Standard for Access Control (UL 294)By: Brian Rhodes, Published on Sep 03, 2013
Few specifications are seen more commonly in access control than UL 294. However, aside from seeing it in print, very few understand what it means. In this note, we break apart and define this spec, describing why it is a vital part of many Access RFPs.
A Standard Defined
The scope of UL 294 [link no longer available] covers three aspects of Access Control systems:
- Construction (Installation)
Essentially, the heart of UL 294 is a safety standard, where testing proves that system components can be assembled and operate reliably without hazard. In the case of access control, this is a step beyond just validating devices will not catch fire or spark - it attests that the system will not harm the safety or impede egress of those using the system.
In practical terms, this means doors will not accidentally stay locked and keep people in harm's way even during a malfunction. The UL standard subjects each labeled device to a range of testing designed to show the equipment meet relevant code expectations from:
- NEC (NFPA 99): Requirements that each component will not create a hazard either during (recommended) install or use (Sparking, Grounding)
- NFPA 72: Fire Code compliance, assures that controllers include interfaces with fire alarm/suppression systems
- NFPA 101: System devices
A UL 294 mark is a 'extra step' the vendor has taken to 'prove' their equipment is safe, and it stands as a 'mark of assurance' when included in buying specifications that dubious equipment will not be purchased.
While Underwriter's Laboratories offer a range of 'UL Symbols' that can be interpreted to signify different standards. In the case of UL 294, the mark looks like this:
The UL 'Security Mark' applies only to products such as intrusion detectors, burglar alarms, access control, safes, and vaults.
UL 294 includes several tests that evaluate how well devices withstand damaging environments. Devices are subjected to atypical electrical, environmental, and brute force situations, including:
- Variable Voltage
- Variable Ambients (Environment)
- Endurance (Ruggedness)
- Standby Power (Battery backup)
- Physical Attack Toughness
Tests are performed individually and are not 'layered' or 'stacked' simultaneously as might occur in the field. The exact methodology for each test depends on the device being tested, but the resulting grade is given in four levels of security performance with Level I (lowest level security equipment) to Level IV (highest level security equipment).
However, not all parts and features of an Access platform fall under the scope of UL 294. Two areas excluded from the scope include:
- Headend Server/Database: The scope reads "The accuracy of logged data is not evaluated by this standard", and also "This standard does not apply to supplementary computer equipment that is not necessary for operation of the access control system..."
- Intrusion Detection: Again, the scope details "Where an access control equipment and/or system incorporates the features and functions of a burglar alarm control unit, the requirements of the Standard for Proprietary Burglar Alarm Units and Systems, UL 1076, shall also apply"
This is important to note when careless specs are written that "All Access Equipment shall be UL 294 Certified", because this is inherently not possible. There will be major functional aspects outside the scope of the standard.
Large System Adoption
Especially for larger systems, UL 294 is common, including devices from: Mercury Security [link no longer available], C*Cure, S2 [link no longer available], Maxxess [link no longer available], Sargent [link no longer available], etc.
However, certification is done on a component basis, and there may be gaps in a brand's portfolio. If UL 294 compliance is required in a system, every hardware component must be checked for conformity, as there is no 'system' certification.
Systems and platform intended for smaller deployments (<100 doors) typically forego the certification, because it simply is not a purchasing driver for many non-enterprise customers.
Regardless of the 'safety' overtures, like UL certification for surveillance equipment, 294 is primarily used to exclude non-compliant systems from specifications. UL 294 evaluation is not mandatory for Access Equipment, and many vendors forego the cost of certification especially when their offerings are not well suited for larger government, institutional, and hospital verticals where 294 is commonly cited.
Likewise, while the mark's testing 'proves' that devices are safe, the onus remains on the field technician to install them in the correct fashion to indeed live up to the certification.