Designing Access Control Guide

By Brian Rhodes, Published Jan 30, 2019, 10:13am EST

Designing an access control solution requires decisions on 8 fundamental questions.

This in-depth guide helps you understand the options and tradeoffs involved in designing an excellent access control solution.

The eight fundamental questions are:

  1. Are the Benefits Worth the Cost?
  2. What Do You Secure?
  3. What Forms of Authentication and How Many Do You Need?
  4. What Kind of Reader Should You Use?
  5. What Kind of Lock Should You Use?
  6. What Do You need at the Door Besides a Reader and Lock?
  7. How Do You Connect the Reader to the Network?
  8. What Type of Access Control Management System Should You Use?

This report focuses on selecting and designing electronic access control system (using cards, pins, biometrics, etc.) rather than key based ones.

Access Control Cost

While electronic systems are far more sophisticated and can be more secure, most people still use keys. The reason is simple: cost.

Industry averages for electronic access control ranges $1,000 to $4,000 per door installed. In contrast, Locks alone often run between $50 to $500.

While electronic systems provide many benefits over keys, they will cost thousands more per door than keys/locks. As such, you may determine the cost of electronic systems cannot be justified or that only certain doors are worth installing electronic access control.

Access Control Benefits

To determine if electronic access control is worth the cost, understand if the following benefits apply to your use:

  • An access control system simplifies management of access to the building. Keys do not need to be made and distributed to employees or contractors. Credentials (either permanent or temporary) are issued to the respective party, and that is it.
  • The potential risk associated with a misplaced or stolen key is significantly reduced. Typically if a key to an exterior door is lost, best practice and common sense would mandate re-keying the facility, lest that key fall into criminal hands. Re-keying is typically a large expense. Lock cores cost between $30 and $75 or more, and locksmiths upwards of $50 - $125 per hour, so a four-door building can cost hundreds of dollars.
  • Improved audit trail: With keys, no record is kept of who came and went through each door, and when. Intrusion detection and surveillance systems may provide some idea, but not as simply, or in as much detail.
  • With keys, in many facilities, staff must manually lock and unlock doors at the beginning and end of business. This requires time and introduces the risk of forgetting or not properly locking a door. Doors controlled by an access control system, whether controlled by a card reader or not, may be automatically unlocked in the morning and locked at night on a schedule, or when the intrusion detection system is disarmed and rearmed.

Access Secured Applications

After answering the why, the second question when planning an access control deployment is what. What assets are to be secured? Doors which are infrequently used, or by a very limited number of staff, such as closets, typical non-critical offices, and mechanical spaces, typically are not worth the expense of adding access control, unless a legitimate risk to high-value assets is expected.

Typical spaces we see access control applied:

  • Exterior Doors
  • Gates
  • Storage Areas/ Cabinets
  • Server Rooms
  • Classrooms
  • Key Control Closets

Exterior Doors

Typically, exterior doors are the first thing to be secured.

This simplifies access to the building, so staff do not need keys, while keeping unauthorized persons out of all entrances except those intended. Visitors may be directed to a particular entrance where staff can receive them.

Typically, this is done in one of two ways:

  • Indirectly: In this scenario, visitors to the facility utilize an intercom (audio/video is most definitely preferred) to speak to reception or security staff, who then remotely release the door so they may enter.
  • In-person: In this scenario, visitors simply enter the building through an unlocked set of doors and speak to reception staff. In both instances, the visitor may be kept outside of the facility entirely, or they may be allowed access into the building into a lobby or vestibule, which is secured by a second access controlled door.


Entry gates are commonly added to an access control system. This moves access to the perimeter, from the door, often desirable in high crime areas or high-security facilities. This is typically paired with surveillance and/or video intercom so staff may visually confirm who is requesting entry. The gate may then be remotely released for deliveries or visitors. Wireless interfaces make gate access control by avoiding trenching costs. The gate is usually controlled via interface to a gate operator or through specialized locks made for the application.

Cabinets, Storage and Warehouse Areas

Storage rooms, warehouses, and cabinets are easy targets for both internal and external threats. Securing entrances to these areas reduces access, provides a log of activity, and introduces an extra obstacle for anyone intending to steal supplies or equipment.

