KEY STEPS-ACCESS CONTROL
There are four major classes of access control commonly adopted in modern day access control policies that include:
Role-based
Mandatory
Rule-based
Discretionary
Aside from their classifications, access control procedures normally have 5 major phases – authorization, authentication, accessing, management, and auditing.
Any modern access control system will have a detailed checklist of protocols to ensure each of the above phases passes with flying colors, guaranteeing the greatest safety and most efficient access to a space.
Authorization
Cloud-based access control systems, allow an administrator to authorize a user (whoever needs access to the space) with a specific level of access to any door connected to the required reader and controller. Conversely, authorization can be easily changed or revoked through a cloud-based administrator dashboard, meaning all the data and user credentials are stored and managed securely in the cloud.
Authentication
When a user attempts to open a door they've been granted access to, the reader and controller installed on the door communicate via Bluetooth (or NFC, depending on what type of access token is being used) to determine whether the person is indeed allowed access to that particular space. Authentication happens when the hardware connected to the door sends a signal to the cloud database, essentially connecting all the dots within seconds to grant access to the user. The remote access system ensures that only those with proper permissions are authenticated to enter.
Accessing
Once the necessary signals and user data have been authenticated in the cloud, a corresponding signal is sent to remotely unlock the door for the person requesting access. The door temporarily unlocks just long enough for the user to enter and then locks automatically once the door closes again. The beauty of a cloud-based access control system for this purpose is that users can access the space without the need for a traditional key or token. Kisi allows users to enter a locked space with their mobile phone or any device that has been authorized by the administrator, whether it be a traditional NFC card, Bluetooth token, or mobile device.
Management and auditing
With a cloud-based access control system, it is extremely easy to manage access remotely as well as view the data recorded for each door and user in the system. Administrators are provided a clean interface (accessible from a desktop or on a mobile device) where they can track every detail of each unlock event for their users. A cloud-based access control system also means that software and firmware updates are seamless and require no effort from the administrator.
The criteria, conditions, and processes, as well as how they should be implemented in each of those access control phases, is known as a robust access control policy. This unified policy will also cover a major component of security known as the physical access control policy.