to restrict and control access, that’s why I’m looking at access control,” the question should actually be, “How should we set up access control to least interfere with user behavior, yet provide the secure controls our business needs?” The answer is Kisi’s on-demand access. It gets everyone through the door while maintaining control.
The Five Phases of Access Control Methodology
Authorization
Authorization is the phase that turns strangers into members. The first step is to define company policy; determine what people can and cannot do. This should include who has access to which door(s), and whether members of the organization can share access.
The next step is role-based access control (RBAC), as explained in the previous section. By assigning roles to users, they get a certain set of assigned privileges. This comes in handy for administrators since they don’t have to individually update every user, should something change.
Most organizations use employee directories in tandem with RBAC, since these lists include all authorized employees as well as their access levels.
Authentication
Access
Unlock:
Trigger:
Infrastructure:
Manage
Scale:
Monitor:
Troubleshoot:
Audit
Scale:
Suspicious Events:
Compliance Reports:
Choosing an Access System
The technology landscape is changing fast in the physical-security domain, where access control systems, based on newer technologies are mushrooming. This can create confusion for anyone charged with outfitting their facility with one—but if they take it step by step, everything will come together.
The first step a company should take is obvious—do a count of all the doors that need to be secured; not just the entry doors, but also IT room doors where expensive equipment and security-related devices are installed, and for companies handling sensitive healthcare or financial data, the file rooms or offices where computers processing this data are kept.
Properties of a Quote:
It’s also important to make sure the quote includes a Certificate of Insurance (COI). Many landlords and building management companies require this because it ensures that any possible damages incurred in installation will be covered.
And lastly, for those who want to go one step further with their access control education, we’ve provided a cheat sheet.
What to Look for When Selecting an Access Control System
- Compatible with third-party hardware and free from lock-in
- Support logical security
- Be in line with local regulations and standards
- Be capable of integrating with surveillance and other security systems
- Be capable of Integrating with existing hardware to reduce capital costs
- Support modern modes of communication like cloud/mobile access and especially the Internet of Things (IoT)
- Should be highly robust with reliable networks
- Support modern wireless and wire-based technologies like Bluetooth, NFC, RFID, PoE, and others
- Support multiple types of authentication input such as biometrics, passwords, mobile apps, cards, key fobs, two-factor authentication, and others
- Latest end-to end data encryption during transmission
- Easy to use and configure
- Affordable and powered by professional-grade customer support
- Support all configurable features, like zoning, time-based access, role-based access, level-based access, count-based access, and other factors.