How to Build a Complete Access Control System
Welcome to the adventures of complete facility access control solutions. Enterprise security leaders and integrators face diverse mysteries here, but each can be solved with an intelligent mixture of technology, security focus and IT collaboration, seasoned with a big dose of bottom-line business benefits.
Miguel Gonzalez, administrator of support services at Children’s Hospital Los Angeles, knew he had to do something matching the scope, size and growth potential of his facility.
Children’s Hospital Los Angeles, a nonprofit, academic, pediatric medical center, has about 4,800 employees and 600 medical staff providing healthcare among a 12-building campus spanning two blocks. When its current system could not meet their expanding requirements, Gonzalez investigated replacements. After reviewing major systems, he chose an enterprise security management system.
“We needed the ability to issue multiple layers of access and unlimited access levels, and the solution provided both,” says Gonzalez. “Being such a large facility, it created challenges for us to create new reader groups to accommodate individuals who needed special access. We also had challenges with the number of card holders that the system would hold.”
Single Card Solution
“The whole idea was to have a single card solution to get anywhere on campus,” says Vasken Arzoumanian of Marquis Systems. “They also needed an integrated system which included access control, alarm monitoring, video and badging in a single platform…We were able to leverage their IT network and save money.”
Scott Hightower, president of integrator Remote Protection Systems, observes that “integration is both a challenge and an opportunity.” He points out that, more often today, he works with facilities managers and IT directors in addition to security. “More systems are networked-based and more complex. It’s also a matter of the infrastructure, who owns it.”
Arzoumanian designed his client’s system to operate with Symmetry video management hardware. Existing Panasonic analog cameras operate via a switch and interface to the hardware platform. All new cameras are IP and connect directly to the video system.
From a more global perspective, Perry Levine, director business development – product portfolio at Siemens Industry, encourages such overall “big bite” integration projects and says that having the ability to tie multiple disciplines, i.e. access control, video, intrusion, etc., into a single security management platform has many benefits. All of these disparate devices are additional data points and, when brought together, provide complete situational awareness while maintaining business continuity beyond traditional security…a single user sign-on and permissions simplifies the interoperability, as well as ease of use, when all of these devices are data objects on the single solution.
At Children’s Hospital Los Angeles, the plan's success depended on a layered approach.
The hospital system secures all points of entry for employees or deliveries via proximity card readers and video. Employees present an ID badge to enter. A second layer secures critical areas such as the surgery suite, public elevators, stairwells and staff and patient transfer elevators.
“All elevators have card readers,” observes Gonzalez. “During the day we leave them open for visitors to use to get to patient floors. After visiting hours, card readers are activated automatically and only parents who have visitor badges can access those floors.”
A third layer: “Pharmacies and drug supply rooms have card readers to protect them,” adds Arzoumanian. Medication dispensing machines tightly control the drugs. “A person needs not only approved access to use these machines by hospital management, but access to the room where they are stored.”
Higher risk areas need a card swipe plus iris biometrics to enter. The retina scanner integrates with access platform, so if someone attempts to gain access who shouldn’t, an alarm sounds.
That Completeness Thing
Whether a new system or an upgrade, however, completeness makes a difference.
Shawn Reilly, director of security and chief of police at Greenville S.C. Hospital System (GHS), who may have thought he was seeing double or more, and he was right.
In the last 100 years, GHS evolved from a single free-standing hospital to an integrated delivery system and academic medical center with more than 10,000 employees, five medical campuses located throughout Greenville County and 167 affiliated physician practices across the Upstate region.
It seems to have or inherited almost as many access control systems.
So GHS decided it needed to streamline its systems on an enterprise level. About eight years ago, Reilly embarked on a long-term project to transform and upgrade access control as part of a multi-million dollar security overhaul.
To move its security and access control capabilities into the 21st century, it implemented an enterprise-level access control system for all five medical campuses as well as centralize the monitoring and management of the access control system from Greenville Memorial Hospital.
Tech Systems, according to the firm’s Wayne Smith, worked with both information services and human resources to re-badge its entire cardholder network, ensuring all individual credentials had the correct clearances. This was a massive undertaking in which Tech Systems relied on its team of Microsoft and Cisco-certified technicians, plus Software House Smart Services.
