• Follow us
Home > Knowledge > Content
Access Control Methodology
Oct 09, 2018

The Five Phases of Access Control Methodology

The purpose of access control is, rather than allowing anyone off the street entrance to a facility, to make sure only people with permission can enter.

01

Authorization

Access Authorization

Stranger

Member

Authorization is the phase that turns strangers into members. The first step is to define company policy; determine what people can and cannot do. This should include who has access to which door(s), and whether members of the organization can share access.

The next step is role-based access control (RBAC), as explained in the previous section. By assigning roles to users, they get a certain set of assigned privileges. This comes in handy for administrators since they don’t have to individually update every user, should something change.

Most organizations use employee directories in tandem with RBAC, since these lists include all authorized employees as well as their access levels.

02

Authentication

Access Authorization

Member

Validated

Authentication goes one level deeper than authorization. In this phase, members present to a door reader whatever badge, token, or credential they were given upon being authorized. The reader will check its validation to determine whether or not it should unlock the electric lock on the door in question.

03

Access

Access Authorization

Val

Access

Now that the credentials have been authenticated, the access tools available at this stage make sure everyone gets in the right door, at the right time, faster and easier.

Unlock:

Upon validation, the presenter can unlock whatever she wants to access. This can happen by pushing a button, presenting an access card, fob, or badge that requests access.

Trigger:

Once the request to enter has been received by the access control system, the access is triggered, typically in the form of a door unlock.

Infrastructure:

If the door unlocks, multiple events are tracked at once: The user was correctly authenticated, the user triggered an unlock, the door opened and the door closed.

04

Manage

Access Authorization

Access

Monitor

This phase helps the administrator meet several challenges, including adding new access points, onboarding and offboarding users, maintaining security, and troubleshooting problems. Let’s examine some advantages.

Scale:

Cloud-based access control systems can help startups and small businesses when they expand to new offices or additional offices by providing flexible and modular extensions of the existing setup.

Monitor:

Online access control systems send real-time alerts to administrators or security should any irregularity or attempted breach take place at any access point, allowing them to investigate immediately and record the event.

Troubleshoot:

Modern access control systems allow administrators to remotely configure permissions, or seek support from the vendor, should access points or users have issues—a huge advantage over locally-hosted systems.

05

Audit

Access Authorization

Monitor

Audit

Auditing physical access control is useful for all types of businesses. In addition, it helps certain sectors meet special requirements.

Scale:

Businesses can perform regularly-scheduled system reviews to make sure everything on the access control system is set up properly. It can also tell them if someone no longer employed by the company has been inadvertently left in the system.

Suspicious Events:

Since many access points are routinely tracked during any access event, auditing can prove useful to security officers when investigating unusual behavior. The data can be used to flag or highlight unusual access behavior or analyze it against historical data.

Compliance Reports:

Companies that process sensitive data like patient healthcare information, banking financial reports, or credit card payments must deal with audit requirements in the access control space when filing compliance reports in accordance with HIPAA, SOC2 or PCI. Some special categories like cyber security or ISO certifications also require managed and auditable access control. The audit phase can pull up the proper data for these periodic reports.