Security directors value efficiency. For that reason, they are constantly on the lookout for tools that can assist them in their task.

Software is becoming a useful tool to many security directors. One area where it is particularly effective is access control.

SECURITY magazine recently spoke with Jerry Cordasco, vice president of business development for Infographic Systems, Garden Grove, Calif., about the benefits of access control software.

Q. What are some of the features and benefits of access control software?

First, you have to look at the benefits of an access control system in general. For instance, access control systems can eliminate the use of locks and key, and all the normal hardware that presents so many problems.

Which brings us to the issues of software. You can get access control systems that are more hardware based (as opposed to being PC-based) that have embedded software. Some of the smaller, low-end access control systems do not require a PC. But to say they don't have software would be incorrect because anything that is microprocessor driven has software. It's just a question of whether you are talking about software that runs on a computer vs. software that is embedded in a processor. If you look at some of the systems that are stand-alone access control systems, designed to handle only one door, they may have a microprocessor in it that allows it to read a card and grant or deny access, but there is no computer connected to it. When you grow to systems that have computers and use computer-based software that run under the conventional operating systems (Microsoft operating systems such as Windows '98 or 2000), then the benefit becomes that you can utilize all of the capabilities of a PC. This includes such things as database structure (the databases can be more complicated) and the parameters that you can set for who can get in where at certain times, etc. There is more flexibility when it's driven by a PC.

Some of the other benefits are the fact that you now have (hopefully in a good system) what is called a "real-time" engine that is controlling the access control functions themselves. Most good access control software is divided into two pieces. One piece being the database, which is where all the records-of the card holders and so on-are stored, and the other piece being the real time engine that handles the transactions that occur as people come and go. You couldn't have a competent database and a real time engine if you do not have PC-based access control software.

Q. How complicated is the installation and implementation of access control software?

It will vary. Some of the better companies have auto-configuration wizards that tend to be able to get the baseline system up and running quickly. The hardware is probably the most intensive part of the installation, because it requires physically bolting things to the wall, connecting wires, etc. Getting the software up and running, if it is designed well, is pretty easy. You can pretty much turn it on and get it configured in a matter of hours, but the real key is the size of the system. That will determine the degree of difficulty. If you have an office building with five to 10 doors, configuring that system to operate it the way you want it to operate may take a short period of time. On the other hand, if you are talking about an airport, with hundreds of doors, it will be more time intensive. The other thing that tends to be time intensive is the actual entry of the user/cardholder information into the system.

Q. How does an end user determine which software is most appropriate?

The first thing the end user will do is look at what platform the software operates on. Most platforms are Microsoft-based, since that is what most people are familiar with. This is crucial, because the capability and the dependability often depend on the platform.

The second thing they will look at is database structure. Access control systems are very database intensive. There are many different kinds and depending on the database, it can be easier or more difficult to enter/retrieve data.

Another thing to consider is user interface. The end user will want to know exactly what needs to be done to operate the system. They want to know what is entailed in performing normal functions, like unlocking a door or entering a cardholder.

Q: How is user information stored and accessed?

Typically the file server in the access control system-which is kind of the main computer-contains the database of all the users. Workstations are then connected to that so they can access information. The database is stored in one central location. Larger systems (i.e. airports) will have multiple file servers that have the data replicated in a number of locations. Often they do that for the purpose of redundancy so that if one file server fails, they don't lose the database.

An emerging trend in access control software is what's known as open architecture. Let's say you have a big company with a large number of employees and they already have information for employees entered in a large database, like Oracle or Peoplsoft, and then you want to install an access control system. They won't want to reenter data, they will want to share it. Open-architecture software systems will give them the capability to do this.

Q. What role does software play in integration?

Integration is a funny thing. There is only a certain segment of the industry's end users that have a valid need for integration. Often times, it looks good on paper but the reality often represents problems when it comes to operation. The more things you put on one computer-although it may seem like a good idea to connect them all-can be a problem for the person who is operating it. It will make it complicated and too hard to use.

I think integration plays more of a role when you talk about the interconnectivity of a building. Like, when someone swipes their card to get into a leased building or office, it automatically turns on the lights, or the HVAC; or when there is a fire, it automatically unlocks doors to allow free egress. We are also seeing more and more integration of access control and CCTV. Now, when an unauthorized person tries to get in to an unauthorized area, not only does the access control system prevent them from doing so, the CCTV system records that event and tags it so someone can go back and see who tried to get in.

Q. How easy is it to upgrade?

Most systems are designed to allow upgrades and migration paths pretty easily. The things that push someone toward an upgrade are when the manufacturer finds bugs, they might send out an upgrade or service pack, and they will bundle some fixes with a feature. With access control, it is not likely that the end user will have to upgrade unless they really outgrew the system. You should plan for at least five years of what the demand is going to be.

Q. What will see more of in the future?

I think that the open software architecture and open databases are really becoming much more prevalent and more important. Most of the older access control systems had proprietary database systems, and now the new ones are going to open architecture format. These will follow Microsoft's UDA (universal data access model) which is Microsoft's model for open architecture. We will also continue to see changes in the user interface.