03 / 10
Case file
Card, biometric, mobile-credential and visitor-management — Honeywell, HID, Matrix and Suprema — integrated with CCTV, intrusion and HR systems.
/ The discipline, in detail
How we approach access control.
Modern access control is a credential system, not a door system. We design the credential lifecycle — issue, suspend, audit — alongside the hardware. Cards give way to mobile credentials; biometrics handle controlled zones; visitor management screens contractors and meeting attendees with photo capture and pre-approval workflows.
On record
Every access control engagement is documented end-to-end — design, programming, commissioning, calibration — and handed over with the files our successors would need if we were never to return.
/ Three lenses on the same system
Read it the way you actually need it.
Three short readings of access control — for a non-engineer who needs the picture, an engineer who needs the spec, and a buyer who needs to see the system in operation.
/ In simple terms
Access control decides who can open which door at what time. The serious engineering question is what happens on a power cut: fail-safe doors unlock (so people can exit on a fire), fail-secure doors stay locked (so the perimeter does not open on a power outage). Every door in a serious building gets that decision made explicitly, written down, and signed by the fire-safety officer.
/ Technical explanation
An access-control system runs OSDP-connected readers (card / biometric / mobile-credential) into door-cluster controllers, with magnetic locks, electric strikes or motorised mortise locksets per the door's per-door fail-state classification. Fire-alarm release on egress paths is hardware-enforced; free-egress on every door is non-negotiable. CCTV event linking, visitor-management and time-and-attendance integration sit on the supervisory layer.
/ Real project usage
On the Tinsukia Medical College & Hospital deployment, 184 access-controlled doors carry a per-door fail-state classification — theatre doors fail-safe with manual override, drug stores and pharmacy fail-secure with REX, corridor doors on egress paths fail-safe and released on the fire-alarm matrix, records and medical-records archives fail-secure with separate egress on a secondary door. The classification is in the as-built, the AMC log and the fire-safety officer's signed schedule.
/ System architecture
The layers, named.
Every layer below is engineered as one piece of the integrated stack. Each carries its own commissioning artefact and its own AMC inclusion.
- 01
Access controllers at the door cluster — typically 1 controller per 4–8 doors, mounted in a secure enclosure within the building's IT closet or near the door cluster.
- 02
Readers at the door — card, biometric (fingerprint, face, palm-vein), mobile-credential. Reader-controller link is OSDP (Open Supervised Device Protocol) for secure deployments, Wiegand for legacy retrofits.
- 03
Lock hardware — magnetic locks (fail-safe), electric strikes (fail-safe or fail-secure per door classification), motorised mortise locksets (typically fail-secure), with the per-door classification recorded in the door schedule and the as-built.
- 04
Free-egress hardware — request-to-exit button, passive infrared, mechanical handle release on the inside of every access-controlled door, regardless of fail-state.
- 05
Server and database — the access-control management software hosts the credential database, the door schedule, the time-and-attendance integration where applicable, and the audit log. Workstation interfaces in the security control room and at nominated operations desks.
/ Design considerations
The decisions we take early.
- Per-door fail-state classification — fail-safe on egress paths and fire-alarm-released doors; fail-secure on perimeter and high-security rooms. Recorded in the door schedule, the access-control configuration and the fire-safety as-built, signed by the fire-safety officer.
- Free-egress is non-negotiable on every door, regardless of fail-state. Tested on every commissioning and on every quarterly AMC visit.
- Reader-credential mapping — the credential type (card / biometric / mobile) chosen per-door against the access frequency and the security-grade. Drug stores, blood-bank, theatres typically biometric; common doors typically card.
- Schedule and access-group structure — the access-group hierarchy mapped against the building's actual operational rota, not the org chart, so the access reaches the on-duty shift.
- Audit log retention — sized against the building's audit and incident-investigation timelines, typically 1 year for clinical, 3 years for regulated, 90 days for general commercial.
/ Integration logic
How it talks to the rest.
- Fire-alarm release — every door on the fire-alarm matrix's release list must be fail-safe in hardware. The release is via a relay output from the fire-alarm panel that interrupts the lock's power.
- CCTV event linking — every door event (granted, denied, forced, held-open) is timestamp-linked to the camera covering the door, with synchronised video replay in the VMS.
- Visitor-management — visitor credentials issued through the access-control system with auto-expiry, with the visit recorded in the audit log.
- Time-and-attendance — for office and educational deployments, access events feed the time-and-attendance system through a published API.
/ Failure scenarios
What goes wrong, in practice.
- Fail-state mismatch — door specified fail-safe in access-control but installed with fail-secure electric strike. Mitigated by per-door fail-state reconciliation on commissioning and on every quarterly AMC visit.
- Free-egress hardware failure — the REX or PIR fails, leaving the door's interior unable to release on legitimate egress. Caught only by quarterly free-egress testing on every door.
- Reader-credential database drift — credentials added but not removed when employees leave, or biometric templates expired. Mitigated by quarterly credential-database audit against the active personnel list.
- Wiegand security weakness on legacy retrofits — Wiegand is not encrypted and is vulnerable to skimming. Mitigated by OSDP migration on any new install or major upgrade.
- Backup-power failure on access controllers — controllers carry a battery for fail-state preservation; battery degradation produces unpredictable door behaviour on power loss. Mitigated by quarterly controller battery testing.
/ Maintenance expectations
What the AMC actually delivers.
- Quarterly free-egress test on every access-controlled door, with signed test record.
- Quarterly fail-state reconciliation against the access-control configuration and the fire-safety as-built.
- Quarterly credential-database audit against the active personnel list — credentials for departed employees removed, expired biometric templates re-enrolled.
- Annual reader-and-controller firmware update calendar with offline configuration baseline.
- Spares — controllers, reader heads, magnetic locks, electric strikes (both fail-states), REX buttons, sized against the manufacturer's MTBF data.
/ Where we deploy this
Active across 6 sectors.
Access Control is rarely a standalone brief — it sits inside a wider sector practice with its own codes, expectations and operating rhythm.
Hospitality
Guest experience, engineered.
Commercial & Corporate
Workplaces that begin meetings on time.
Education & Institutions
Schools, colleges and universities.
Healthcare
Hospitals where systems serve the patient.
Government & Public Safety
Mission-grade integration.
Industrial & Warehousing
Operations that don't take a day off.
/ Sister services
The rest of elv.
A serious brief usually crosses two or three of these. Read across the discipline — we deliver them as one contract.
- 01
Professional Audio & PA Systems
Intelligible, every seat in the house.
Public address, voice-evacuation and concert-grade audio for auditoriums, places of worship, stadia, transit hubs and event venues.0 - 02
CCTV & Surveillance
Coverage. Storage. Evidence.
IP video surveillance — Hikvision, Dahua, Axis, Bosch — designed to coverage, recording-bandwidth and retention specifications, with VMS and AI-analytics overlays.1 - 04
Fire Alarm System
Detection that pinpoints. Response that is coordinated.
Addressable fire detection and alarm — Honeywell, Bosch, Notifier and Siemens panels — integrated with PA, BMS, access control and emergency lighting per NBC, IS 2189 and NFPA 72.2 - 05
Fire Hydrant System
High-volume water, precisely where it's needed.
Wet- and dry-riser hydrant systems, jockey-and-main pump rooms, yard hydrants and four-way fire-brigade inlets — designed to NBC, IS 13039 and NFPA 14.3 - 06
X-Ray Baggage Scanners
Operator confidence, in seconds.
Dual-energy X-ray baggage and parcel scanners for airports, hotels, government buildings, courts, malls and corporate lobbies.4 - 07
Under Vehicle Surveillance (UVSS)
Full-chassis scan, the moment a vehicle arrives.
Embedded high-resolution UVSS with ANPR and driver-occupant cameras — a critical first line of defence at every vehicle entry point.5 - 08
Door-Frame Metal Detectors
Quick, unobtrusive, accurate.
Multi-zone DFMDs with adjustable sensitivity, pinpoint LED indicators and networked logging — for hotels, courts, places of worship, malls and government buildings.6 - 09
Boom Barriers & Motorised Gates
Controlled flow, every gate.
Boom barriers, sliding and swing gates, road blockers, bollards and turnstiles — integrated with ANPR, RFID and access control.7 - 10
Nurse Calling System
Patient request to nurse response. Documented.
IP-based nurse call systems with bedside, bathroom, code-blue and staff-presence stations, integrated with mobile and PA.8
/ Where this system has been deployed
Access Control on the ground.
