From the Front Lines of Access Control

Jul 1, 2003 12:00 PM, BY PAUL FREIRICH


         Subscribe in NewsGator Online   Subscribe in Bloglines

I have been associated with a security systems integrator for 30 years and have been president of it for almost 13. During all those years I have designed and sold a fair number of access control systems. I can say without any trace of guilt that about half of them are not worth a damn.

I have no guilt because the systems work perfectly, just as advertised. However, in a distressingly large number of cases, the end-user has not applied the human resources necessary to keep the database up-to-date. Time after time, I go to a customer's place of business to help them out with a perceived problem with their system, and time after time I do a search of their database and find people with two, three or sometimes even four access cards in their name and all of the cards are valid!

When I ask why someone has multiple cards in their name, the answer never varies: “They lost their card so we issued them a new one.” My response is to ask why they did not void out the lost cards. The response comes from some harried secretary whose collateral duty is to maintain the access control system and who has received no training on it: “Well nobody told me to do that.”

T is for Training

Training is the bane of our existence. We offer our clients unlimited initial training on a new system. However long it takes to make a customer comfortable with a new system, we are willing to invest that much time with no extra charge. That's really self-serving on our part because the more comfortable with a system the customer is, the fewer calls we have to field later on. But if you call us to train more people six months later, we impose a substantial fee. Many customers balk at paying handsomely for our time later on. Here's a story to put that into perspective:

When scheduling the initial training sessions for a new system, I always ask the customer for at least three trainees. You can count how often I get all three on the thumb of your left hand. Almost unfailingly, I'll arrive on the scheduled training date only to find good ole Charlie sitting there. When I ask where the other two trainees are, it's like the answer comes from a script … “We're really busy this week and we can't spare anybody else. Charlie, here, is our IT expert, just train him and he'll teach our other folks later.”

So I start training Charlie and, happily, he's really sharp and picks up the system operation like a sponge. By the end of the day we are pretty good friends and good ole Charlie has the bit in his teeth with regard to programming the shiny new access control system. From time to time Charlie and I touch base on the phone about their system, but he's really got it humming along well and really doesn't need any help from me.

Fast forward six months later, when I get a frantic phone call from a frantic secretary whose boss has just lost his card and wants a new one issued ASAP. “I don't know how to do this,” wails the secretary, and I try to offer assurance that Charlie can do that in his sleep.

Do you see it coming? Of course you do. In a still, quiet voice the secretary says, “Well, Charlie's not here any more…” Think that's an apocryphal story? No siree, it happens over and over again.

Saying the Unspeakable

Now here comes the real heresy. I believe that card access systems are probably the most over-sold systems in the entire security spectrum. Lately I have changed my approach to a new customer. Now I sit down at an initial meeting with them and never launch into a discourse on all the wonderful features of my system. I look them in the eye and simply ask, “What do you need the system to do?” Very often the only response I get is a blank stare or a nervous laugh. The customer has been overwhelmed by silver-tongued devils (like me) with their slick color brochures and their laptops loaded with whiz-bang demo programs replete with multiple functions, bells, whistles and kazoos. They have been carried away with visions of all the wonderful things the system can do for them. The sad fact is, however, that they have not sat down with a pad of paper and thought out what they needed the system to do. The emphasis is not on what they wanted the system to do, but rather on what they needed the system to do.

I coined a term a while back — “specsmanship.” Let me explain. Let's say a company comes out with a very nice access control system that does about ten things pretty well and of those ten features most of our customers use about five. In a few weeks that system becomes obsolete, however, because a competitor comes out with a system that does 15 things really well. Of course, the first company couldn't be left behind, and being responsive, expands its system to do 22 things, most of them pretty well. The race is on and back and forth it goes. In order to appear competitive, our specs have to look better than their specs and our system now does about 130 things really well, of which most of my customers use, see it coming? Right, five.

Any customer can use many of those 130 features and store video images and print voluminous reports. The only real problem is that the vast preponderance of customers have not given the slightest thought as to who is going to make all these neat things happen and how much time it will take to do it. That's exactly why databases get out of date.

“Backup? What backup?” Please inscribe that question on a stone tablet. It is what we always hear when the customer calls to tell us they have had a hard disk crash, and we tell them that with the operating program CD and their latest database backup we can have them up and running again in a few minutes.

With one exception, none of my customers, regardless of the size of their system, has a system administrator whose primary job is access control system maintenance. That one shining exception, however, is 1800 miles away from us, but because their system administrator understands the system, it sings. In the past six years they have never had a problem that we couldn't fix on the phone or by e-mail.

Consultants: How Much Do They Know?

Consultants … another bane of our existence. Don't get me wrong, before I get scalped let me say that not all consultants are bad. Before you take on a consultant, however, ask him (or her) how many access control systems he has installed. Not sold, not designed, but installed. In the early days of our business when we were still building it, I had my tool pouch on half the time and I know what it is like to have to beat my way through a firewall with a hammer drill and then sleeve it to get a cable from one place to another. More than that, I have trained most of our customers, and I know how long it takes to learn a system and how hard it is to keep a system up-to-date. Try to find out how much a consultant really knows about access control. One who has read all the manuals and knows all the buzzwords but who has not been in the trenches, so to speak, can get you in an awful lot of trouble.

Locking the Door Isn't Easy

Here's another gem of wisdom to try to save you trouble. It is my contention that access control is easy, it's locking the door that's hard. I am lucky in that before I came to my company I spent six years with a major locksmith company in Washington, D.C. and I have a good grounding in door hardware and electric locking devices. Specifying the wrong kind of electric locks can render the best access control system useless and, in some cases, can put you in violation of local fire codes.

If a door is locked with any kind of electric lock that restricts egress, such as an electromagnetic lock or solenoid deadbolt, then it falls under the jurisdiction of whatever local code authority called the AHJ (Authority Having Jurisdiction) that has responsibility for Life Safety. That varies widely from place to place. In some cases it's the Fire Marshal's office, other places the Building Department while in others it may be Code Enforcement. In any case, while the Life Safety Code (NFPA101) is usually the basic bible, every AHJ has local codes that supersede NFPA101. The local AHJ's interpretation of those codes is binding, in many cases arbitrary, in some capricious but in all cases final. Submitting your plans to the AHJ for prior approval is, in some cases, required but in most cases just a good idea.

Good News, Bad News

So, why should you invest in an access control system? Because with proper planning on your part and good installation by a qualified systems integrator, an access control system can be a valuable part of your security posture. With a properly maintained database, it can not only control the flow of employees, visitors and contractors to various parts of your facilities, it can give you the ability to instantly deny access to terminated personnel or contractors. It will provide you with an audit trail of who went where, when, and, if you learn to print the proper reports, it will provide valuable management information as to what's happening on your premises.

One of the problems is that access control systems have become so reliable that after a while they just become “part of the furniture.” They just work and work, and because it is time consuming to keep that database up-to-date and to delete all those old card history transactions from the hard drive, it becomes a case of “out of sight, out of mind.” If you are going to invest in a new access control system or upgrade an existing one, please do your homework. Sit down and think hard about what your security needs are now and what expansion you can expect. Also please think about what human resources you can devote to keeping your system in top shape. It is an absolute truth that the vast majority of trouble calls we get for card access systems are directly attributable to user error.

In my opinion, there has never been a computer program that was truly “user friendly.” Some, however, are easier to use than others. Do not be afraid to have that silver-tongued devil come in and do a whiz-bang system demonstration for you, but while it's going on, be a little pragmatic. Don't be overwhelmed with all the wonderful gee-whiz features. Ask yourself: How easy are they to understand and who's going to do it on a daily basis?

FOR THE RECORD

About The Author

Paul Freirich has been active in the security field since 1967, and has been with Protective Security Inc., Beltsville, Md., since 1973 (president since 1990). PSI is a systems integrator in the Washington, D.C. area.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

Aimetis Corp. Analog/IP Video Management Software

The Symphony integrated video management and analytics software platform from Aimetis Corp. integrates analog and IP cameras with a minimal learning curve for the user. The software is intuitive and easy to install and deploy, according to the supplier.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Popular Stories

Resources

Webinar

Mass Notification Systems

Join AC&SS and ADT as they discuss the crucial role of mass notification systems before, during, and after emergency situations.
March 26 at 2pm ET

Register Now!

Back to Top