Facilities Management Journal September 2019

FMJ.CO.UK ACCESS CONTROL FOCUS SEPTEMBER 2019 29 CERTIFIED PROVIDERS It is natural to focus on hardware elements, but intelligent so ware design delivering fit-for-purpose installations is equally important. So where should those responsible for a building’s security look for their access control solution, or the maintenance of an existing system? Buyers need to be confident that their providers are working to the highest industry standards, with the capability to assess risks and interpret the buyer’s specific requirements. When selecting a provider, it’s useful to consider prospective suppliers’ third-party certification or approval credentials. As a certification body specialising in the security and fire safety sector, NSI has an active register of over 1,800 approved companies, all of whom have been rigorously audited for compliance against a wide variety of scopes and codes of practice. For installers of systems this means taking into account British standards as well as other industry best practice. For example, NSI’s code of practice NCP 109 for the design, installation and maintenance of access control systems draws on the Equality Act 2010, the Disability Discrimination Act 2005, BS 7273-4 for fire protection (activation of release mechanisms for doors) and BS 7671 for electrical installations. It requires access control installers to assign each system access point with a risk classification according to the level of security required: class I (low risk), class II (low to medium risk), class III (medium to high risk), and class IV (high risk). All NSI Nacoss Gold and Systems Silverapproved companies working to this code of practice are equipped to advise on the most appropriate system given the needs of the building being managed. As part of the design and specification process, NSI-approved installers undertake a risk assessment. This is a review of the assessed threat, points of higher exposure and expected people flows. It considers means of escape in the event of a fire or security incident, and the most suitable type of recognition technology. Along with identified risks and recognition needs, the number of access points to be secured and monitored – including by video surveillance and remote monitoring – are factored in to the design. This includes the need to manage variation in risk classification for access points, which may vary between daylight hours and hours of darkness, weekdays and weekends, or during other critical periods where the risk factors may be di erent. NSI-approved installers issue for each new access control system a certificate of compliance that a irms the installation has been delivered in accordance with NSI code of practice 109. It’s normal for the components of any access control system to deteriorate with time. Doors, latches, card readers, closing devices and proximity cards all become worn at some point and could create a loophole in the security and, indeed, fire safety systems. NSI-approved companies share a log of activity that demonstrate the system has been comprehensively maintained, not dissimilar in concept to a vehicle MOT. RISK MANAGEMENT Record-keeping and data security are also considered. Typically, individuals log in, which means permissions are a point of risk. Failsafe system controls and procedures can ensure recognition log-ins are up to date, with permissions for employees added and withdrawn in a timely fashion. This is basic risk management. Access control systems store personal data which must be held securely. Data protection requirements (including GDPR) must be embraced by the data controller and data processor(s). Well-recognised codes of practice, such as NSI’s NCP 109, are designed to demonstrate the credentials of specialist security providers to buyers and users, helping to ensure good practice by providers and operators in managing security risk. They provide a framework to assist specifiers, installers and users in establishing risk, needs and requirements, and help specifiers and users to determine the appropriate level of security and sophistication required for a given application. They also assist system designers in meeting specifier or user requirements. The successful operation of access control systems is built on clear collaboration between specifiers, users and installers. Security can only be achieved with carefully developed and clearly understood specifications and usability in practice. Design must consider hardware components, take account of a dynamic risk assessment, and be based on knowledge of preferred modes of operation, management and maintenance. Working with approved installers competent in end-to-end delivery of a solution means peace of mind for specifier and user alike in delivering secure environments. From the facilities manager’s perspective, choosing an NSI-approved company provides confidence that their provider is subject to ongoing independent inspection of its competence, business practice and communications with clients, including sample inspections of installations. NSI Nacoss Gold approval includes certification to BS EN ISO 9001 (for a company’s quality management system) as well as adherence to the relevant standards detailed in the NCP 109. Companies that benchmark themselves against NSI approval schemes demonstrate commitment to the highest standards of competence in the design, delivery, operation, management and maintenance of access control systems. NSI’s independent approval provides assurance to facilities managers that installers, operators and the management of access control systems deliver consistent best practice in helping keep people safe. Buyers need to be confi dent that their providers are working to the highest industry standards, with the capability to assess risks and interpret the buyer’s specifi c requirements.”