02 / 19
Case file
Card, biometric, mobile-credential and visitor-management — Honeywell, HID, Matrix and Suprema — integrated with CCTV, intrusion and HR systems.

| Requirement | Door-only approach | Engineered approach |
|---|---|---|
| Egress safety | Locking logic decided per door on site | Fail-safe / fail-secure agreed against the fire strategy so lawful egress wins |
| Credentials | Cards issued and forgotten | A managed lifecycle — issue, suspend, audit — across the building's life |
| Integration | A standalone island | Tied to CCTV, fire release, lifts and visitor management |
Educational comparison of design rigour — not a statement about any specific installer.
How we approach it
Access that stays correct over time
Access control is only right while its rules reflect reality. We plan it to the building's needs and keep it aligned as people and doors change — without publishing how the site is secured.
- Planned to the building
- Door and rule intent is agreed against the drawings, with BOQ / scope alignment kept clear. Door schedules, credential and controller detail remain in the secured design set.
- Verified at handover
- Rules and hardware are tested and commissioned so the agreed scope behaves correctly on day one, with operating records handed over.
- Maintained as things change
- Joiners, leavers and re-planned spaces all move the goalposts; an AMC scope can include periodic reviews and corrective attention so access stays correct. Response targets are documented in the AMC scope.
/ The discipline, in detail
How we approach access control.
Modern access control is a credential system, not a door system. We design the credential lifecycle — issue, suspend, audit — alongside the hardware. Cards give way to mobile credentials; biometrics handle controlled zones; visitor management screens contractors and meeting attendees with photo capture and pre-approval workflows.
On record
Every access control engagement is documented end-to-end — design, programming, commissioning, calibration — and handed over with the files our successors would need if we were never to return.
/ Three lenses on the same system
Read it the way you actually need it.
Three short readings of access control — for a non-engineer who needs the picture, an engineer who needs the spec, and a buyer who needs to see the system in operation.
/ In simple terms
Access control decides who can open which door at what time. The serious engineering question is what happens on a power cut: fail-safe doors unlock (so people can exit on a fire), fail-secure doors stay locked (so the perimeter does not open on a power outage). Every door in a serious building gets that decision made explicitly, written down, and signed by the fire-safety officer.
/ Technical explanation
An access-control system runs OSDP-connected readers (card / biometric / mobile-credential) into door-cluster controllers, with magnetic locks, electric strikes or motorised mortise locksets per the door's per-door fail-state classification. Fire-alarm release on egress paths is hardware-enforced; free-egress on every door is non-negotiable. CCTV event linking, visitor-management and time-and-attendance integration sit on the supervisory layer.
/ Real project usage
On the Tinsukia Medical College & Hospital deployment, 184 access-controlled doors carry a per-door fail-state classification — theatre doors fail-safe with manual override, drug stores and pharmacy fail-secure with REX, corridor doors on egress paths fail-safe and released on the fire-alarm matrix, records and medical-records archives fail-secure with separate egress on a secondary door. The classification is in the as-built, the AMC log and the fire-safety officer's signed schedule.
/ System architecture
The layers, named.
Every layer below is engineered as one piece of the integrated stack. Each carries its own commissioning artefact and its own AMC inclusion.
- 01
Access controllers at the door cluster — typically 1 controller per 4–8 doors, mounted in a secure enclosure within the building's IT closet or near the door cluster.
- 02
Readers at the door — card, biometric (fingerprint, face, palm-vein), mobile-credential. Reader-controller link is OSDP (Open Supervised Device Protocol) for secure deployments, Wiegand for legacy retrofits.
- 03
Lock hardware — magnetic locks (fail-safe), electric strikes (fail-safe or fail-secure per door classification), motorised mortise locksets (typically fail-secure), with the per-door classification recorded in the door schedule and the as-built.
- 04
Free-egress hardware — request-to-exit button, passive infrared, mechanical handle release on the inside of every access-controlled door, regardless of fail-state.
- 05
Server and database — the access-control management software hosts the credential database, the door schedule, the time-and-attendance integration where applicable, and the audit log. Workstation interfaces in the security control room and at nominated operations desks.
/ Design considerations
The decisions we take early.
- Per-door fail-state classification — fail-safe on egress paths and fire-alarm-released doors; fail-secure on perimeter and high-security rooms. Recorded in the door schedule, the access-control configuration and the fire-safety as-built, signed by the fire-safety officer.