The reference projects below carry a access control layer engineered as part of an integrated stack. Each case study walks through the engineering challenges that were solved, the standards the work was held to, and the operational outcome on the day-two team.
/ Integration with
How access control talks to the rest.
A serious deployment of this system rarely operates in isolation. The disciplines below most commonly share its cabling pathways, its controller logic, and its cause-and-effect matrix.
Fire Alarm System
Detection that pinpoints. Response that is coordinated.
Addressable fire detection and alarm — Honeywell, Bosch, Notifier and Siemens panels — integrated with PA, BMS, access control and emergency lighting per NBC, IS 2189 and NFPA 72.CCTV & Surveillance
Coverage. Storage. Evidence.
IP video surveillance — Hikvision, Dahua, Axis, Bosch — designed to coverage, recording-bandwidth and retention specifications, with VMS and AI-analytics overlays.Structured Cabling
Backbones rated for the next quarter-century.
Cat6A, OS2 and OM4/OM5 structured cabling — designed to TIA-568, terminated to manufacturer warranty and labelled to a documented patch schedule.
/ Read deeper
The engineering, in long form.
Each article below goes deeper than this service page can — a full walk-through of the engineering decisions, written by the team that delivers this work.
- ELV · 9 min
Fail-safe vs fail-secure access control: the choice that decides what happens on a power cut
Every access-controlled door in a serious building has to choose between fail-safe (unlocks on power failure) and fail-secure (stays locked on power failure). The choice is not a procurement preference — it is a regulated, life-safety decision driven by the door's role in egress and the room's role in occupancy. The framework we apply to every project.
Read article - ELV · 11 min
Eight ELV integration mistakes that survive into commissioning — and how to catch them earlier
ELV integration faults rarely surface in design review or installation — they survive into commissioning because the seam-level coordination is nobody's contractual responsibility. The eight failure modes we see most often, and the design-stage discipline that catches each one before it becomes a snag list at handover.
Read article
/ Frequently asked
Access Control — what buyers ask first.
Cards or biometric — which is better?
Use cards for general access (issue, revoke, replace cleanly) and biometric for controlled zones where presence-of-person matters; most premium deployments use both. Cards are operationally cleaner — issue, revoke, replace. Biometric is stronger for controlled zones (data centre, vault, server room) where presence-of-person matters. Most premium deployments use both: card for the building, biometric for sensitive interior zones.
RFID, biometric or mobile credential?
RFID cards are the universal default — cheap, fast, easy to revoke. Biometric (fingerprint or face) suits clinical zones, server rooms and any scenario where shared cards are a real problem. Mobile credentials (Bluetooth via HID Mobile, Apple Wallet, Google Wallet) are the rising default for premium offices and hospitality — no card to lose, easy to grant and revoke remotely.
How does access control integrate with HR onboarding?
Through the access-control system's directory integration — Active Directory, Azure AD, or HRIS. New hires automatically get appropriate door access on day one based on their department; departures lose access at the same minute their account is disabled. We configure these integrations as part of the deployment.
What's the right number of access zones for a typical office?
Coarse zoning works best in practice — 4–6 zones for most offices: building lobby, common floor, departmental floor, server room, executive suite, after-hours. Over-zoning creates a permission-management overhead that exhausts the IT team and makes the system actively useless. We design zoning around the realistic operational pattern.
Do we need access control on internal partition walls?
Usually no — most internal access control should be at the building entry, the floor lift-lobby and 2–3 sensitive interior doors (server room, finance, executive). Putting readers on every interior door creates friction without security gain; the threat model rarely justifies it.
Honeywell Pro-Watch, HID Mercury or Lenel OnGuard — which platform?
Honeywell Pro-Watch is our default for any project where access integrates with VMS — its CCTV pairing with Honeywell's MAXPRO VMS is best-in-class, and it suits regulated healthcare and government estates well. HID Mercury is the open-controller choice when you want platform independence at the panel — a Mercury panel runs under multiple head-end softwares and avoids vendor lock-in. Lenel OnGuard is excellent for very large enterprise where one head-end manages 500+ doors with full identity-management workflows. We deploy all three.
· Begin
Begin a
access control
brief.
Tell us about the building, the timeline, and what success looks like a year after handover. We will reply within two working days with a written response, not a sales pitch.