Section 281301

Access Control

SECTION 281301
ACCESS CONTROL
PART - 1- GENERAL
1.1 SCOPE
This specification calls for the basic design, supply, installation and commissioning of a complete,
integrated Access Control and Alarms Management system, in line with the technical and perfor-
mance criteria set out in this document.
The system shall be designed for ultimate reliability and maximum operating efficiency using only
the highest quality, fully field proven products. Proposed system shall be capable of operating with
Noted multi-technology readers with smart cards and biometrics integrated.
Engineers that are factory trained and resident in the theatre must provide design, installation and
maintenance of the system.

The system must be able to operate over LAN/WAN for multi-site operation and control. In the
event of smart card applications, biometrics and other required applications shall reside in the chip
of the card. The system must be able to integrate with CCTV.

1.2 SYSTEM FUNCTION

1. The system shall be at the time of bid, if required, listed by Underwriters Laboratories listed for
UL 294 Access Control Systems, and UL 1076 Proprietary Burglar Alarm Systems.
2. The system shall be modular in nature, and shall permit expansion of both capacity and func-
Comply tionality through the addition of control panels, card readers, and sensors.
3. The system shall incorporate the necessary hardware, software, and firmware to collect, trans-
mits, and process alarm, tamper and trouble conditions, access requests, and advisories in ac-
cordance with the security procedures of the facility. The system shall control the flow of au-
thorized personnel traffic through the secured areas of the facility.
4. The user interface at the host computer (server) and at the OWT (Operator Workstation Termi-
nal computers) shall be a mouse driven graphical user interface (GUI) allowing the user to open
and work on multiple windows simultaneously.

PART - 2 - PRODUCTION
2.1 OPERATIONAL REQUIREMENTS

2.1.1 DATABASE MANAGEMENT

The system shall create and maintain a master database of all cardholder records and all sys-
tem activity for all connected points.
2.1.2 AUDIT TRAIL
The system shall maintain an audit trail file of operator activity, and provide the ability to
generate a report by operator, time and date, and type of activity (audit code). The system
shall allow the operator to direct the audit trail report to screen, printer, or file. The audit trail
Comply feature shall record the following system events at a minimum.
a. Site parameters modified.
b. System login or logout.
c. System restart.
d. Cardholder added, deleted, or changed.
e. Event added, deleted, changed, or executed
f. Alarm message added, deleted, or changed
g. Communication initiated or terminated
h. Field device/points added, deleted, or changed
i. Access privileges added, deleted, or changed.
2.2 INPUT POINT MONITORING
Comply Collect and process status information from all monitored points.

Page 1 of 10
 Section 281301
Access Control

2.3 ALARM ANNUANCIATION

Comply Audibly and visually annunciate all alarm, tamper and trouble conditions, and advisories.
2.4 INPUT POINT SUPERVISION
Comply The system shall electrically supervise all 2-state and 4-state input point circuits as specified or
shown on the drawings.
2.5 REPORT
Dynamic report writer module that shall have access to the SMS database fields to allow users to
create custom reports. The dynamic report writer shall be Seagate Crystal Report Writer profes-
sional version and shall have the following features at a minimum:
Comply a. Mouse driven graphical user interface with the ability to select database fields from a list of the
fields
b. User definable reports that can be saved and re-run as required without redefining the report
fields and format each time the report is run.

2.6 OPERATOR MENU ACCESS

The operator password shall control which menu items that the individual operator may access. It
shall also be possible to restrict operators such that certain specified menu commands do not appear
Comply on the screen, or are grayed-out (disabled) for a given operator. All user passwords are fully en-
crypted, even while being stored and transmitted across the network.

2.7 ALARM INPUT POINT SUPPRESSION

The system shall provide an alarm input point suppression facility such that the operator may define
Comply a time-zone suppression period for each individual input point. Alarm conditions for suppressed in-
put points shall not be recorded or archived by the system however trouble conditions will be rec-
orded.

2.8 ALARM GRAPHIC

The alarm-graphics portion of the system shall provide dynamic color alarm graphic maps with the
following functions:
a. User definable graphic maps to depict input point conditions
b. The system shall support the importing of most bitmap file format graphics produced with any
graphic drawing program such as .TIF, .BMP or .JPG file format. Vector file formats are not
acceptable.
Comply c. Shall support the importing of most bitmap file format graphics produced with any graphic
drawing program such as .TIF, .BMP or .JPG file format. Vector file formats are not accepta-
ble.
d. The software shall be capable of storing a number of graphic maps. The quantity shall be lim-
ited by available hard disk storage space only.
e. The system shall provide a palette that includes six categories of pre-defined alarm map icons
for Input, Output, Map Layer, Reader Terminals, Panels, I/O Terminals.

2.9 ALARM HANDLING

The alarm-handling portion of the system shall provide the following functions:
a. User definable alarm message/instructions name.
b. User definable alarm message/instructions description. The system shall provide the ability to
assign an alarm message/instructions to each state of
Comply
c.
the form of a pick list from which the operator may select an appropriate alarm name and mes-
sage from all alarm messages defined in the database by the operator.
d. Alarm input points: the system shall support up to 17,000 alarm-input points.

Page 2 of 10
 Section 281301
Access Control

e.
e-
letion of input point(s). All maintenance functions shall be logged to the audit trail and archived
to hard disk of the host PC.
f. The system shall support both 2-state and 4-state alarm input point monitoring as called for in
this specification or as shown on the drawings.
g. Alarm priority: the system shall provide an alarm priority queue from 0-9.
h. - e priority
- -alarm window when a
popup alarm occurs, the alarm queue window shall be automatically placed on top all other
Comply windows to allow the operator to respond to the alarm condition.
i. Alarm instruction display: the SMS shall provide a window with up to ten lines of user defined
instructions, which shall tell the operator how to respond to a selected alarm.
j. Alarm condition history display: the SMS shall provide a window displaying the previous states
of the alarm point with a time and date stamp of each condition.
k. Alarm response entry: the SMS shall provide a window in which the operator may enter free
form text describing how he/she responded to a given alarm or select from a user defined list of
pre-defined response descriptions.
i. The alarm instruction display, alarm condition history display, and the alarm response entry box
shall all be a part of one summary window. Separate windows or applications to support any of
these three functions are unacceptable.

2.10 EVENT PROCESSING

a. Host event triggers: the system shall provide the operator with a scrolling list of the event se-
quence triggers as minimum that may be combined with the event sequence logical operators to
program a custom sequence of events.
b. Host event actions: shall be provide a scrolling list of the event sequence actions as a minimum,
and allow the user to attach one or more actions to one or more of the event sequence triggers to
program a custom sequence of events.
c. Logical operators for trigger conditions: the SMS shall provide a scrolling list of the following
logical operators for event trigger conditions
1. = (Equal to)
2. != (not equal to)
Comply 3. > (Greater than)
4. < (Less than)
5. >= (Greater than or equal to)
6. <= (Less than or equal to)
d. Logical operators for triggers: shall provide the following event trigger logical operators to al-
low the user to attach one or more of the logical operators with one or more of the event triggers
and card actions listed above to program a custom sequence of events.
1. And
2. Or

2.11 TIME ZONE

Comply The system shall provide the capability for the user to define time zones.

2.12 COMMUNICATIONS
a. Communications between the server (Host) and the sub-controllers panels can optionally sup-
Comply port redundant paths. Thus the loss of communications on one path automatically causes com-
munications to be established via the other path without operator intervention
b. Should the sub-controller(s) lose communications with the Host, the sub-controllers shall con-
tinue to control access and monitor inputs for all connected points. Local history of all transac-
Comply tions shall be buffered at the sub-controller and automatically uploaded to the Host for alarm re-
porting and long-term historical storage once communications is re-established.
Page 3 of 10
 Section 281301
Access Control

c. The contractor shall be responsible for the design of a system that will compensate for all signal
Comply level losses in the trunk wiring. This shall include any power supplies for the field devices and
any signal level converters or repeaters for the proper amplification of electrical signals.

2.13 USER DEFINED CARDHOLDER DATABASE FIELD

The system shall support up to 128 user defined data fields, which may be used to store information
for each cardholder. Each field may be of a type: alphanumeric text, numeric, date, toggle
Comply (Yes/No). The system shall provide standard menu items, which shall allow the operator to define
these cardholder database fields at anytime. The system shall remain on-line while user defined
cardholder database fields are added or edited. It shall be possible, using standard SMS system
menu commands to search and report on all user defined cardholder fields.

2.14 EVENT AND TRANSACTION HISTORY

The system shall maintain a record of all alarm, card transaction, and system exceptions which take
Comply place, and provide a means for a user to access this information. It shall be possible to print infor-
mation in the log in real-time or by a report.