Data Closets

Along with network security becoming a bigger issue, access control of data centers and closets has increased. Considering the server room is often the brains of an organization’s operation, this is a good practice. Specialized systems exist for securing cabinets in larger, often multi-user, data centers.


With computers being a common target of theft in schools, locking classrooms is often desirable. Installing electrified locks on each classroom also provides lockdown capability, so in emergencies security staff may lock down the entire campus with a single action.

Key Control Cabinets

Many organizations, even those who use access extensively, still need to manage a certain quantity of keys, whether for vehicles, cabinets, or other purposes. Often, these keys are kept in a cabinet or on a backboard, which are conspicuous and an easy target for any criminal. Simply using a securely mounted cabinet with an electrified lock reduces this risk. More elaborate systems for key management exist as well, providing control and audit trail down to the level of the individual key.

Four Verification Factors

The primary goal of access control is to selectively let people in. To do so, you need to choose a credential technique for people to prove that they have legitimate access to an entrance. The practical options for authentication 'factors' cannot be all of the same types and are typically separately managed types of credentials. The 'factor groups' are commonly cited as:

  • Something the User Has: A credential/permission granted administratively to the user. Typically an access control badge, token, or fob. Also includes a mechanical key, membership ID, or passport.
  • Something the User Knows: Typically a code or password kept private by the user. Typically a PIN number, but also include 'Security Questions' or 'Last 4 Social Security digit' confirmations.
  • Something the User Is: Biometric features only the user is able to possess. Typically finger or palm prints are used, but other readings possible including face recognition, heartbeats, retina/iris scans, and even gait.
  • Someone Trusted Verifies the User: Under certain conditions, another human positively IDs and vouches for the user. This could be a manned guard or even a receptionist that grants access based on familiarity.

You can use these in combination. Indeed, this approach, called 'multi-factor authentication' is very popular among security practitioners.

Systems often use dual or triple mode authentication where users are required to use a pin and a card or a card and fingerprint or all three together. If both or all do not pass, entrance is denied. The big plus for this approach is that it makes it much harder for an illegitimate user to get in. The big downside is that it becomes inconvenient to users who will be locked out if they forget one and will take more time and hassle to get in each time they check in. Because of this, the number of factors of authentication usually increases with the overall level of security or paranoia of the facility (e.g., condos are single factor, military bases can be triple, etc.).

Electrified Lock Types

There are a variety of locks that may be used on access controlled doors, all having their application.

  • Electric strike: The electric strike replaces the strike plate in the door’s frame (the metal plate the door latches into), and will unlock when power is applied to it.
  • Electromagnetic lock: The most common lock used for access control, electromagnetic locks, or mag locks, or simply “mags”, consist of a coil of wire around a metal core, which produces a strong magnetic field when energized. The mag lock is mounted on the door frame, normally, and the door is fitted with a plate which matches up with it. Under locked conditions, the magnet is kept energized, holding the plate to it. When the door is unlocked, power is cut, and the door releases. Mag locks are easier to install than other types of locks, since everything is surface-mounted, but they have certain trade offs required for convenience and life safety, which we will touch upon later.
  • Electrified hardware: The most unobtrusive method of electrically locking a door, electrified hardware puts the locking mechanism inside the door hardware itself. These may come in either mortise or cylinder lockset forms, or in exit panic hardware. Either form retracts the latch when power is applied, unlocking the door. These locks may also build request-to-exit and DPS into the hardware, requiring even fewer devices at the door.

Reader Selection Criteria

Readers allow users to request doors to be unlocked and come in a wide variety of options. In general, reader selection begins with picking from units compatible with the primary credential format in use.

As detailed in our Selecting Access Control Readers Tutorial, credential readers come in a variety of form factors, from miniature to oversized, depending on the application.

For reader selection appearance is often a big factor. Mini-mullion sized readers may be used to be aesthetically pleasing on an aluminum-framed door, for example, while a 12” square reader may be positioned at the parking garage entry for better read range. Generally speaking, the distance at which a card can be read increases with the size of the reader.


