Date icon23 March 2020

Access control fingerprint

Access Control Technology is employed by public and private organisations up and down the country. It’s a proven way to secure premises and keep people safe, as well as a way to help comply with legislation such as GDPR. But while the benefits are clear, procuring a system can be complex as there are numerous things to consider from budget and maintenance costs, through the number of people and premises it must cover to the type of security you need.  

This guide sets out a five-step approach to identifying and adopting the best access control for a setting and the questions you should ask of your organisation and your prospective supplier.

Step 1: Agreeing the purpose

It’s really important that you have a clear vision for the solution. In essence, you need to answer two questions: what are the organisational goals and therefore why does your organisation need a solution?  

Many access control implementations centre around security. Generally, this relates to keeping unauthorised people out of the whole or parts of a building, such as a computer room, or a drug storeroom in a hospital. Safety will also include having an accurate picture of who is in a building in case of an emergency.  

There are generally six main areas your procurement decision should focus on. These are:

  1.      People flows

But counting people in and out isn’t just about headcount. It’s also important for the purposes of managing the flow of people and ensuring there are no bottle necks at certain times of day. Any access control system must support this and not add to the problem – you don’t want a crush because a turnstile was in the way.  

2.      Legislation

Then there are legislative compliance requirements such GDPR, especially if you are integrating it with other systems like CCTV. For instance, these elements come into play if you have a camera that starts to record when it detects movement in an area that is generally out of bounds, or if you always have a camera recording the main entrance.  

Though you may have legitimate reasons for making the recording, you still need to inform everyone in the building there is the possibility you will, or that you are, recording them. But more than that, if someone is identifiable in the recording then you are operating under GDPR and the ICO would need to know. Anyone who is recorded would also have the right to access the footage.    

You also need to consider how the information of visitors is stored on the system you use to grant access permissions, as that also requires GDPR compliance.  

Your partner will be well versed in all of this so discuss this with them, so you get it right.  

3.      Existing infrastructure

But whatever the scenario, you have to have a clear understanding of how it would work with the existing infrastructure and personnel. You may find you can achieve your goals by changing the scope of the role of a receptionist. However, if managing the volume of people would be too onerous or present a risk to that individual in this scenario, then technology can lighten the load.

  4.      Space

Another fundamental question is how much space you have to allocate to your solution. Not all foyers are suited to large turnstiles. Plus, you can add complications if the space is shared with other tenants as they have to be prepared to share the installation.  

As we’ve said, turnstiles, though highly effective, do take up space and for that reason some companies will have sensors by a door that recognise badges with specific access permissions instead.  

5.      Management of the system

No matter the decision you take, there is still always a need for a single point of contact for the system. This person will be an administrator and facilitator for the system to ensure smooth running.  

It’s worth thinking about this side of things as you assess the technical solution because it may mean you need to alter job specifications. We cover this in more detail in ‘Step 3’.  

6.      Budget

Finally, budget is a major influencing factor. A turnstile is expensive compared to door sensors. Technologies like biometrics add another dimension to budgets.  

Ensuring you are adopting the right technology and not technology for technologies’ sake is vital at this early stage. But it’s also worth looking ahead. You may not need some technology today, but you may need it in five years’ time. Your budget will go further if you factor in this evolving need from the start and invest in technology that can grow with you.  

Step 2: Making the right decision – which technology suits the scenario best?

This really comes down to how you need to validate access and the information you need to know.  

Turnstiles and permission cards

If it’s a case of keeping people out, and/or you only need to know how many people are in a building at any one time but not necessarily who they are, then a turnstile or door reader that simply recognises a valid permission card may be sufficient.  

Specific access permission rights

However, if it’s imperative you know who is coming through the turnstile then you’ll need a system that can configure cards with specific access permissions. These can last for a set period of time or indefinitely.  


If you need very high security that must identify someone as an individual from a personal characteristic, then a biometric reader is sensible. Common choices include optical or thermal fingerprint readers.   

Of course, you may find you need a combination of solutions to suit the different ways a building operates. This is quite common. A good technology partner will help you identify the best technology combinations, so you meet your goals and budget.  

Step 3: Managing the system

We’ve mentioned the importance of an appointed manager for the system. That’s because there are a number of roles they will need to perform:  

1.      Peripherals

Firstly there is a logistical element to all of this – getting passes to people. So many companies overlook ‘peripherals’ and the associated overhead in time and money this can create. A solution that considers this and minimises effort is worth seeking out.  

2.      Reporting

It’s also worth looking at how important reporting is to your organisation and how much or little of it you want. This is where the conversation will move to look at what systems you have already and how they can be integrated. Some technology providers are happy to make their systems talk to existing HR and Payroll systems for example.  

When it comes to reporting, you need to establish if a daily report is necessary or if it’s better to have one weekly or monthly, as well as consider the importance of real-time alerts for a breach. Not only that, you need to consider how you want alerts and reports delivered – is an email sufficient, or do you need an immediate pop up prompt on a computer screen so your risk exposure is minimal?  

3.      Best practice

Finally, we always say you can’t manage what you can’t measure so speak to your technology partner about the best practice they support at other companies as this can greatly inform how you structure your implementation.  

Step 4: Implementation standards

When you have high standards, high levels of security are achieved and maintained. Look for accreditations like NSI Gold, which means implementation are carried out to the NCP-109 standard. Above all, it’s a sign that your partner is providing high quality technology that meets exacting standards and will evolve as your business does.  

It’s also recommended you look for accreditations such as Safe Contractor and Contractor Line, which are industry construction ‘kite marks’ and represent providers you can trust.  

You also need to ensure you will have dedicated people who will oversee the roll out to a high standard. It’s vital they can build a quick rapport with everyone involved so make sure you meet them and build a relationship early on.  

They will also oversee testing and ensure nothing is signed off until standards are met. This can be forgotten in the race to get the system installed, yet testing is so vital to build early credibility with employees and visitors.  

Step 5: System support after implementation

How will the system grow and adjust as your business needs change? What support can you expect from your supplier? Are software updates included? Will there be people available the minute I need them? These are fundamental questions for long-term success and scalability.  

As part of this it’s imperative you understand the difference between full support contracts and reactive incident only management contracts as you could be left exposed.  

Full support gives the assurances you are covered if there is a fault or problem that prevents the system from working, and software upgrades are included. This can’t be understated. Look for providers that provide this level of cover and invest the full-service fees into their team so there is UK support on hand.    

It’s clear there is a lot to think about. But the five steps outlined above break the challenge down and ensure you select the best solution for your organisation. But not only that, they will also put you in the right path to finding the best partner to work with too.