2.15 ANTI-PASS BACK CONTROL

The System shall provide the capability to prevent more than one person from gaining access to a
controlled area by recognizing when a cardholder who is granted access is passing back the card to
Comply another person to use the same card to gain access. If so programmed, an alarm may be generated if
the cardholder violates the anti-pass back rules. It shall be possible to define on a reader-by-reader
basis, which readers are subject to anti-pass back rules.

2.16 ANTI-TAILGATE CONTROL

The system shall provide the capability to prevent more than one person accessing a controlled area
Comply as a result of a single card transaction.

2.17 IN-X-IT (ENTRY/EXIT)

Noted previous transaction status of the card. An alarm may be generated if the cardholder violates the In-
X-It conditions.

2.18 DURESS PROCESSING

The system shall permit cardholders to indicate that they are requesting access to an area under some
Comply forced or duress situation. An alarm may be generated if a duress condition occurs, and the card-
holder will be granted access.

2.19 CARDHOLDER DEFINTION

The System shall provide the capability for the user to define Cardholders with the following identi-
fication and operating parameters.
a. Cardholder name (first, middle, last)
b. Cardholder address.
Comply c. Cardholder phone number and extension number.
d. Validation period using start and void dates.
e. Department and Company fields from selection list of user defined departments and companies.
f. 128 user defined cardholder fields. The system shall provide the capability to use these fields in
filtering reports

2.20 REAL-TIME SYSTEM ACTIVITY WINDOW

Page 4 of 10
 Section 281301
Access Control

A real time system activity monitor window shall be available for display on any OWT screen. The
real time window shall have the following capability:
a.
1. Input point alarms
2. System Exception messages
Comply 3. Access Grant
4. Access Deny
5. Access Trace
6. Entry/Exit Central Mode of operation
7. Audit Trail
b. Be able to toggle the display on and off

2.21 SYSTEM STATUS DISPLAY

The system shall provide a dynamic system status summary display that graphically indicates the
following status information, filtered by panel or terminal. All status display information shall be
summarized in a single window.
Comply a. Terminal up/down
b. Panel up/down.
c. State of input points (alarm, secure, short, open).
d. Indication of whether each sub-controller, terminal, reader is disabled or not reporting

2.22 ALARM ROTING

The system shall provide the ability for the user to define which input points or groups of input
points are displayed Operator Workstation Terminal (OWT) computer. The system shall provide a
Comply report showing which input points are routed to each OWT. The system shall also provide a win-
dow that shows the routing of alarms to a Workstation and whether or not the Workstation is on or
off line.

2.23 CONTROL POINTS

The System shall provide the ability to define input points as control points to be used in in-
Comply put/output linking and event processing sequences of operation. Control points shall not enter the
alarm queue and shall not require that an operator acknowledge them when they change state. The
control point activity will however, be automatically logged to the history file.

2.24 WORKSTATION CONTROL

Workstations shall have the ability to be assigned a Name and have an IP address for network
TCP/IP connections. The Workstation will have the following capabilities:
Comply a. Be identified as a Workstation only, or Workstation.
b. Have an enable/disable toggle button to allow or disallow operator login at the workstation.

2.25 REAL TIME PRINTER

The System shall be capable of printing to a network accessible printer as well as printing from an
LPT port. The System shall be capable of printing with the following parameters:
a. Be able to specify printing of the following items, independent from each other:
1. Input Point Alarms.
2. System Exception and Event Messages
Noted 3. Access Trace.
4. Access Deny.
5. Access Grant
6. Entry/Exit Central.
7. Audit Trail.
b. Have a toggle button to enable or disable Real Time Printing.

Page 5 of 10
 Section 281301
Access Control

2.3 SOFTWARE REQUIREMENTS

2.3.1 CAPACITY
The software shall have an installed capacity to accommodate the following at a minimum:
1. A central database on the host server able to support up to 200,000 Badges maximum.
2. Unlimited number of access groups.
3. Unlimited number of password groups each with an unlimited number of operator passwords.
4. Up to 17,000 2-state alarm input points, or up to 8,000 4-state alarm input points (or any combi-
nation in-between).
5. Central on-line data storage of 500,000 historical transactions, expandable as system resources al-
Comply low, with a local panel storage capability of up to 200,000 cardholders and 75,000 events.
6. Ten (10) levels of alarm priority.
7. A minimum of ten (10) individual badge numbers per cardholder. Each badge shall be tracked
separately.
8. Eight (8) issue levels per card, only one of which shall be active at any given time.
9. One Hundred (100) user-defined cardholder fields. The system shall be capable of reporting on
any or all of the user-defined fields. Each user-defined field may be defined by the user as al-
phanumeric, numeric, date, or logical (yes/no).