- Free-egress is non-negotiable on every door, regardless of fail-state. Tested on every commissioning and on every quarterly AMC visit.
- Reader-credential mapping — the credential type (card / biometric / mobile) chosen per-door against the access frequency and the security-grade. Drug stores, blood-bank, theatres typically biometric; common doors typically card.
- Schedule and access-group structure — the access-group hierarchy mapped against the building's actual operational rota, not the org chart, so the access reaches the on-duty shift.
- Audit log retention — sized against the building's audit and incident-investigation timelines, typically 1 year for clinical, 3 years for regulated, 90 days for general commercial.
/ Integration logic
How it talks to the rest.
- Fire-alarm release — every door on the fire-alarm matrix's release list must be fail-safe in hardware. The release is via a relay output from the fire-alarm panel that interrupts the lock's power.
- CCTV event linking — every door event (granted, denied, forced, held-open) is timestamp-linked to the camera covering the door, with synchronised video replay in the VMS.
- Visitor-management — visitor credentials issued through the access-control system with auto-expiry, with the visit recorded in the audit log.
- Time-and-attendance — for office and educational deployments, access events feed the time-and-attendance system through a published API.
/ Failure scenarios
What goes wrong, in practice.
- Fail-state mismatch — door specified fail-safe in access-control but installed with fail-secure electric strike. Mitigated by per-door fail-state reconciliation on commissioning and on every quarterly AMC visit.
- Free-egress hardware failure — the REX or PIR fails, leaving the door's interior unable to release on legitimate egress. Caught only by quarterly free-egress testing on every door.
- Reader-credential database drift — credentials added but not removed when employees leave, or biometric templates expired. Mitigated by quarterly credential-database audit against the active personnel list.
- Wiegand security weakness on legacy retrofits — Wiegand is not encrypted and is vulnerable to skimming. Mitigated by OSDP migration on any new install or major upgrade.
- Backup-power failure on access controllers — controllers carry a battery for fail-state preservation; battery degradation produces unpredictable door behaviour on power loss. Mitigated by quarterly controller battery testing.
/ Maintenance expectations
What the AMC actually delivers.
- Quarterly free-egress test on every access-controlled door, with signed test record.
- Quarterly fail-state reconciliation against the access-control configuration and the fire-safety as-built.
- Quarterly credential-database audit against the active personnel list — credentials for departed employees removed, expired biometric templates re-enrolled.
- Annual reader-and-controller firmware update calendar with offline configuration baseline.
- Spares — controllers, reader heads, magnetic locks, electric strikes (both fail-states), REX buttons, sized against the manufacturer's MTBF data.
/ Where we deploy this
Active across 9 sectors.
Access Control is rarely a standalone brief — it sits inside a wider sector practice with its own codes, expectations and operating rhythm.
Residential
The premium home, made quiet.
Hospitality
Guest experience, engineered.
Commercial & Corporate
Workplaces that begin meetings on time.
Education & Institutions
Schools, colleges and universities.
Healthcare
Hospitals where systems serve the patient.
Government & Public Safety
Mission-grade integration.
Retail & Malls
Footfall, loyalty, footprint.
Restaurants, Bars & Clubs
The room. The night. The sound.
Industrial & Warehousing
Operations that don't take a day off.
/ Sister services
The rest of elv.
A serious brief usually crosses two or three of these. Read across the discipline — we deliver them as one contract.
- 01
CCTV & Surveillance
Coverage. Storage. Evidence.
IP video surveillance — Hikvision, Dahua, Axis, Bosch — designed to coverage, recording-bandwidth and retention specifications, with VMS and AI-analytics overlays.0 - 03
Fire Alarm System
Detection that pinpoints. Response that is coordinated.
Addressable and conventional fire detection and alarm — one of the three fire families (fire alarm, fire hydrant, fire extinguishers) — Honeywell, Bosch, Notifier and Siemens panels — integrated with PA, BMS, access control and emergency lighting to readiness per NBC, IS 2189 and NFPA 72, for consultant and AHJ review.1 - 04
Fire Hydrant System
High-volume water, precisely where it's needed.