A very simple form of access control, in which the user enters his or her PIN number at a keypad device to open the door. Keypads suffers from the inherent security flaws of PINs described above. See our: Worst Readers Ever post for more details.

Credential Readers

There are numerous card/fob technologies currently in use in the industry, both contact and contactless.

Contact Readers include magnetic stripe, PINs, certain biometrics, and barcodes. Despite being obsoleted long ago, magnetic stripe readers are still regularly used on college campuses and in other facilities, especially where cards are used for purposes other than simply access. However, a big drawback is contact readers are easily damaged by vandals, by inserting foreign objects, or even gum, into the slot. This is one of the reasons contactless proximity cards have become more common.

Contactless Readers

For contactless credentials, the reader emits a field which excites a coil on the card, which then transmits an embedded number to the reader.


For access control purposes, we typically see one of three or four biometric readers used: Fingerprint, iris, hand geometry, and retina, with fingerprint readers being by far the most common. No matter which reader you choose, there are several drawbacks to consider:

Access time is typically longer than when a card is used. In high-throughput areas, this may be a problem. You would not want to require an incoming shift of workers in a factory to filter through biometric readers for building access, for example.

Compared to card readers, biometric readers are expensive. While a card reader may be found online for $150-200, biometric readers routinely are priced over $800. This is offset somewhat by eliminating the expense of cards, but it must be taken into account.

See our Biometrics For Electronic Access Control for more.

Multi-Factor Readers

If a door entry reader supports proximity cards, fingerprint scans, and keypad codes for 'multi-factor' support, two or more credentials would be required for entry, not just whichever credential option was convenient for the user to present at the time.

The image below gives an example of a typical 'three factor' reader device:

See our Multi-Factor Access Control Authentication Guide for more.

What else do I need at the door?

Activation of this sensor signals the access control that someone is exiting. Motion sensors are typically preferred for request-to-exit devices, for convenience although other forms of Request to Exit devices are used:

Logic programming is an important part of RTE use. For example, if the door opens (the DPS switch reports open state) without a RTE being sent first, the access control system interprets it as a forced door alarm. The devices above require power, of course, so power supplies are another consideration when designing an access control system. There are three methods by which door devices may be powered:

  • A power supply centralized with the access control panel. This is the simplest method, requiring the least high voltage to be run and thus reducing cost. However, voltage drop may become an issue, so calculations must be performed to take this into account.
  • A power supply local to the door. This is common in cases where electrified hardware is used. The power draw of an electrified device is normally much greater than a mag lock or electric strike, so local power is installed, to avoid voltage drop issues. The downside of this is that it adds another point of failure, as opposed to a single central power supply.
  • Power over Ethernet. While adoption is still sporadic, Access Power over Ethernet is being utilized to power single-door or two-door controllers, which in turn supply power to many attached devices including RTE devices.

Door Position Switches

Because door position switched are used in a variety of systems, there are thousands of options available. Among those thousands, there are five or six basic types used in electronic access:

Many installers use the 'magnetic' bullet types in every situation and struggle with seemingly sporadic false alarms and system trouble ever after. Like other access components, choosing the right door position switch depends significantly on the door - which type of door it is, how often it is used, and even which direction it faces.

See our Door Position Switches (DPS) For Access Control Tutorial for more.

What Type of Access Control System Should I Use?

Three types of management exist for access control systems:

  • Embedded: Also called web-based or serverless, the access control system is managed wholly through the access control panel, via web page interface or occasionally software. Typically functionality is limited in this method, due to the limitations of what can be done in a standard browser (without added plugins, Flash, ActiveX, etc.), which will work on all platforms: Windows, Mac, Linux. Enrollment and logging functions are easily available, but real-time monitoring is more of a challenge. Cost is reduced, since no server must be supplied.
  • Server-based: The more common method, puts administration, management, and monitoring of the access control system on a central server. Client software installed on management or monitoring PC’s connects to this server to perform necessary functions.
  • Hosted: Cloud-based access control systems are managed by a central server which manages multiple end users’ systems remotely. The primary hardware required on site is the access control panel with an internet connection. User interface is usually through a web portal, making hosted access a combination of web-based and server-based management. The hosting company must manage the system as a traditional server-based system would be managed, but to a user, all interface is via the web.