2.3.2 SYSTEM SOFTWARE

1. The server operating system shall be Microsoft Windows® NT Server version 4.0. It shall have
multi-tasking and multi-user capability and support workstations with Windows NT Work-
station, Windows 98 or Windows 95 operating systems.
Comply 2. The system database shall be SQL Server, Version 7.0.
3. The software features shall be fully documented in the form of a d-
ing operation and installation sections, and a detailed description of the major system functions.
4. In addition to the pre-loaded software, there shall be a high-level report generator such as Seagate
Crystal Reports, Version 4.0.

2.3.3 PARTIONNING
The system shall be capable of partitioning (segmenting) the database, which must include at least
not limited to the following items:
1. Cardholders
2. Badges
Comply 3. Time-zones
4. Access Groups.
5. Panels.
6. Readers/Terminals.
7. Workstations
2.4 HARDWARE REQUIREMENTS
2.4.1 SYSTEM SERVER REQUIREMENTS
The minimum System Server requirements shall be a standard name brand personal computer with
proper capacity for the intended purpose. The computer shall ship factory configured with all soft-
ware pre-loaded and tested. All computer hardware replacement components shall be available
from multiple third party sources. Minimum configuration for the host PC shall be:
a. Pentium CPU with a clock speed of 266+MHz or greater.
Comply
b. 128 MB of RAM.
c.
d. SCSI tape drive.
e. 8X speed CD-ROM.
f. 20 GB SCSI hard disk.
g. 1024 x 768 resolution 64K color, video card with 2MB RAM.
h.
i. Standard 101- type keyboard and mouse.
Page 6 of 10
 Section 281301
Access Control

j. 2 network interface controllers (10Base-T Network Controller port) or equivalent.

Page 7 of 10
 Section 281301
Access Control

2.4.2 SYSTEM PRINTER

Shall be provided in the quantities specified or as shown on the drawings. Printers shall be dot matrix,
Not applicable 180 characters per second, bi-directional printers.

2.4.3 SUB-CONTROLLER
Shall comply to the following functionality:
Comply a. The sub-controller shall be a fully stand-alone processor capable of making all access control de-
cisions.
Comply b. The sub-controller shall support up to sixteen (16) card readers in addition to either 256 input
points or 128 input points and 128 output points. It shall further support up to 12 facility codes per
reader, 40 unique holidays, 8 access group and time zone pairs.
c. Memory Requirements:
Comply 1. Minimum number of cards: 15,000 expandable to 200,000.
2. Minimum number of historical transactions: 5,000 expandable to Minimum number of histori-
cal transactions: 5,000 expandable to 75,000 at full card capacity.
Comply d. The controller shall require no firmware changes and shall use flash memory modules to provide
non-volatile storage of both data and operational code.
e. Each controller shall be provided with built-in hardware to support hard-wired communications
Comply
between the controller(s) and readers of up to 4000 feet per.
f. Communications between the controller(s) and the host server shall be Communications between
Comply the controller(s) and the host server shall be via Ethernet TCIP at 10Mbps. There shall be an alter-
nate communications path to the host via a secondary IP address such that in the unlikely even the
primary IP address / network is down an alternate communications path may be established.
g. An alarm summary relay shall be built-in to the controller motherboard. If so programmed, the
Comply alarm relay shall be activated whenever a connected alarm point transfers to the alarm state and
whenever soft alarms become active.
h. A SPDT tamper switch shall be attached to the inner surface of the controller enclosure. The tam-
per switch shall change state whenever the enclosure door is opened to signal the SMS of the con-
dition. The tamper switch input shall be user programmable to be suppressed, to be recognized as
Noted an input point to be process by the alarm queue at the host computer, to printout at an optional
printer connected directly to the controller, and to activate the alarm summary relay described
above.
i. The standard AC linear power supply version of the controller shall include a battery module to
Comply back-
primary AC power service. The controller database, the time clock, the transaction history, and all
operator entered parameters shall be backed-up by the battery.
j. If required elsewhere in the drawings or Specification, the controller(s) shall be furnished with an
Not Applicable UPS battery configuration instead of a standard AC liner power supply configuration. The battery
shall power the controller upon failure of the primary AC service for a minimum of three hours.
k. While on UPS service, the controller shall continue to process event activity, card transactions,
Not Applicable and record history transactions.
l. The controller shall provide built-in LED to indicate whether the controller is properly communi-
Comply
cating with the host computer.

2.4.4 ALARM MONITORING AND OUTPUT CONTROL TERMINAL BOARDS

Intelligent alarm monitoring and output control terminal boards shall support the following functional-
ity:
a. Sixteen two-state alarm input points.
Comply b. Eight four-state supervised alarm input points.
c. Eight two-state alarm input points and eight SPDT output relays.

Page 8 of 10
 Section 281301
Access Control

c. Eight four-state supervised alarms input points and eight SPDT output relays.

2.5 CARDS AND CARDS READERS

2.5.1 GENERAL

Comply n-
e of the door.
2.5.2 WIEGAND TECHNOLOGY
1. The reader housings shall be made of cast aluminum
2. The reader shall contain one green and one red built-in pilot light or LED to indicate valid and in-
valid card badging. A single LED that changes color from red to green is also acceptable.
3. The reader shall be available in card only and card plus PIN pad versions. Furnish and install in
the style and quantities as shown on the drawings.
4. The readers shall be manufacturer certified for an ambient operating environment of 32 to 115 de-
grees F (0 to 46 degrees C) and 10 to 90 % RH, non-condensing. For installations in environ-
ments below 32 degrees F, a cold weather kit shall be installed in the reader to ensure normal op-
eration. The kit shall consist of a heating element mounted inside the reader and a moisture seal
gasket set to prevent moisture from entering the reader housing.
5. The cards shall be constructed of top quality, highly durable and resilient PVC plastic or a
Comply PVC/Polyester composite material for use with Wiegand readers.
6. The manufacturer using the Wiegand pulse generating effect with a highly secure encryption algo-
rithm shall encode cards. Each card shall be encoded with a facility code unique to the security
system, and individual card number, and one of eight issue level numbers.
7. The encoded information shall be highly secure from alteration by external magnetic fields.
8. Standard cards shall be available with hot stamped facility code and card number. The cards shall
be available from the manufacturer without hot stamping if requested by the owner.
9. Cards shall be ISO standard credit card size.
10. Cards shall have the capability to be slot-punched at the top and equipped with a strap clip to at-
badges should be printed be-
fore punching slots.
2.5.3 PROXIMITY READER
a. The reader shall be integrated and contain all reader electronics inside a single polycarbonate en-
closure.
Comply b. The reader shall operate when mounted on a variety of surfaces including metal. Maximum read
range degradation when mounted on a metal surface shall be 50-percent.
c. The reader shall contain an integral bi-color LED and audio tone to indicate if the card has been
successfully read.

Page 9 of 10
 Section 281301
Access Control

d. The reader shall operate when mounted on a variety of surfaces including metal. Maximum read
range degradation when mounted on a metal surface shall be 50-percent.
e.
Comply f.
g. The reader shall be rated for normal operation from -5 to 150 deg. F.
h. The proximity card shall be encased in high impact sealed plastic with a surface suitable to receive
an adhesive backed photo ID.

PART - 3 - EXECUTION
3.1 INSTALLATION REQUIREMENTS
a. All consoles, terminals, and controllers shall be factory wired before shipment to the job site.
b. Cabinet doors shall open a minimum of 170 degrees to avoid blocking personnel movement. Each
door shall be equipped with a cylinder lock, a tamper switch and a piano-type hinge with welded
tamperproof pins.
c. Provisions shall be made for field wiring to enter the cabinet via standard knockouts at the top,
Comply bottom and sides of controller cabinets.
d. Each wire shall be identified at both ends with the wire designation corresponding to the wire
numbers shown on the wiring diagrams.
e. All exposed wiring within the cabinets, consoles, and terminals shall be formed neatly with wires
grouped in bundles using non-metallic, flame-resistant wiring cleats or wire ties.
f. .
3.2 TESTING AND COMMISSIONING

The Contractor shall be responsible for testing and commissioning of the installation in accordance
with all applicable documents in the Contract set.
Comply 1. Testing shall be comprehensive and sufficient to demonstrate compliance with each requirement.
2. A proposed test plan shall be submitted to the Engineer for approval before commencement of fi-
nal test.
3. Final tests shall be conducted in the presence of the Engineer.

END OF SECTION 281300

Page 10 of 10