Seeing value with valuable partners, Hightower comments that, when enterprise security leaders consider a complete facility access control system, there are two factors to always consider: “Expectations and plans for using the system.” He advises facility and security executives to first figure out in as much detail as possible how the system will be used today and into the near-term future.
So that was the GHS strategy when it came to customization among the centralization. For example, GHS placed biometrics-based readers at key access points throughout its hospitals as a back-up mechanism for when a doctor forgot his or her badge. Biometric readers have also been added at each of the pharmacies to provide multi-factor authentication.
Reilly says one of his favorite aspects is interoperability between multiple platforms. By tying into the HR system to generate badges for employees, it eliminates potentially costly errors caused by misspelling an employee’s name and needing to rebadge at a cost of $10 per badge.
A new system can also overcome past disappointments. The city of Abbotsford is a progressive agricultural community with a growing population located just outside of Vancouver, British Columbia.
One of the greatest challenges the city faces is controlling access to their facilities. While they had a system in place, it simply was not measuring up, according to Victor Pankratz, manager, civic facilities. When the job of installing a new security system was tendered, the choice to hire Rose Security Services, which had done similar applications in the past, seemed fairly obvious.
Diversity of Buildings
Currently a Keyscan system is installed in approximately 20 of the city buildings. There are approximately 120 readers, and most operate on a single database.
The city has its access system on their wide area network (WAN), says Pankratz. “I can manage the system from my desktop at work or remotely from my laptop, whether I am at home or somewhere like Calgary,” he adds.
One unique feature: Present 3. In facilities such as the Exhibition Park, which consists of approximately 12 buildings, including show barns and other various spaces rented to community groups, Present 3 allows people on-site to lock and unlock doors for large groups that have not been equipped with access cards. The system also arms and disarms the intrusion alarm.
When it comes to IP-based access systems and so-called software and access control as a service approaches, there can be business benefits for some. Adds Levine, “This is a very effective way to minimize cost, as well as have a higher level of service. Smaller sites can benefit from the features and advantages of more robust solutions by only needing to install the field devices and not be hindered by the complexity of the host systems. Software as a Service (SaaS) allows for this level of flexibility while the service provider takes on the responsibilities of maintaining the proper hosting environment.”
For Martyn Scholes, business development officer for the U.K.-based Oldham Council First Response Service, his was a low-tech challenge but solved with a high tech twist.
The safety and security of the Borough of Oldham is watched over and protected by a detachment of the Manchester constabulary and by the services of the First Response Service team.
Controlling and storing the hundreds of keys at various locations throughout the command center was a manual procedure, and the systems in place ranged from wall mounted key safes with a single lock to vehicle mounted cabinets. A manual log book was used to keep track of key access and return with only an honor system in place to ensure the recording of activity.
Control the Keys, Control the Access
“All the staff had access to the keys and we were unable to keep track of sets of keys,” he points out. “The main problem was that, after finishing duty, it was a common occurrence for the staff to go home with keys in their pockets or leave keys in the vehicles. It was only a matter of time until we were faced with a critical situation.”
After viewing competitive presentations, Scholes proceeded with a Morse Watchmans solution for an automated key control and asset management system.
The system comprises three 96-key cabinets and one 8-key cabinet. The smaller key cabinet is used to house the vehicle keys, and the larger cabinets house all other keys. All staff has access to the four cabinets but not access to all the keys. Staff can only remove a key to which he or she is authorized to use by entering his or her pre-programmed PIN code or, on the larger cabinets, by swiping an ID card through the integrated card reader.
The system also allows management to set user restrictions or parameters for optimum key control and management. Scholes adds, “We are now in a position that at any given time we can identify who has a particular key and also how long the key has been in their possession. This is of great assistance to us as certain keys need to be accessed as many as four or five times daily. We also have a duty to open and close council assets at specified times and the automated tracking data has been invaluable.”
This article was previously published in the print magazine as "Making Access Complete, One Way or the Other."