Wet- and dry-riser hydrant systems — one of the three fire families (fire alarm, fire hydrant, fire extinguishers) — jockey-and-main pump rooms, yard hydrants and four-way fire-brigade inlets, engineered to readiness per NBC, IS 13039 and NFPA 14 for consultant and AHJ review.2 - 05
X-Ray Baggage Scanners
Operator confidence, in seconds.
Dual-energy X-ray baggage and parcel scanners for airports, hotels, government buildings, courts, malls and corporate lobbies.3 - 06
Under Vehicle Surveillance (UVSS)
Full-chassis scan, the moment a vehicle arrives.
Embedded high-resolution UVSS with ANPR and driver-occupant cameras — a critical first line of defence at every vehicle entry point.4 - 07
Door-Frame Metal Detectors
Quick, unobtrusive, accurate.
Multi-zone DFMDs with adjustable sensitivity, pinpoint LED indicators and networked logging — for hotels, courts, places of worship, malls and government buildings.5 - 08
Boom Barriers & Motorised Gates
Controlled flow, every gate.
Boom barriers, sliding and swing gates, road blockers, bollards and turnstiles — integrated with ANPR, RFID and access control.6 - 09
Nurse Calling System
Patient request to nurse response. Documented.
IP-based nurse call systems with bedside, bathroom, code-blue and staff-presence stations, integrated with mobile and PA.7 - 10
Gas Suppression System
Fire put out without water touching the equipment.
Clean-agent and inert-gas fire suppression — the clean agent flooding system of consultant schedules — FM-200/HFC-227ea, fluoroketone-class NOVEC 1230, CO2 and inert-gas systems — for server rooms, data centres, archives, electrical and panel rooms and other spaces where water would do as much damage as the fire, engineered to readiness per NBC, relevant IS codes and NFPA 2001/12 for consultant and AHJ review.8 - 11
Fire Sprinkler System
Automatic water, only where the heat is.
Automatic water sprinkler systems — wet, dry, pre-action and deluge — engineered to readiness per NBC, relevant IS codes and NFPA 13, and coordinated with the fire-hydrant and fire-alarm systems for consultant and AHJ review.9 - 12
Emergency Lighting & Egress Signage
A lit, legible path out when the mains go dark.
Emergency and egress lighting with photoluminescent exit and wayfinding signage — self-test luminaires, central-battery systems and IS-compliant signage — designed so occupants can find and follow a marked route to a final exit when normal power fails, engineered to readiness per NBC and relevant IS codes for consultant and AHJ review.10 - 13
Fire Doors & Fire-Rated Shutters
The fire held at the doorway.
Fire-rated doorsets and rolling shutters — passive fire protection at compartment lines, staircases and service openings — with frames, closers, panic hardware and magnetic hold-open release coordinated with the fire alarm and the escape plan, supplied and installed where project-fit.11 - 14
Fire Extinguishers & Fire-Protection Goods
First response, within arm's reach.
Portable fire extinguishers — one of the three fire families (fire alarm, fire hydrant, fire extinguishers) — ABC dry powder, CO2, clean-agent, foam and water classes, with site-assessed placement, mounting, signage, refilling and AMC, along with related fire-protection goods and accessories.12 - 15
Automatic Tube Fire Detection & Suppression
Suppression born inside the cabinet.
Automatic Linear Pneumatic Tube Detection systems — enclosure-level fire detection and suppression for electrical panels, server and network racks, battery enclosures and machine cabinets — operating standalone without external power, in direct- and indirect-discharge configurations.13 - 16
Intrusion Detection & Alarm
Know the moment a boundary is crossed.
Intrusion and perimeter detection — door/window contacts, dual-tech motion sensors, glass-break, vibration and fence sensors, panic and alarm panels with app and central-station-ready monitoring — integrated with CCTV and access control.14 - 17
Intercom & Video Door Phone
See who's there before you open the door.
Intercom and video door phone (VDP) door-entry — audio and video door stations, indoor monitors, IP and 2-wire systems, lift and lobby intercom, apartment and villa door-entry — integrated with access control and mobile answer.15 - 18
Facial Recognition System
Recognised at the door. Logged, with consent.
AI face-recognition for access, attendance and surveillance — face-based entry, watchlist and VIP/denied-entry alerts — integrated with CCTV and access control on a consent-aware, privacy-respecting deployment.16 - 19
ANPR & Number-Plate Recognition
The plate decides the barrier.
Automatic number-plate recognition for gate automation, parking and visitor logging — plate-read cameras with watchlist alerts, integrated with boom barriers and access control.17
/ Where this system has been deployed
Access Control on the ground.
The reference projects below carry a access control layer engineered as part of an integrated stack. Each case study walks through the engineering challenges that were solved, the standards the work was held to, and the operational outcome on the day-two team.
Public project summaries describe systems and outcomes only — BOQ values, quantities, device counts and security layouts are kept off public surfaces.
Request a feasibility review/ Integration with
How access control talks to the rest.
A serious deployment of this system rarely operates in isolation. The disciplines below most commonly share its cabling pathways, its controller logic, and its cause-and-effect matrix.
Fire Alarm System
Detection that pinpoints. Response that is coordinated.
Addressable and conventional fire detection and alarm — one of the three fire families (fire alarm, fire hydrant, fire extinguishers) — Honeywell, Bosch, Notifier and Siemens panels — integrated with PA, BMS, access control and emergency lighting to readiness per NBC, IS 2189 and NFPA 72, for consultant and AHJ review.CCTV & Surveillance
Coverage. Storage. Evidence.
IP video surveillance — Hikvision, Dahua, Axis, Bosch — designed to coverage, recording-bandwidth and retention specifications, with VMS and AI-analytics overlays.Structured Cabling
Backbones rated for the next quarter-century.
Cat6A, OS2 and OM4/OM5 structured cabling — designed to TIA-568, terminated to manufacturer warranty and labelled to a documented patch schedule.
/ Read deeper
The engineering, in long form.
Each article below goes deeper than this service page can — a full walk-through of the engineering decisions, written by the team that delivers this work.
- ELV · 9 min
Fail-safe vs fail-secure access control: the choice that decides what happens on a power cut
Every access-controlled door in a serious building has to choose between fail-safe (unlocks on power failure) and fail-secure (stays locked on power failure). The choice is not a procurement preference — it is a regulated, life-safety decision driven by the door's role in egress and the room's role in occupancy. The framework we apply to every project.
Read article - ELV · 11 min
Eight ELV integration mistakes that survive into commissioning — and how to catch them earlier
ELV integration faults rarely surface in design review or installation — they survive into commissioning because the seam-level coordination is nobody's contractual responsibility. The eight failure modes we see most often, and the design-stage discipline that catches each one before it becomes a snag list at handover.
Read article
Engineering toolkit
Tools to scope this work
Calculators and reference checkers we use ourselves to sense-check the engineering before any drawings change hands.
- ELV · Surveillance · Storage
CCTV Storage Retention Calculator
Multi-brand, codec-aware CCTV storage retention sizing across a verified, source-cited camera-profile catalogue including Hikvision, Dahua, Axis, Hanwha, Bosch, Honeywell, CP Plus, Ubiquiti, Verkada, Meraki, Avigilon, Pelco and more. Computes storage TB, HDD count plan, recorded bandwidth and an NVR/VMS class recommendation against camera count. Pairs with the CCTV Coverage Calculator.
50 brands · codec-awareOpen - Readiness
Access Control Readiness Checker
A readiness self-check before a door-access or attendance conversation — door-survey status, credential considerations, integrations, privacy-policy and operations readiness. No door counts, layouts or reader placement; statuses only.
Advisory · readinessOpen - Handover
System Handover Readiness Checker
Score a project's handover readiness across as-builts, test records, O&M manuals, warranties, spares, training, credential transfer and the AMC decision — and get the chase list to close the gaps. Statuses only; no credential capture.
Advisory · readinessOpen
/ Engineering concepts
Related engineering concepts
Concept
Fire Cause-and-Effect Matrix
A written specification that documents what each life-safety event triggers across the connected systems — lift recall, magnetic door release, PA announcement, AHU damper close, CCTV pre-record, access evacuation mode.
Concept
Honeywell Building & Security Ecosystem
Honeywell BMS (Niagara framework), Pro-Watch access control and addressable fire-alarm — used as the supervisory and life-safety backbone for premium commercial and hospitality buildings.
Concept
ELV Cabling Backbone
The unified low-voltage cable plant carrying fire, CCTV, access, PA, IP-PBX, BMS and structured data across a building — coordinated as one cause-and-effect pathway rather than per-discipline runs.
