Skip to main content
BluINFO

Enterprise Access Control System (EACS)

  1. Last updated
  2. Save as PDF

Click to download spec > Enterprise Access Control System (EACS).docx

Section 28 10 00
Enterprise Access Control System (EACS)

Basis Of Design: BluBØX BluSKY
Related Sections:

  • 28 13 00 – Enterprise Physical Security Management Platform (PSMP)
  • 28 20 00 – Video Surveillance
  • 28 05 00 – Common Work Results For Electronic Safety And Security

Part 1 – General

1.1 Summary

  1. This section defines the requirements for an Enterprise Access Control System (EACS) providing identity-centric control of physical access points including doors, turnstiles, and elevators.
  2. The EACS shall be managed by a Physical Security Management Platform (PSMP) and shall operate as a distributed, software-defined system with centralized policy management and local enforcement.
  3. The EACS shall support traditional panel architectures, modern edge-compute controllers, intelligent reader-controller devices, and elevator control interfaces within a unified system.

1.2 Purpose And Intent
A. The intent of this specification is to:

  • Establish access control as an identity-driven security function

  • Support resilient, low-latency access enforcement

  • Enable lifecycle flexibility across controller and reader technologies

  • Support advanced operational and life-safety workflows

B. The system shall be suitable for:

  • Commercial office buildings
  • Mixed-use developments
  • Campuses and portfolios
  • High-traffic environments including turnstiles and elevators

1.3 Definitions

  • A. EACS – Enterprise Access Control System
  • B. Controller – Hardware device executing access decisions and controlling I/O
  • C. Edge Decisioning – Local execution of access decisions independent of WAN connectivity
  • D. Person Reader – Intelligent reader-controller device combining credential reading, identity verification, and local decision logic

Part 2 – System Description

2.1 Access Control System Overview
A. The EACS shall control and monitor physical access points including:

  1. Single and double doors
  2. Gates and barriers
  3. Turnstiles and controlled portals
  4. Elevator lobbies and destination dispatch interfaces
  5. Elevator cars and restricted floors
  6. B. The EACS shall generate real-time access events and alarms for all access points.

2.2 Relationship To PSMP

A. The EACS shall be configured, monitored, and administered through the PSMP.
B. The PSMP shall serve as the system of record for:

  • Identities
  • Credentials
  • Permissions
  • Access events

C. The EACS shall execute access enforcement locally based on policies defined in the PSMP.

2.3 System Scope
The EACS shall provide, at a minimum:

  • Credential-based access enforcement
  • Identity-driven permissions
  • Real-time event and alarm reporting
  • Integration with video and elevator systems
  • Support for emergency and life-safety workflows

Part 3 – Controller Architecture And Classes

3.1 Controller Classes
The EACS shall support multiple controller classes within a single deployment, including:

A. Traditional Panel-Based Access Controllers

  • Enterprise-grade controllers supporting multiple doors
  • Support for I/O expansion modules
  • Suitable for centralized or distributed panel architectures
  • Including industry-standard platforms such as HID Mercury-class controllers

B. Edge Compute Access Controllers

  • Controllers capable of executing access logic locally
  • Support for low-latency enforcement
  • Capable of autonomous operation during upstream connectivity loss

C. Person Reader And Intelligent Edge Devices

  • Integrated devices combining:

  1. Credential reading

  2. Identity verification

  3. Local decision execution
    Including BluB0X ARC-class hardware (ARC-1, ARC-2, ARC-4)

D. Elevator Control Interfaces

  • Hardware supporting:
    • Destination dispatch authorization
    • Elevator group access control
    • In-car floor authorization

3.2 Hardware Flexibility

  • A. The EACS shall support traditional controller architectures and modern edge-compute devices without architectural exception.
  • B. Deployment of one controller class shall not preclude deployment of others within the same system.

Part 4 – Distributed And Edge Decisioning

4.1 Local Enforcement

  • Access decisions shall be executable at the controller or intelligent edge device.
  • Continuous WAN connectivity shall not be required for authorized access enforcement.

4.2 Resilience

  • Loss of upstream connectivity shall not disable access enforcement.
  • Controllers shall retain sufficient configuration and credential data to operate autonomously.

4.3 Fail-Safe And Fail-Secure Operation

  • Fail-safe and fail-secure behavior shall be configurable per access point.
  • Behavior during power loss, communication loss, or emergency conditions shall be defined by system policy.

Part 5 – Access Point And Device Support

5.1 Access Point Types
The EACS shall support:

  • Standard and double doors
  • Mantraps
  • Turnstiles
  • Elevator lobby access points
  • Elevator car floor control

5.2 Inputs And Outputs

A. Supported inputs shall include:

  • Door position switches
  • Request-to-exit devices
  • Tamper sensors

B. Supported outputs shall include:

  • Lock and strike control
  • Auxiliary relays

Part 6 – Identity And Credential Management

6.1 Identity-Centric Model

  • Access permissions shall be assigned to identities rather than individual credentials.
  • Multiple credentials may be associated with a single identity.

6.2 Credential Types
The EACS shall support multiple credential types, including:

  • Physical credentials
  • Mobile credentials
  • Biometric credentials
  • Multi-factor combinations

6.3 Credential Lifecycle

  • Credential issuance
  • Credential modification
  • Credential suspension
  • Credential revocation

All lifecycle actions shall be auditable.

Part 7 – Access Logic And Advanced Functions

7.1 Access Levels And Groups
A. The system shall support flexible access levels and groups.
B. Access levels shall be assignable across:

  • Doors
  • Turnstiles
  • Elevator floors and groups

7.2 Schedules
A. Time-based schedules shall be supported.
B. Holiday and exception schedules shall be configurable.

7.3 Anti-Passback
A. The system shall support:

  • Soft anti-passback
  • Hard anti-passback

B. Anti-passback shall be configurable by:

  • Area
  • Group
  • Time window

7.4 Muster And Occupancy Tracking

  • The system shall support real-time occupancy tracking based on access events.
  • Muster reports shall be available during emergency conditions.
  • Occupancy data shall be viewable and exportable.

7.5 Lockdown And Emergency Modes

A. The system shall support:

  • Global lockdown
  • Zone-based lockdown

B. Lockdown activation shall be:

  • Manual
  • Automated based on defined triggers

C. Lockdown workflows shall integrate with alarms and life-safety systems.

Part 8 – Events, Alarms, And Monitoring

8.1 Access Events
A. All access attempts shall generate events including:

  • Granted
  • Denied
  • Invalid credential

8.2 Alarm Conditions
A. Alarm conditions shall include:

  • Door forced
  • Door held
  • Tamper
  • Access denied

8.3 Event Correlation
A. Events shall be correlated with:

  • Identity
  • Location
  • Time

Part 9 – Performance Requirements

9.1 Latency
A. Access decisions shall execute within sub-second response times.

9.2 Throughput
A. The system shall support high-traffic environments including turnstiles and elevator dispatch without degradation.

Part 10 – Integration Requirements

10.1 PSMP Integration
A. Full bidirectional integration with the PSMP shall be provided.

10.2 Video Integration
A. Access events shall be linkable to associated video footage.

10.3 Elevator Integration
A. The EACS shall support:

  • Access-based elevator dispatch
  • Floor authorization
  • In-car access control

Part 11 – Cybersecurity And Auditability

11.1 Secure Communications
A. Communications between devices, controllers, and the PSMP shall be encrypted.

11.2 Role-Based Administration
A. Administrative privileges shall be role-based and segregated.

11.3 Audit Logging
A. All configuration changes and access events shall be logged.
B. Logs shall be searchable and exportable.

Part 12 – Operation, Maintenance, And Updates

12.1 Configuration Management
A. Doors, controllers, and policies shall be centrally managed.

12.2 Updates
A. Firmware and software updates shall not disrupt access enforcement.

Part 13 – Submittals And Close-Out

13.1 Submittals

  • Controller and architecture diagrams
  • Door and elevator access schedules
  • ntegration documentation

13.2 As-Built Documentation

  • Final system configurations
  • Controller and device mappings

Part 14 – Acceptable Manufacturers

14.1 Basis Of Design

  • Managed through the PSMP and supporting traditional panel architectures and BluB0X ARC-class hardware.

14.2 Acceptable Alternatives

  • Alternative systems shall meet all requirements of this specification.

End Of Section 28 10 00