In a news story about the recent mass shooting at a Virginia Beach municipal building, it was reported that “police were unable to confront the gunman at one point because they didn’t have the key cards needed to open doors on the second floor.” This points to a major flaw in the planning, design, and implementation of the electronic access control system; and something we should make sure is not forgotten when designing and deploying these systems.
A retired FBI agent and former member of the elite hostage rescue team, Gregory Shaffer, had this to say about the situation:
“We need to make sure that first responders have full access to the building.”
He is absolutely correct. This incident and others like it illustrate how electronic access control technology that is supposed to protect people from workplace and school violence can sometimes hamper police and rescue workers in an emergency, if improperly implemented.
How does electronic access control technology work?
Card readers have become a standard feature of building security at workplaces and schools around the world. The technology in various forms has been used for decades, but it only gained in popularity over the last 20 years. Electronic access control systems are in many cases considered a necessity as part of a facility’s overall security program.
A keycard can take various forms and use several different technologies. The most common keycard is a flat, rectangular plastic card about the same size as a typical credit card. The keycard could also be a quarter-sized fob that serves the same purpose. Now, mobile phones can also be used as the “credential” to operate a card reader and replace the keycard.
Most card readers today use either magnetic stripes or contain a passive RFID or Bluetooth chip that transmits a signal to the card reader. The intent is to have the electronic access control system (the card reader and keycard or other credential) function like a standard key and lock, but with additional benefits like door scheduling, simplified management and audit trails.
Despite the different names and technologies used, the function for keycards remains the same – to efficiently and securely grant or restrict access to a specific area. When implementing these systems, one should consider what that means for first responders accessing the site during an emergency.
What are our recommendations to support electronic access control technology?
Electronic access control systems operate similarly to the way one would utilize a key, with the main difference being that the key is replaced by a keycard, key fob, or mobile phone credential. These systems must be governed by comprehensive policies and procedures, similar to how the issuing of physical master keys are managed. The advantage with electronic access systems is that the technology can be leveraged to make managing access during an emergency a much easier and effective task, if the upfront planning and design is done properly and with this intent in mind.
In the Virginia Beach incident, the technology was not at fault, but the implementation certainly was. While there is no general solution that will fit every facility, it is important to consider the following potential solutions and strategies:
- Creating a first responder profile within your system so that you can issue mobile credentials quickly to first responders, if the technology on your site and owned by the first responders supports this.
- Creating and printing keycards with “master access” privileges that can be given to first responders as they arrive on site or are stored in a lock box which they could access.
- Program a “threat level” mode within your access control system that, when initiated, unlocks specific doors (strategically chosen) for first responders.
- Consider having an operator responsible for controlling the access control system during an incident. This should be someone that can be in direct communication with first responders and provide access to doors by remotely unlocking them.
- Communicate with first responders early in the planning phases of any access control system project, so that you may understand their capabilities for integrating with your system and what would best support their methods of responding to an event on your site.
- Create a policy that details how first responders would be served by your system and what procedures should take place during different types of security events.
- Plan training scenarios and drills to test the procedures and ensure that key personnel know exactly what to do in an emergency.
Communication and planning are critical elements for the proper deployment of an electronic access control system. Beyond the initial programming and installation, you should consider continued communication with your local police department and first responders to ensure everyone is doing what they could to facilitate a response should an event occur.
Associate Principal Mike Niola contributed his insights to this blog post and is Vantage’s expert on security technology. Mike has worked with our clients to deliver security assessments and design security systems for schools, corporate and government offices, and healthcare facilities.