Concept
Corporate Office Archetype
Multi-floor corporate fit-out — boardroom AV, addressable fire-alarm with PA voice-evac, access control, BMS, Wi-Fi 7 backbone and structured cabling on Cat6A as a single coordinated scope.
/ Used alongside
Commonly deployed alongside
Service
Fire Alarm System
Detection that pinpoints. Response that is coordinated.
Service
CCTV & Surveillance
Coverage. Storage. Evidence.
Service
Enterprise Network Design & Installation
Wires the building's nervous system.
Sector
Hospitality
Guest experience, engineered.
Sector
Commercial & Corporate
Workplaces that begin meetings on time.
Sector
Healthcare
Hospitals where systems serve the patient.
/ Plan it right
Access Control — getting the brief right.
Common mistakes to avoid
- Designing access without a fail-safe / fail-secure decision per door agreed against the fire strategy — lawful egress must always win.
- Forgetting that controlled doors need coordinated hardware (locks, strikes, closers, request-to-exit, break-glass) agreed with the architect.
- Treating access as a standalone island instead of integrating it with CCTV, fire release and visitor management.
- Under-planning the credential lifecycle — issuing, revoking and auditing cards or biometrics across the building's life.
- Skipping anti-passback, interlocks and muster reporting where the site's security policy genuinely needs them.
What to share before a quotation
- A door schedule listing each controlled opening and its required behaviour (in / out, free egress, interlock).
- Who administers access, and how credentials are issued and revoked.
- Integration scope — CCTV, fire release, lifts, visitor / contractor management.
- Any compliance, audit or muster-reporting requirement.
- Existing door hardware and whether it stays or is replaced.
/ Frequently asked
Access Control — what buyers ask first.
Cards or biometric — which is better?
Use cards for general access — they are operationally cleaner to issue, revoke and replace — and biometric for controlled zones (data centre, vault, server room) where presence-of-person matters. Most premium deployments use both: card for the building, biometric for sensitive interior zones.
How do electronic guest-room locks integrate with the PMS and GRMS?
Hotel guest-room locks work off the property management system (PMS): a key — an RFID card or a mobile key on the guest's phone — is encoded at check-in for the assigned room and the stay dates, and it stops working at check-out without anyone visiting the door. The locks keep an offline audit of who opened each door and when, and they coordinate with the guest-room management system so an occupied or do-not-disturb room behaves correctly for housekeeping. We plan the locking, the reader network and the PMS interface together with the rest of the access-control and guest-room scope rather than as an isolated supply.
RFID, biometric or mobile credential?
RFID cards are the universal default — cheap, fast, easy to revoke. Biometric (fingerprint or face) suits clinical zones, server rooms and any scenario where shared cards are a real problem. Mobile credentials (Bluetooth via HID Mobile, Apple Wallet, Google Wallet) are the rising default for premium offices and hospitality — no card to lose, easy to grant and revoke remotely.
How does access control integrate with HR onboarding?
Through the access-control system's directory integration — Active Directory, Azure AD, or HRIS. New hires automatically get appropriate door access on day one based on their department; departures lose access at the same minute their account is disabled. We configure these integrations as part of the deployment.
What's the right number of access zones for a typical office?
Coarse zoning works best in practice — 4–6 zones for most offices: building lobby, common floor, departmental floor, server room, executive suite, after-hours. Over-zoning creates a permission-management overhead that exhausts the IT team and makes the system actively useless. We design zoning around the realistic operational pattern.
Do we need access control on internal partition walls?
Usually no — most internal access control should be at the building entry, the floor lift-lobby and 2–3 sensitive interior doors (server room, finance, executive). Putting readers on every interior door creates friction without security gain; the threat model rarely justifies it.
Honeywell Pro-Watch, HID Mercury or Lenel OnGuard — which platform?
Honeywell Pro-Watch is our default for any project where access integrates with VMS — its CCTV pairing with Honeywell's MAXPRO VMS is purpose-built for tight cause-and-effect, and it suits regulated healthcare and government estates well. HID Mercury is the open-controller choice when you want platform independence at the panel — a Mercury panel runs under multiple head-end softwares and avoids vendor lock-in. Lenel OnGuard is excellent for very large enterprise where one head-end manages 500+ doors with full identity-management workflows. We deploy all three.
· Begin
Begin a
access control
brief.
Tell us about the building, the timeline, and what success looks like a year after handover. We will reply within two working days with a written response, not a sales pitch.
