Printer Friendly

Access by design.


DESIGNING ACCESS CONTROL systems for new facilities is a complex task that requires the architect/engineer (A/E) and the security professional to work together as a team. The A/E is responsible for designing and implementing facilities and systems to meet the security needs unique to each industry and building. The security manager, on the other hand, must work with the A/E from the start to ensure that the design is tailored to individual facility requirements.

When security and access control come as an afterthought, the results are nearly always disappointing. All too often, however, that is exactly what happens. Introducing security considerations when a facility is merely on the drawing board may already be too late in the design process. Once design has begun, it is a moving train. It is difficult, if not impossible, to apply security and access control concepts late in the design process without costly redesign.

When access control is required, the security manager should become involved with the architect from the beginning of the design process. This article is intended to help security professionals better understand that process.

Buildings, like people, have personalities. To be used efficiently, a building must be designed with its ultimate purpose in mind. When beginning a building's design, architects develop functional flow diagrams in much the same way as electronics engineers design circuits--with functionality as a primary consideration.

Indeed, one of the first stages of the A/E's design process involves preparing a list of specific functions to be performed in the new building. These functions affect every aspect of the facility design, from the overall size and configuration of the building to the selection of materials and systems.

In the preliminary phases of design, the A/E identifies the relationships between the different building functions. For example, the building may require space for receiving, shipping, administration, design, and manufacturing. A typical relationship between these functions appears in Exhibit 1.

By participating in this development process, the security manager is better able to understand the flow of work, materials, and people through the building. With this understanding, the application of access control is more likely to be successful.

THE ULTIMATE GOAL of the design process is to provide exactly the right amount of access control to the facility. To ensure a functional system, the security manager and A/E should take the following steps very early in the design process:

Determine which assets are most critical to the operation. Then define which is those assets will be located in each functional area of the building. A sequence of security-related steps is necessary to plan for an access control system. The most basic step is asset definition. Working together with the architect, the security manager should be able to define critical assets and determine their location in each of the building's functional areas. The security manager can then work with the A/E to arrange the functional areas in a way that best accommodates the requirements for access control.

Define the number of unique access levels to be provided. Ideally, access control is applied in layers -- much like the layers of an onion. At the outer layer, all employees require access, so the screening required may be to distinguish employees from nonemployees. Moving through the inner layers, fewer and fewer employees require access to critical assets in the center of the building, so the screening process must differentiate these employees from the rest.

One way to determine the right number of access levels is to list all critical assets and assign a priority level to each. It is useful to think of priority levels as using degrees of identity testing with increasing reliability. For example, level-one assets may require only one test before access is granted, level two might require two tests, level three might requrie three tests, and so on. Obviously, passage through a portal -- an entry point where access is controlled -- requiring three identity tests ensures a higher degree of security than a portal requiring one test.

Different assets may be assigned the same priority and even use the same access control methods. However, the access control system can still differentiate between individuals approved for entry into various asset areas. This differentiation can be accomplished with computerized codes in the access control data base. Several level-two assets may be located throughout the building, each requiring two identity tests. However, tailored data base codes can make it possible for the system to accept a person into one level-two asset area and not into another level-two asset area. For most low to medium security applications, one or two unique access levels are sufficient. For high security applications, a third level may be required.

Arrange the building to accommodate the onion theory. At this point, the A/E and security manager must communicate, negotiate, and often compromise. The ideal building layout from the security manager's viewpoint may not be feasible from an architectural or engineering viewpoint. On the other hand, careful coordination may make it possible to accomplish most of the needs of the security manager while preserving the overall functionality of the building.

The key is to ensure that sections of the building where the most critical assets are located can be segregated from areas that contain less critical assets. Ideally, the most critical assets should be within nested rings, as shown in Exhibit 2.

Define the types of screening to be performed at each access level. Since the outer layer in the access control system is where the greatest number of employees is normally screened, the throughput rate (the number of persons who can pass through the portal in a stated amount of time) is critical. Using a slow process or having an insufficient number of portals can produce a long waiting line unless tailgating is allowed. Long waiting times can harm the functionality of the building. Most facilities choose to apply only one test at the outer layer. The most common device for this application is the coded reader, or card access system.

Higher access levels located farther inward usually have fewer persons authorized for access. Therefore, a second test can be added without affecting functionality. A word of caution: Having to pass a second test will definitely slow down people's passage through the portal. The following is a commonly used approach:

* Level-one portals--card reader only

* Level-two portals--card reader plus personal identification number (PIN) keypad

* Level-three portals--card reader plus PIN keypad plus biometric device.

THE ARCHITECTURAL AND ENGIneering design process is a structured system for planning facilities. Several steps separate the development of requirements and the finished design. These steps can be summarized as follows:

Requirements definition. The requirements definition phase consists of producing a document that describes (in words) the desired functional characteristics of the building. The document should also contain any restrictions to be applied to the design process, such as standards for the handicapped and, of course, security requirements.

Conceptual design. In this phase, functional areas are defined, and flow diagrams are developed to indicate the relationships between functional areas. Conceptual sketches are developed to show potential building layouts. The documentation contains little detail at this point. The purpose is merely to get management to agree to a concept before the A/E proceeds to develop details. Failure to get such agreement could result in costly changes once detailed design is underway because there will be much more documentation to revise.

It is during the conceptual design that specific security measures and area prioritization (based on assets) can begin, since both layout and area locations are addressed. This procedure is typically known as compartmentalization.

Preliminary design. Some elements of the final building design have to be completed before others. Examples are the sizing of electrical power distribution equipment, air-conditioning systems, and special manufacturing equipment. The physical size of these items must be known early to allow sufficient space even though they will not be placed on drawings until later.

Access control portals should also be identified on the preliminary building layout plans. It is necessary to know at this stage whether the personnel traffic flow through the building will be accommodated by the access control system. The adequacy of throughput can be verified by a mathematical model. Computer simulation programs enable the architect to simulate the time necessary for the badge to be read, the PIN to be entered, a biometric test to be passed, the information to be passed to a host computer, and a response to be made. To simulate the actual experience closely, these simulation programs can allow for rejections and improperly entered data.

In high security applications where tailgating is not allowed, at certain times during the workday traffic may back up or queue at a portal because each employee must wait until the previous employee has passed through. Simulation programs allow the architect to input various access control devices (each having a particular time value) or change the number of portals until the queueing and traffic flow are satisfactory. By simulating various candidate sets of equipment, the parties can reach an agreement on the types of access control devices to be used as well as the location and number of portals required to accommodate the expected traffic.

Final design. When the preliminary design is completed, management should meet with the design team to review formally the building layout, the functional flow, and the calculations that support the preliminary design. A critical calculation from the viewpoint of the security manager is the traffic flow analysis.

Once all have agreed that the preliminary design satisfies the building's functional requirements and the design is headed in the right direction, final design can proceed. Final design incorporates any comments from management and builds on the preliminary design, adding more detail. The final design documentation constitutes a detailed construction package suitable to use for bid purposes.

Since access control methods have been determined during conceptual design, the actual type and placement of security devices can be finalized during detailed engineering. Drawings that illustrate security devices can be made and specifications that detail performance criteria or name actual equipment can be produced.

A number of security design considerations merit special analysis. One is the challenge of designing particularly large facilities in which a very large work force must be processed in a short period. A large, multiple shift, industrial facility is an example. This problem is compounded further if at the same time an open campus atmosphere is required.

A compromise in many facilities today is the use of a dedicated entry control facility. This separate structure is located on the perimeter boundary some distance from the main plant. At the entry control facility large numbers of employees and visitors can be screened by the access control system quickly.

The advantages of this concept are many. The entry control facility can accommodate multiple traffic lanes and even allow for opposing directions of traffic--especially important in multiple shift operations. Placing the entry control facility away from the main plant also preserves the campus atmosphere inside the perimeter boundary. Moreover, the building or plant does not have to clutter its appearance with access control portals at its outer shell.

The following is a procedure for setting up a traffic flow model to establish design criteria for the entry control facility:

* Define the number of persons who will enter and exit the area in each 15-minute interval during the 24-hour period each day.

* Define visitor control and escort procedures.

* Define the maximum allowable average time for each person to pass into the secure area.

* Define the types of equipment to be considered, such as metal detectors, explosive detectors, X-ray machines, card readers, digital keypads, biometric devices (hand geometry, retinal scan, etc.), and turnstiles.

* Define the walking time necessary to arrive at each device in the accesslane.

* Define the processing time, expected failure rate, and expected false reject rate of each item of screening equipment. This data can be obtained from the manufacturer or an independent test laboratory.

* Define the percentage of personnel who will be carrying packages, the procedure for inspction (5 percent inspection, 50 percent inspection, etc.), and the average time to inspect.

* Define the device configuration of each lane.

* Define the maximum number of attempts allowed before the system rejects the person altogether.

By trying various sets of model paramenters (device types, number of lanes, and the order of devices), the optimum sequence of events for entry and exit can be developed. Using model-generated data, the architect and security manager can have management approve the concept and can then make the concept a part of the design criteria for the entry control facility.

This somewhat complicated procedure can be simplified by the use of a process simulation program; such programs can be purchased off the shelf from software dealers. The A/E should be familiar with some of these programs and, if requested, be able to provide the software tools and perform the simulation.

A special design challenge is the building that requires a high level of security but that also has a considerable level of community visibility or is architecturally significant. Examples would be airport terminals, museums, corporate headquarters, and research and development facilities. In these cases, the security manager and the architect must work especially hard to balance security and aesthetics. These situations call for very early involvement of the security manager and close coordination among the A/E, security manager, and specialized design consultants. The coordination must continue through design and construction to ensure that security measures complement--rather than conflict with--design elements.

Security is becoming increasingly important in all types of facilities, and security technology is reaching higher levels of sophistication. Thus, the relationship between the design A/E and the security manager is becoming ever more important. The integration of security and access control methods with building systems and components must be an evolutionary process that begins--most appropriately--at the beginning.

About the Authors . . . Larry J. Rogers, CPP, and James Fort, CPP, are project engineers in the spartanburg, SC, office of Lockwood Greene Engineers. They have extensive experience in security design for both government and private-sector clients, and they are members of ASIS.
COPYRIGHT 1989 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:planning security systems
Author:Rogers, Larry J.; Fort, James
Publication:Security Management
Date:Jul 1, 1989
Previous Article:Biometrics: security at the touch of a finger.
Next Article:Management training: today and tomorrow.

Related Articles
A gallery of security.
System selection and set up.
A comprehensive approach to workplace safety.
Project planning.
Caterpillar creates a new security landscape.
Facility design that facilitates security.
Coast to coast security.
Freedom Tower security to be overhauled.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters