Enterprise Physical Security Management Platform (PSMP)

Section 28 13 00
Enterprise Physical Security Management Platform (PSMP)

Basis Of Design: BluB0X BluSKY
Related Sections:

• 28 10 00 – Access Control
• 28 20 00 – Video Surveillance
• 28 05 00 – Common Work Results For Electronic Safety And Security

---

Part 1 – General

1.1 Summary

• This section defines the requirements for an Enterprise Physical Security Management Platform (PSMP) providing centralized management, monitoring, analytics, and automation for physical security subsystems.
• The PSMP shall serve as the authoritative system of record for security identities, events, alarms, and operational data across one or more facilities.
• The PSMP shall unify access control, video, identity, elevator integration, analytics, and operational workflows within a single, extensible software platform.

1.2 Purpose And Intent

The intent of this specification is to:

• Eliminate siloed and proprietary security subsystems

• Establish a unified, open-architecture security platform

• Preserve long-term flexibility for the Owner

• Prevent vendor lock-in through enforceable interoperability requirements

B. The PSMP shall be suitable for:

• Single-building deployments
• Multi-tenant commercial buildings
• Campus and portfolio-scale environments

1.3 Definitions

•  PSMP – Physical Security Management Platform
• Edge Decisioning – Local execution of security decisions without dependency on WAN connectivity
• Subsystem – Any connected system including access control, video, elevators, identity, or analytics

---

Part 2 – System Description

2.1 Platform Overview

The PSMP shall be a unified software platform capable of centrally managing multiple physical security subsystems.

The PSMP shall function as:

• A centralized configuration authority
• A real-time operational monitoring platform
• A historical event and audit repository

C. The PSMP shall not be limited to a single hardware manufacturer, reader type, controller, or subsystem provider.

2.2 System Scope

The PSMP shall support, at a minimum, the following capabilities:

• Access control management
• Video management (native and/or integrated)
• Identity and credential lifecycle management
• Elevator and destination dispatch integrations
• Event, alarm, and incident workflows
• Analytics, reporting, and data export

2.3 System Boundaries

• Subsystems may be native to the PSMP or integrated via open interfaces.
• Replacement or upgrade of any subsystem shall not require replacement of the PSMP.

---

Part 3 – Architecture Requirements

3.1 Deployment Models

The PSMP shall support:

• Cloud-hosted deployment

• On-premises deployment

• Hybrid deployment combining centralized management with local edge execution

Hybrid architectures shall permit local security decision execution in the event of WAN or cloud connectivity loss.

3.2 Multi-Tenant Architecture

The PSMP shall support logical tenant separation within a shared infrastructure.

Tenant data isolation shall be enforced at:

• Application layer

• Database layer

• Authorization layer

Tenant administrators shall not have access to other tenant data unless explicitly authorized.

3.3 Scalability
The PSMP shall scale from a single site to enterprise portfolios without architectural redesign.
The platform shall not impose hard limits on:

• Number of doors
• Number of cameras
• Number of identities
• Number of integrated subsystems

---

Part 4 – Functional Requirements

4.1 Unified Management
A. The PSMP shall provide centralized configuration and management of all connected subsystems.
B. A single operator interface shall be provided for monitoring, control, and investigation.
C. Role-based access control shall restrict system functions by user role.

4.2 Event And Alarm Management
A. The PSMP shall ingest and normalize events from all connected subsystems.
B. Events shall support:

• Prioritization

• Acknowledgement

• Escalation

• Annotation

• C. Alarm workflows shall be configurable by the Owner.

4.3 Identity-Centric Operation
A. The PSMP shall manage people, credentials, and permissions as first-class entities.
B. Access and operational decisions shall be driven by identity context, not solely by device state.

---

Part 5 – Performance Requirements

5.1 Decision Latency
A. Access control and elevator dispatch decisions shall not rely exclusively on round-trip cloud communication.
B. The PSMP shall support sub-second local decision execution where required.

5.2 Availability And Resilience
A. The PSMP shall support high-availability architectures.
B. Loss of WAN connectivity shall not disable:
• Door access decisions
• Elevator access authorization
• Critical security enforcement

---

Part 6 – Integration And Interoperability

6.1 Open Interfaces
A. The PSMP shall provide documented, publicly available APIs.
B. APIs shall support read/write access to:
• Configuration
• Identity data
• Events and alarms

6.2 Third-Party System Integration
A. The PSMP shall integrate with third-party systems including:

1. Identity providers (IdP)

2. HR and tenant databases

3. Video management systems

4. Elevator and destination dispatch systems

5. Visitor management systems

6.3 Future Expandability
A. Integration of new subsystems shall not require replacement of the PSMP.
B. Platform upgrades shall preserve backward compatibility with existing integrations.

---

Part 7 – Data Management And Ownership

7.1 Data Ownership
A. All data generated by the PSMP shall remain the property of the Owner.
B. Vendor access to Owner data shall be limited to authorized support functions.

7.2 Data Retention
A. Data retention policies shall be configurable by data type.

7.3 Data Export
A. Data shall be exportable in standard, non-proprietary formats.
B. Data export shall not require vendor intervention.

---

Part 8 – Cybersecurity

8.1 Authentication
A. The PSMP shall support modern authentication standards including SAML and OIDC.

8.2 Authorization
A. Role-based and permission-based access control shall be enforced across all platform functions.

8.3 Audit Logging
A. All administrative and security-relevant actions shall be logged.
B. Audit logs shall be searchable and exportable.

---

Part 9 – Operational Intelligence And Automation

9.1 Analytics
A. The PSMP shall provide analytics across events, identities, and system activity.

9.2 Automation
A. The PSMP shall support rule-based and AI-assisted automation.
B. Automated actions shall be transparent and reviewable.

9.3 Human Oversight
A. Authorized users shall be able to override automated actions.

---

Part 10 – User Interfaces

10.1 Operator Interface
A. The PSMP shall provide a unified dashboard for real-time monitoring.
B. Views shall be configurable by role.

10.2 Administrative Interface
A. Administrators shall configure devices, policies, and integrations from a centralized interface.

---

Part 11 – Documentation, Training, And Support

11.1 Documentation
A. Vendor shall provide comprehensive system documentation.

11.2 Training
A. Vendor shall provide training materials for administrators and operators.

11.3 Support
A. Vendor shall provide ongoing support and maintenance options.

---

Part 12 – Submittals And Close-Out

12.1 Submittals
A. System architecture diagrams
B. Integration documentation
C. Security design documentation

12.2 As-Built Documentation
A. Final system configuration
B. Updated diagrams reflecting deployed system

---

Part 13 – Acceptable Manufacturers

13.1 Basis Of Design
A. BluB0X BluSKY

13.2 Acceptable Alternatives
A. Alternative platforms shall meet all requirements of this specification.

---

Part 14 – Software Lifecycle

14.1 Upgrades
A. Platform shall support continuous updates without system replacement.

14.2 Compatibility
A. Updates shall not require re-certification of integrated subsystems.

---

End Of Section 28 13 00