When selecting an access control system, consider what features you will need at the present time, and consider where the system will go in the future. Some questions to ask:

  • Does it use standard card readers? While HID and NXP are well-known as access control industry juggernauts being OEM’d or supported by the vast majority of manufacturers, not every system utilizes compatible readers. Some manufacturers support only proprietary readers which would typically need to be replaced should the system be changed to a different vendor’s product in the future. Others utilize different cabling topologies, which usually require less cable to each door, typically a single cable, with all the devices at the door connecting to an intelligent reader or small controller. If future-proofing is a concern, as it typically is and should be, select systems which utilize standard wiring schemes.

3rd Party Controller Compatibility

Another consideration when discussing “openness” of a system is whether the selected manufacturer uses open platform control panel hardware or their own proprietary panels.

If the system runs on open hardware, most, if not all, of the head end panels may be reused when changing to a competitive system. Selecting a system that utilizes open hardware can save an organization thousands of dollars when changing to a different system in the future.

We cover 'openness' in our Axis vs HID vs Mercury Access Controllers note.

System Selection Criteria

In the case of a small organization with a handful of doors, open platform hardware may be a non-issue. If the required featureset is small, and the likelihood of moves and expansions is low, a proprietary web-based platform will suffice. However, for enterprise-level systems, non-proprietary hardware is highly recommended to avoid becoming trapped by a single vendor.

  • Do you require integration to other systems? Integration of surveillance systems (or other systems) with an access control system has grown in popularity in the past few years. For our purposes, we are specifically discussing software-based integration. Integrations via inputs and outputs or RS-485, has been in use for many years and are very functional, but is not true software integration. Some features you may expect via software integrations:
  • Integrating surveillance with access control allows access events to be presented to an operator with corresponding video. This reduces investigation and response time of the guard force. Integrated systems may also slew PTZ cameras in the direction of a forced door or access denied event.
  • Integrating intrusion detection with access control allows for arming and disarming of the system via card swipe. Sometimes this is based on the first person in/last person out, using people counting features of the access control system.
  • Integrations are rarely very “open”. Most commonly, the video management, intrusion detection, and access management systems must be from the same manufacturer. At best, an access control system will support a handful of video platforms. Intrusion integration has historically been strictly limited to the same manufacturer.
  • While intrusion and surveillance integrations to access are the most common, other systems may be integrated to the access control system as well, depending upon the capabilities of the access platform. If the intent is to use the access system as a full security management platform, displaying and correlating all alarms, fire alarm, building automation, perimeter detection, or other systems may also be considered for integration. The capabilities of some access management system are beginning to approach those of true PSIM platforms, though typically without the procedure element common to PSIM.
  • Many systems, especially web-based varieties, feature only integration to video, if any integration exists at all. This is especially common among the smaller access-control-only manufacturers. Integration to third-party systems is usually not a free feature of the software, either, and buyers should beware of licensing fees before making purchasing decisions. The only integration commonly free is with a manufacturer’s own video management or DVR systems.
  • How will the system be used? If all the system must do is unlock doors when a card is presented, simply to replace keys, make sure that the enrollment features of the system are simple to use. Chances are that live monitoring will not be crucial in a system such as this. Access logs should be simple to review, as well.
  • If the system will be used in a live-monitored scenario, it should offer all relevant information in a streamlined fashion, without clutter. Typically this will consist of an event list, in which all system events scroll through as they occur. Map views may also be useful, depending on the facility. This way an operator may see exactly where an alarm is occurring, speeding response. Cameras and other integrated system devices are also commonly shown on the map for ease of use.

Special Considerations

Outside the typical door access scenario, there are some special use cases of access control:

elevator access


There are two methods of restricting access to an elevator

(1) Call the elevator car upon a valid card read, instead of pushing a button. This method puts a single reader outside the elevator. A user presents his or her credential to call the car. Once in the elevator, the user has access to any floor he or she chooses. This is a simpler and less costly method of restricting access, since only a single card reader must be installed, but may not be applicable in all scenarios, if access to individual floors is desired.

(2) Allow selection of individual floors based on the credential presented. In this scenario, when the user enters the elevator, the floors he or she is restricted to are lit, and floors they’re not allowed access to remain unlit. They will only be allowed to take the elevator to floors they’re given access to. There are multiple drawbacks to this method, although it may be unavoidable if this sort of security is required. First, it requires a card reader be mounted in the car, which requires interfacing with the elevator’s traveller cable, or wireless transmission be used. Second, it requires an input and output for each floor to activate and deactivate each of the buttons, which may be labor intensive depending on how many floors there are in the building.

Harsh Environments

When utilizing access control in harsh environments, all of the devices in the system must typically be intrinsically safe, also called explosion proof.

What this means is that the device will not spark and potentially create an explosion. While there are card readers specifically produced for these environments, typically they consist of a standard card reader mounted in an explosion-proof instrument enclosure, readily available from electrical distributors, and easily fabricated in the field.

See our Hazardous & Explosion Proof Access Control Tutorial for more.


A function of certain access control systems, mustering counts employees exiting the building via a designated reader or group of readers. So, in case of emergency, security and safety staff may see how many employees and visitors, in some systems, are still in the facility.

Specialized wireless readers may also be used for mustering, In this case, the security officer carries a reader and has employees swipe their credentials as they reach the mustering point.

See our Mustering Tutorial for more.

[****: **** ******** *** initially ******* ** ****, and ************* *******/******* ** 2019.]

Comments (19)

Another great report Brian. You might want to add Bluetooth as credentials and readers in with this. We've not gotten much traction yet with the technology but it will become the norm one day.

That's a good point.  I'll add Mobile credentials to this report, ie: Mobile Credentials (BLE / NFC / Apps) Guide.

Allow selection of individual floors based on the credential presented. In this scenario, when the user enters the elevator, the floors he or she is restricted to are lit, and floors they’re not allowed access to remain unlit. They will only be allowed to take the elevator to floors they’re given access to.

I’m confused.  In my experience, a lit elevator button means you are actually traveling to that floor, an unlit one means you are not.

In any event, is the access control system notified of the button pressed?


In our area we offer clients three choices: 

1) Global control - a reader in the elevator that unlocks all floors, the card access system only knows that the elevator has been unlocked. 

2) Individual floor control - based on the access level you can only press certain floors. The card access system only has one output per floor with no notification on which floor is selected. 

3) Destination reporting - in addition to individual floor control every elevator button is connected to an input so that the access system can log which button was pressed and disable the other floors after a selection is made.  

We typically install option 1 or 2, rarely do we install option 3. 

Thanks for the response.

With #2 and #3, after reading the card, how long are the authorized floors enabled for? Just until one is selected?



In option #2 all the floors would stay unlocked for a programmed time period. The card access system does not when a floor was selected or how many floor buttons were pushed. You have the risk that someone else entering the elevator will "tailgate" but choose a different floor the first user authorized. 

In option #3 the access system knows you have selected a floor and when programmed properly will immediately disable access to all the other floors until another valid card is read. 

Most ACS’s would register the card read and log the transaction as if you presented the card at a normal door. For example; “Jon Smith - Card# 636478 - Elevator#3 - Valid”. When you swipe, it enables the buttons for the floors you have access to. They won’t typically tell which floor the cab is travelling to or which floor was selected unless you have a tighter integration with the elevator operator. We’ve configured some of our sites to have specific secure floors (requiring swipe) 24x7 while others are only afterhours simply by applying a schedule to the “door” (essentially leaving the button “unlocked”). Down side is piggybacking...3 people get on, 2 people going to secure floors, 3rd person could get off on either as others presented a valid credential. Because of this, we opt for low volume sites (less traffic) plus add secure lobbies per floor or require swipe for the call button in public lobbies if all above floors are “secure”.

Down side is piggybacking...

Maybe disable the “Door Open” button? ;)


Lock cores cost between $30 and $75 or more, and locksmiths upwards of $50 per hour, so a four-door building can cost hundreds of dollars.

Where are locksmiths working for $50 an hour?!?   

Recent quoted costs:  DC/Metro Virginia area: $95-113.50/hour

Boston/Suburban Mass: $95.00/hour

Tampa, FL: $75.00-85.00/hour

These were "to the trade" rates for smaller, fractional day work.

Send me some of those $50.00/hour folks please ...

Ha!  Locksmiths aren't cheap for sure.  I'll adjust that figure to be a range.

Speaking of this, wouldn't Kwikset Smartkey locks be a good alternative if losing a key and having to rekey was a likely risk? 

Their smartkeys make rekeying locks a very simple, very quick process anybody could do.

I use them at my house, I don't know how their commercial products are.  For work I keep all the keys in a C.Q.R.iT locker and don't let anybody use them.

First: I need to disclose that before IPVM I worked for a lock manufacturer whose main product was a commercial version of the same concept, a user rekeyable lock.  That product was available several decades before Kwikset's product.

With that disclaimed, Kwikset's product is not a threaded mortise cylinder, so it cannot be installed in the same locksets as standard 'mortise' locks.  It is mainly sold as a cylindrical cylinder into specifically matched levers and deadbolts, which isn't normally an issue for consumer/ residential customers.

The Kwikset design uses adjustable wafers instead of pins (as typical in a tumbler lock) and some have experienced the wafers breaking or fracturing in normal use, often making the design vulnerable to simple 'hammer attacks' forcing unlocks.  Other 'commercial' features like Master Keying is not possible with the current Kwikset design, and common commercial lock form factors like 'interchangeable cores', or 'SFIC' are not offered.

Also, the type of key Kwikset Smartkey uses, the KW1 key profile, is widely available, even from those kiosk key duplication machines.  Many commercial security users are not comfortable with key copies being so easy and quick to make.

So, is Smartkey a good concept?  Absolutely.  But there are better suited commercial locks and hardware available, in my opinion.


Other 'commercial' features like Master Keying is not possible with the current Kwikset design...

Don’t tell Mr. Jingles :)

Not to argue a semantic point, but there's two cylinders per lock in this 'tenant' system.  It is not master keyed, but a separate 'backdoor' cylinder.

...but there's two cylinders per lock in this 'tenant' system.

True, so no grand masters.  Which ironically means Mr. Jingles’ boss becomes the new Mr. Jingles...


Send me some of those $50.00/hour folks please ...

Profile Of A Trunkslamming Safecracker

Lol ... thanks Brian.  Something I find a bit inconsistent and unclear (and you do have this covered with the range of cost you provided in the body of the article for access controlled doors) is the average cost per door figure you see in various trade mags and articles.

Do those average per/door figures represent everything, i.e. EAC controller/power, and the electric lock, and all associated labor .... OR, are they only including EAC gear (controller + misc peripherals like door contacts, REX devices + wiring/tech labor)?

The actual range can be fairly wide as you stated since there are so many types of openings and applications, but if there was an industry average that includes everything (including the electric lock and locksmith labor), and would cover most single leaf door openings, what would it be?  I am mostly referring to a fully dressed access controlled door, not a standalone programmable lock.

I think the $2,000-3000 range would be fairly representative, with geographics playing some role in that range.  

At what point does the cost of a full blown access controlled door outweigh its benefits and shift the solution closer to a standalone programmable lockset/pinpad (which actually aren't that inexpensive if you need more advanced features).  An example would be looking at the cost/labor to fit out a storefront door for EAC with a card reader and electric strike versus using a solution made specifically for storefront doors (like an Alarm Lock Trilogy lock for storefront doors).  

Elevator control/restriction is common in new builds of mix use buildings. OSDP versus Wiegand readers may be a better choice for elevator cab installations, due to the greater distance limits for the wiring and electrical noise immunity.  A site having cab reader performance issues replaced the original Wiegand readers with OSDP readers to resolve the issue. The control panel must be able to accept the OSDP standard for readers.

Very great article. It is a must for every one that will design an ACS. it is an excellent guideline.

I think if you can add and highlight the visitor management system, it would be nice. so that it will be a full guideline for designing an ACS :)

Read this IPVM report for free.

This article is part of IPVM's 6,804 reports, 913 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports