Contents
The Evolving Necessity of Commercial Access Control
Before diving into system types, it’s vital to understand the modern role of access control. It’s no longer just about locking a door; it’s about liability, efficiency, and data protection. In the UK, businesses are increasingly targeted not just by external threats, but also internal ones. According to the latest annual fraud indicator from the UK government, employee-related fraud and internal theft remain significant threats across all sectors, making robust internal controls paramount. For businesses operating in sectors like healthcare, where sensitive patient data is involved, or education, protecting both children and confidential records is a legal imperative.
A professionally installed system provides a crucial audit trail, helping businesses meet strict compliance standards, such as those related to GDPR and CCTV. Furthermore, advanced access control systems are often a prerequisite for obtaining favourable terms from commercial property insurers. We cover the varying types of systems in-depth in our essential guide on what are the 4 types of access control.
7 Types of Access Control
1. Stand Alone Access Control System
A standalone system is by far the simplest and most cost-effective means of controlling access to the premises. All of the equipment necessary to successfully secure an entrance is localised to the door, and access is granted upon the presentation of a valid code.
The simplest means of achieving this would be to manually enter a predetermined code into a keypad, which would then attempt to match the entered code against the one stored in the access control panel. If valid, the control panel will send a signal to the door, granting access for a short period of time.
It may also be achieved through a proximity reader. A proximity reader works through the conjunction of a proximity card, reader and access control panel. The reader emits a small electromagnetic field known as an excite field to detect nearby cards and transmit data through the reader and to the access control panel.
When a proximity card is brought within that field, it absorbs a small amount of energy from it effectively turning the card on. The card then transmits its number to the reader, which in turn searches the control panel’s database to see if the number matches and is therefore valid.
If the card is approved, the control panel sends a signal to the door unlocking it for a short period of time. Essentially, this is very similar to manually entering a code into a keypad, without the need to remember a pin.
Further measures of security may be taken by using both the keypad and card reader in conjunction, meaning both a key card/fob and a memorised code must be presented in order for somebody to gain access.
This means if an unauthorised person was to get hold of a key card or somehow learn of the predetermined code, they would still be denied access, therefore improving the overall security of a site or premises.
2. Discretionary Access Control (DAC)
This type of security is known as discretionary access control (DAC) and is only suitable for small premises with one, perhaps two doors. This is because, with discretionary access control, the end-user has the means to determine security level settings by granting access to others i.e. lending them their key card or telling them the pre-determined code.
It is therefore unsuitable for large premises or premises protecting sensitive information, where levels of access must be delegated and/or monitored.
SUMMARY:
A stand-alone access control system is the simplest form of access control, in which all of the components are localised at the entry point itself. Entry is gained through the presentation of a code. Due to the unrestricted nature of this system, it is recommended that it is only implemented in small buildings with 1 or 2 doors.
3. PC Networked System
A networked system is somewhat more complex than a standalone system and allows for far more customisation in terms of determining security levels, as well as monitoring usage. With a networked system, all locally controlled doors are wired together creating a commutation path between them. This is controlled centrally by a PC running the relevant software required for your specific access control system.
The system can be programmed via a PC. This allows you to download information to each individual door providing parameters specific to the level of security for that access-controlled area. The PC software also allows for reports to be created based upon the system’s usage. This enables an administrator to better monitor usage, knowing how many times an area was accessed, as well as by whom and at what time.
The system can be programmed with two different types of access control. Mandatory Access Control (MAC) or Role-Based Access Control (RBAC).
4. Mandatory Access Control (MAC)
Mandatory Access Control is generally utilised in organisations that need an increased emphasis on the security and confidentiality of data. An example of this would be a military institution, in which the protection of classified information is paramount.
MAC does not permit the end-user to determine which entities have access to a facility or unit, rather, only the owner and system administrator have management of the access control. With MAC, the administrator will typically classify each individual end-user and provide them with a status which allows them to gain entry through some points of access, but not others, based on established security guidelines.
As this system gives individual labels to each end-user, it is best utilised in premises with a small number of staff or premises with low staff turnover. This is because any new members of staff, or members of staff with a new job role, will need to be to individually assigned access to each secured area, relative to their position.
5. Role-Based Access Control (RBAC)
Alternatively, a premise may utilise Role-Based Access Control (RBAC). RBAC is the most sought-after access control system, highly demanded among households and business premises alike.
With an RBAC system, access is determined by a system administrator and is based upon the end user’s role within a household or organisation, therefore access privileges are defined by the limitations of their job responsibility.
So rather than assigning an individual as a security manager and granting them access to each secured area relevant to them, as is the case with MAC, the security manager position already has access control permissions assigned to it.
This means that rather than the system administrator assigning permission to multiple individuals, they need only assign permissions to specific job titles.
The RBAC system is best utilised in large organisations that need extensive security. Defining a person’s permissions based on their job role rather than them as an individual, means you can control access for groups of people which greatly streamlines the process. This system is particularly effective for managing high staff turnover in environments such as the leisure sector or large corporate office complexes, where maintaining tight control over who enters sensitive areas is crucial.
SUMMARY:
A PC networked system enables the administrator to control all of the doors, as well as the security parameters for each door, from software on a centralised PC.
This is much more efficient in large premises when compared to a stand-alone system. The two different programme types that can be run on this system are Mandatory Access Control and Role-Based Access Control.
Mandatory Access Control is when the system administrator labels individuals within an organisation and grants them access based on their job role.
Role-Based Access Control is when the system administrator assigns access privileges to a job role, rather than an individual.
6. Biometric and Cloud-Based Systems (NEW)
The landscape of access control continues to evolve rapidly, moving beyond traditional card readers and keypads. Modern commercial security systems are increasingly integrating advanced technologies such as biometrics (fingerprint, facial, and iris recognition) and cloud-based management platforms.
Biometric access control systems offer the highest level of security assurance by verifying a unique biological trait that cannot be lost, shared, or stolen. This is a critical factor for facilities with stringent security requirements, such as those handling valuable assets or sensitive data. For example, the security firm Avigilon, a leader in AI-powered security solutions, highlights the move towards touchless access, which became popular during the pandemic and continues to be valued for its hygienic and rapid authentication capabilities.
The Power of Cloud Integration
Networked systems, particularly those used in large multi-site operations like utility companies or multi-site waste management facilities, are rapidly migrating to the cloud. A significant advantage of cloud-based security is the ability to manage access privileges, review audit logs, and conduct diagnostics remotely and in real-time, often via a mobile application. This centralisation drastically simplifies the process of managing access control in large commercial premises, saving time and administrative overhead. This remote management is critical for operational efficiency and also enhances security, as system updates and patches can be deployed instantly, ensuring the system is always protected against the latest vulnerabilities. The future of security relies heavily on these integrated, smart solutions, as we discuss in more detail in our article on how smart technology is shaping the future of commercial security.
While the initial investment for biometric and cloud systems may be higher than for simpler DAC or standalone units, the long-term benefits in terms of security, scalability, and ease of management make them a smart choice for any business planning for future growth, particularly in highly regulated industries.
7. Door Entry
Door Entry Systems are utilised in order to enable entry to visitors who cannot gain access through the Access Control System.
An entry panel is installed externally to the entrance, enabling visitors to either press a button to request entry or call through to a security team.
The security team can then communicate with the visitor and make a decision on whether or not ingress can be made. This is a vital component of visitor management, ensuring that all entry points are controlled, even for non-employees. Integrating door entry with your wider security systems, such as a CCTV monitoring service, allows your security personnel to visually verify visitors, dramatically improving site safety and operational flow.
Installing Access Control with BusinessWatch
There are therefore multiple types of access control available, all with varying levels of security and features, all of which will be best suited to different industries and businesses. At BusinessWatch, we design, install and manage bespoke access control systems and will work closely with you and your business to find a solution that works for you. Understanding the importance of professional installation is key to system longevity, which is why we also offer a guide on which commercial security system offers better ROI when comparing providers.
Get in touch for a free quote or for more information on the access control systems we have available.