02 / 09
Case file
Card, biometric, mobile-credential and visitor-management — Honeywell, HID, Matrix and Suprema — integrated with CCTV, intrusion and HR systems.
How we approach it
Access that stays correct over time
Access control is only right while its rules reflect reality. We plan it to the building's needs and keep it aligned as people and doors change — without publishing how the site is secured.
- Planned to the building
- Door and rule intent is agreed against the drawings, with BOQ / scope alignment kept clear. Door schedules, credential and controller detail remain in the secured design set.
- Verified at handover
- Rules and hardware are tested and commissioned so the agreed scope behaves correctly on day one, with operating records handed over.
- Maintained as things change
- Joiners, leavers and re-planned spaces all move the goalposts; an AMC scope can include periodic reviews and corrective attention so access stays correct. Response targets are documented in the AMC scope.
/ The discipline, in detail
How we approach access control.
Modern access control is a credential system, not a door system. We design the credential lifecycle — issue, suspend, audit — alongside the hardware. Cards give way to mobile credentials; biometrics handle controlled zones; visitor management screens contractors and meeting attendees with photo capture and pre-approval workflows.
On record
Every access control engagement is documented end-to-end — design, programming, commissioning, calibration — and handed over with the files our successors would need if we were never to return.
/ Three lenses on the same system
Read it the way you actually need it.
Three short readings of access control — for a non-engineer who needs the picture, an engineer who needs the spec, and a buyer who needs to see the system in operation.
/ In simple terms
Access control decides who can open which door at what time. The serious engineering question is what happens on a power cut: fail-safe doors unlock (so people can exit on a fire), fail-secure doors stay locked (so the perimeter does not open on a power outage). Every door in a serious building gets that decision made explicitly, written down, and signed by the fire-safety officer.
/ Technical explanation
An access-control system runs OSDP-connected readers (card / biometric / mobile-credential) into door-cluster controllers, with magnetic locks, electric strikes or motorised mortise locksets per the door's per-door fail-state classification. Fire-alarm release on egress paths is hardware-enforced; free-egress on every door is non-negotiable. CCTV event linking, visitor-management and time-and-attendance integration sit on the supervisory layer.
/ Real project usage
On the Tinsukia Medical College & Hospital deployment, 184 access-controlled doors carry a per-door fail-state classification — theatre doors fail-safe with manual override, drug stores and pharmacy fail-secure with REX, corridor doors on egress paths fail-safe and released on the fire-alarm matrix, records and medical-records archives fail-secure with separate egress on a secondary door. The classification is in the as-built, the AMC log and the fire-safety officer's signed schedule.
/ System architecture
The layers, named.
Every layer below is engineered as one piece of the integrated stack. Each carries its own commissioning artefact and its own AMC inclusion.
- 01
Access controllers at the door cluster — typically 1 controller per 4–8 doors, mounted in a secure enclosure within the building's IT closet or near the door cluster.
- 02
Readers at the door — card, biometric (fingerprint, face, palm-vein), mobile-credential. Reader-controller link is OSDP (Open Supervised Device Protocol) for secure deployments, Wiegand for legacy retrofits.
- 03
Lock hardware — magnetic locks (fail-safe), electric strikes (fail-safe or fail-secure per door classification), motorised mortise locksets (typically fail-secure), with the per-door classification recorded in the door schedule and the as-built.
- 04
Free-egress hardware — request-to-exit button, passive infrared, mechanical handle release on the inside of every access-controlled door, regardless of fail-state.
- 05
Server and database — the access-control management software hosts the credential database, the door schedule, the time-and-attendance integration where applicable, and the audit log. Workstation interfaces in the security control room and at nominated operations desks.
/ Design considerations
The decisions we take early.
- Per-door fail-state classification — fail-safe on egress paths and fire-alarm-released doors; fail-secure on perimeter and high-security rooms. Recorded in the door schedule, the access-control configuration and the fire-safety as-built, signed by the fire-safety officer.
- Free-egress is non-negotiable on every door, regardless of fail-state. Tested on every commissioning and on every quarterly AMC visit.
- Reader-credential mapping — the credential type (card / biometric / mobile) chosen per-door against the access frequency and the security-grade. Drug stores, blood-bank, theatres typically biometric; common doors typically card.
- Schedule and access-group structure — the access-group hierarchy mapped against the building's actual operational rota, not the org chart, so the access reaches the on-duty shift.
- Audit log retention — sized against the building's audit and incident-investigation timelines, typically 1 year for clinical, 3 years for regulated, 90 days for general commercial.
/ Integration logic
How it talks to the rest.
- Fire-alarm release — every door on the fire-alarm matrix's release list must be fail-safe in hardware. The release is via a relay output from the fire-alarm panel that interrupts the lock's power.
- CCTV event linking — every door event (granted, denied, forced, held-open) is timestamp-linked to the camera covering the door, with synchronised video replay in the VMS.
- Visitor-management — visitor credentials issued through the access-control system with auto-expiry, with the visit recorded in the audit log.
- Time-and-attendance — for office and educational deployments, access events feed the time-and-attendance system through a published API.
/ Failure scenarios
What goes wrong, in practice.
- Fail-state mismatch — door specified fail-safe in access-control but installed with fail-secure electric strike. Mitigated by per-door fail-state reconciliation on commissioning and on every quarterly AMC visit.
- Free-egress hardware failure — the REX or PIR fails, leaving the door's interior unable to release on legitimate egress. Caught only by quarterly free-egress testing on every door.
- Reader-credential database drift — credentials added but not removed when employees leave, or biometric templates expired. Mitigated by quarterly credential-database audit against the active personnel list.
- Wiegand security weakness on legacy retrofits — Wiegand is not encrypted and is vulnerable to skimming. Mitigated by OSDP migration on any new install or major upgrade.
- Backup-power failure on access controllers — controllers carry a battery for fail-state preservation; battery degradation produces unpredictable door behaviour on power loss. Mitigated by quarterly controller battery testing.
/ Maintenance expectations
What the AMC actually delivers.
- Quarterly free-egress test on every access-controlled door, with signed test record.
- Quarterly fail-state reconciliation against the access-control configuration and the fire-safety as-built.
- Quarterly credential-database audit against the active personnel list — credentials for departed employees removed, expired biometric templates re-enrolled.
- Annual reader-and-controller firmware update calendar with offline configuration baseline.
- Spares — controllers, reader heads, magnetic locks, electric strikes (both fail-states), REX buttons, sized against the manufacturer's MTBF data.
/ Where we deploy this
Active across 7 sectors.
Access Control is rarely a standalone brief — it sits inside a wider sector practice with its own codes, expectations and operating rhythm.
Residential
The premium home, made quiet.
Hospitality
Guest experience, engineered.
Commercial & Corporate
Workplaces that begin meetings on time.
Education & Institutions
Schools, colleges and universities.
Healthcare
Hospitals where systems serve the patient.
Government & Public Safety
Mission-grade integration.
Industrial & Warehousing
Operations that don't take a day off.
/ Sister services
The rest of elv.
A serious brief usually crosses two or three of these. Read across the discipline — we deliver them as one contract.
- 01
CCTV & Surveillance
Coverage. Storage. Evidence.
IP video surveillance — Hikvision, Dahua, Axis, Bosch — designed to coverage, recording-bandwidth and retention specifications, with VMS and AI-analytics overlays.0 - 03
Fire Alarm System
Detection that pinpoints. Response that is coordinated.
Addressable fire detection and alarm — one of the three fire families (fire alarm, fire hydrant, fire extinguishers) — Honeywell, Bosch, Notifier and Siemens panels — integrated with PA, BMS, access control and emergency lighting to readiness per NBC, IS 2189 and NFPA 72, for consultant and AHJ review.1 - 04
Fire Hydrant System
High-volume water, precisely where it's needed.
Wet- and dry-riser hydrant systems — one of the three fire families (fire alarm, fire hydrant, fire extinguishers) — jockey-and-main pump rooms, yard hydrants and four-way fire-brigade inlets, engineered to readiness per NBC, IS 13039 and NFPA 14 for consultant and AHJ review.2 - 05
X-Ray Baggage Scanners
Operator confidence, in seconds.
Dual-energy X-ray baggage and parcel scanners for airports, hotels, government buildings, courts, malls and corporate lobbies.3 - 06
Under Vehicle Surveillance (UVSS)
Full-chassis scan, the moment a vehicle arrives.
Embedded high-resolution UVSS with ANPR and driver-occupant cameras — a critical first line of defence at every vehicle entry point.4 - 07
Door-Frame Metal Detectors
Quick, unobtrusive, accurate.
Multi-zone DFMDs with adjustable sensitivity, pinpoint LED indicators and networked logging — for hotels, courts, places of worship, malls and government buildings.5 - 08
Boom Barriers & Motorised Gates
Controlled flow, every gate.
Boom barriers, sliding and swing gates, road blockers, bollards and turnstiles — integrated with ANPR, RFID and access control.6 - 09
Nurse Calling System
Patient request to nurse response. Documented.
IP-based nurse call systems with bedside, bathroom, code-blue and staff-presence stations, integrated with mobile and PA.7
/ Where this system has been deployed
Access Control on the ground.
The reference projects below carry a access control layer engineered as part of an integrated stack. Each case study walks through the engineering challenges that were solved, the standards the work was held to, and the operational outcome on the day-two team.
Public project summaries describe systems and outcomes only — BOQ values, quantities, device counts and security layouts are kept off public surfaces.
Request a feasibility review/ Integration with
How access control talks to the rest.
A serious deployment of this system rarely operates in isolation. The disciplines below most commonly share its cabling pathways, its controller logic, and its cause-and-effect matrix.
Fire Alarm System
Detection that pinpoints. Response that is coordinated.
Addressable fire detection and alarm — one of the three fire families (fire alarm, fire hydrant, fire extinguishers) — Honeywell, Bosch, Notifier and Siemens panels — integrated with PA, BMS, access control and emergency lighting to readiness per NBC, IS 2189 and NFPA 72, for consultant and AHJ review.CCTV & Surveillance
Coverage. Storage. Evidence.
IP video surveillance — Hikvision, Dahua, Axis, Bosch — designed to coverage, recording-bandwidth and retention specifications, with VMS and AI-analytics overlays.Structured Cabling
Backbones rated for the next quarter-century.
Cat6A, OS2 and OM4/OM5 structured cabling — designed to TIA-568, terminated to manufacturer warranty and labelled to a documented patch schedule.
/ Read deeper
The engineering, in long form.
Each article below goes deeper than this service page can — a full walk-through of the engineering decisions, written by the team that delivers this work.
- ELV · 9 min
Fail-safe vs fail-secure access control: the choice that decides what happens on a power cut
Every access-controlled door in a serious building has to choose between fail-safe (unlocks on power failure) and fail-secure (stays locked on power failure). The choice is not a procurement preference — it is a regulated, life-safety decision driven by the door's role in egress and the room's role in occupancy. The framework we apply to every project.
Read article - ELV · 11 min
Eight ELV integration mistakes that survive into commissioning — and how to catch them earlier
ELV integration faults rarely surface in design review or installation — they survive into commissioning because the seam-level coordination is nobody's contractual responsibility. The eight failure modes we see most often, and the design-stage discipline that catches each one before it becomes a snag list at handover.
Read article
Engineering toolkit
Tools to scope this work
Calculators and reference checkers we use ourselves to sense-check the engineering before any drawings change hands.
- ELV · Surveillance · Storage
CCTV Storage Retention Calculator
Multi-brand, codec-aware CCTV storage retention sizing across Hikvision, Dahua, Axis, Hanwha, Bosch, Honeywell, CP Plus and Prama. Computes storage TB, HDD count plan, recorded bandwidth and an NVR/VMS class recommendation against camera count. Pairs with the CCTV Coverage Calculator.
8 brands · codec-awareOpen - ELV · Reference
ELV / Life-Safety Building Map
Interactive cross-section of a building. Toggle between CCTV, access control, fire, PA, IP-PBX, server room and BMS — see device locations and where each cabling backbone lands.
7 layers · cross-sectionOpen - Life-safety · 28 states + 8 UTs
NBC Fire-Safety by State
State or union territory, building height and occupancy in — list of sprinkler, addressable FA, voice-evac PA, wet-riser and Fire-NOC triggers out, with explicit source-status tiering across all 28 Indian states and 8 union territories.
NBC 2016 · state ruleOpen
/ Engineering concepts
Related engineering concepts
Concept
Fire Cause-and-Effect Matrix
A written specification that documents what each life-safety event triggers across the connected systems — lift recall, magnetic door release, PA announcement, AHU damper close, CCTV pre-record, access evacuation mode.
Concept
Honeywell Building & Security Ecosystem
Honeywell BMS (Niagara framework), Pro-Watch access control and addressable fire-alarm — used as the supervisory and life-safety backbone for premium commercial and hospitality buildings.
Concept
ELV Cabling Backbone
The unified low-voltage cable plant carrying fire, CCTV, access, PA, IP-PBX, BMS and structured data across a building — coordinated as one cause-and-effect pathway rather than per-discipline runs.
Concept
Corporate Office Archetype
Multi-floor corporate fit-out — boardroom AV, addressable fire-alarm with PA voice-evac, access control, BMS, Wi-Fi 7 backbone and structured cabling on Cat6A as a single coordinated scope.
/ Used alongside
Commonly deployed alongside
Service
Fire Alarm System
Detection that pinpoints. Response that is coordinated.
Service
CCTV & Surveillance
Coverage. Storage. Evidence.
Sector
Commercial & Corporate
Workplaces that begin meetings on time.
Sector
Hospitality
Guest experience, engineered.
Service
IT & Networking
Wires the building's nervous system.
Sector
Healthcare
Hospitals where systems serve the patient.
/ Plan it right
Access Control — getting the brief right.
Common mistakes to avoid
- Designing access without a fail-safe / fail-secure decision per door agreed against the fire strategy — lawful egress must always win.
- Forgetting that controlled doors need coordinated hardware (locks, strikes, closers, request-to-exit, break-glass) agreed with the architect.
- Treating access as a standalone island instead of integrating it with CCTV, fire release and visitor management.
- Under-planning the credential lifecycle — issuing, revoking and auditing cards or biometrics across the building's life.
- Skipping anti-passback, interlocks and muster reporting where the site's security policy genuinely needs them.
What to share before a quotation
- A door schedule listing each controlled opening and its required behaviour (in / out, free egress, interlock).
- Who administers access, and how credentials are issued and revoked.
- Integration scope — CCTV, fire release, lifts, visitor / contractor management.
- Any compliance, audit or muster-reporting requirement.
- Existing door hardware and whether it stays or is replaced.
/ Frequently asked
Access Control — what buyers ask first.
Cards or biometric — which is better?
Use cards for general access (issue, revoke, replace cleanly) and biometric for controlled zones where presence-of-person matters; most premium deployments use both. Cards are operationally cleaner — issue, revoke, replace. Biometric is stronger for controlled zones (data centre, vault, server room) where presence-of-person matters. Most premium deployments use both: card for the building, biometric for sensitive interior zones.
RFID, biometric or mobile credential?
RFID cards are the universal default — cheap, fast, easy to revoke. Biometric (fingerprint or face) suits clinical zones, server rooms and any scenario where shared cards are a real problem. Mobile credentials (Bluetooth via HID Mobile, Apple Wallet, Google Wallet) are the rising default for premium offices and hospitality — no card to lose, easy to grant and revoke remotely.
How does access control integrate with HR onboarding?
Through the access-control system's directory integration — Active Directory, Azure AD, or HRIS. New hires automatically get appropriate door access on day one based on their department; departures lose access at the same minute their account is disabled. We configure these integrations as part of the deployment.
What's the right number of access zones for a typical office?
Coarse zoning works best in practice — 4–6 zones for most offices: building lobby, common floor, departmental floor, server room, executive suite, after-hours. Over-zoning creates a permission-management overhead that exhausts the IT team and makes the system actively useless. We design zoning around the realistic operational pattern.
Do we need access control on internal partition walls?
Usually no — most internal access control should be at the building entry, the floor lift-lobby and 2–3 sensitive interior doors (server room, finance, executive). Putting readers on every interior door creates friction without security gain; the threat model rarely justifies it.
Honeywell Pro-Watch, HID Mercury or Lenel OnGuard — which platform?
Honeywell Pro-Watch is our default for any project where access integrates with VMS — its CCTV pairing with Honeywell's MAXPRO VMS is purpose-built for tight cause-and-effect, and it suits regulated healthcare and government estates well. HID Mercury is the open-controller choice when you want platform independence at the panel — a Mercury panel runs under multiple head-end softwares and avoids vendor lock-in. Lenel OnGuard is excellent for very large enterprise where one head-end manages 500+ doors with full identity-management workflows. We deploy all three.
· Begin
Begin a
access control
brief.
Tell us about the building, the timeline, and what success looks like a year after handover. We will reply within two working days with a written response, not a sales pitch.