By the Power of Ethernet

By Kerby Lecka, Security Door Controls on April 1, 2017 | |

PoE gives smaller facilities more access control options

Kerby Lecka, Security Door Controls

Physical electronic security for non-enterprise applications is now as simple as tapping into the nearest Ethernet connection to power and control doors via web browser and low-voltage access and egress devices. There are a variety of cost-effective, code-compliant, low-power solutions for electronic access control of door openings in smaller companies and single facilities that do not require complex and costly enterprise-wide systems.

Regulatory Compliance

Besides meeting national fire and life safety codes, physical electronic security via Power over Ethernet (PoE) hardware and IP-based access control can also meet the compliance requirements of many regulations not typically associated with access control, including:

  • The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act – Hospitals and healthcare facilities must comply with these two laws regarding the protection of personal health information and electronic health records, including limiting physical access to information systems, equipment and IT operating environments to authorized individuals.
  • Sarbanes-Oxley Act – Requires organizations to store certain financial information in an auditable trail, have physical security, and maintain a system for monitoring and reviewing access on a periodic basis.
  • Payment Card Industry Data Security Standard – Covers all businesses that accept credit card payments; Requirement 9 states that any physical access to data or systems should be appropriately restricted, with entry controls used to limit and monitor physical access to systems that store, process or transmit cardholder data.
  • SSAE 16 – An auditing standard issued by the American Institute of Certified Public Accountants that restricts physical access to data centers through a combination of physical security systems and biometric identification.

There are many possibilities for cost-effective IP security and PoE hardware applications to meet these compliance requirements in smaller installations. Typically, medical and financial data records reside on computers or servers located onsite within these small organizations.

Data Rooms

No longer the exclusive domain of complex, enterprise-wide security systems, sophisticated and cost-effective electronic access control is now available for smaller companies and single facilities with the same need for protection as larger organizations.

Data rooms are no exception.

From the outer door to the inner door separating visitors from employees, and even to the entrance to the “data” part of the center, low-voltage access control devices (PoE hardware) can be controlled via web browser. This includes creating “mantraps” that allow only one door to open at a time and require authentication for both doors. It can also include access control at the door to an individual computer processing room (data room) where the actual server, mainframe or other critical IT equipment is located. Even individual computer cabinets can be secured and connected to the network via low-power electronic cabinet locks.

Applicable, low-voltage PoE hardware solutions for access control include magnetic locks, key and exit switches, electrified exit devices, electric strikes, electrified locksets, electric bolt locks, and cabinet locks – all connected by Ethernet cable to an IP-based access control system.
Real-time monitoring, detecting unauthorized access or attempts, and keeping track of people, especially during a building evacuation in an emergency, is critical. Low-voltage keypads, card readers and proximity readers are popular key technologies for door access control, all tied to an IP-based controller that provides audit trails and user management to define who has access. These are also suitable for entrances like loading docks and other exterior facility doors.

Should the small company or single facility grow, these PoE hardware solutions and IP-based access controllers and software can serve as a foundation for unlimited, cost-effective expansion. Instead of paying upfront for a large and expensive access control system, users can add security and protection incrementally as budgets and needs increase. Generally, applying the principle of least privilege is appropriate.

Physical security is the key to all other IT security measures. Unauthorized physical access to servers and equipment is the weakest link in IT security and can have profound consequences.

Clean Rooms

Clean rooms require rigorous controls to protect products and processes from contamination by chemical vapors, aerosol particles, dust and airborne microbes. Prevalent in the pharmaceutical, biotechnology, and high-technology industries, clean rooms provide protection primarily by limiting physical access and logging all access and egress activity.

As with data rooms, most physical electronic access control systems for clean rooms have been designed at the enterprise level for large facilities and organizations. Yet the clean rooms in smaller or single facilities must also prevent contamination using solutions within their budgets. Enter low-power PoE hardware devices and IP-based access control connected and powered by existing Ethernet connections.

Clean rooms typically utilize airlocks for entry and exit, a combination of a mantrap with two doors interlocked to prevent simultaneous opening and special timing functions to avoid unwanted passage between areas to ensure sterile and safe conditions. These procedures also maintain a constant temperature, humidity and air pressure in the clean room. Access to these secure areas can be limited to authorized personnel through the use of low-voltage keypads, key switches, and card readers. Of particular benefit is the use of proximity readers to provide touch-free high security and contamination avoidance.

As with data rooms, all access and egress activities can be controlled with low-voltage PoE hardware connected to – and monitored in real time with – an IP-based controller, with records stored for future audit trails. This can ensure compliance with organizational policies and regulatory compliance with GMP and FDA 21 CFR Part 11.

Low-voltage, cost-effective clean room security also helps to maintain consistent product quality, preventing costly recalls and regulatory actions that can negatively affect reputation and the bottom line.

Health Care

The healthcare industry has recently experienced disturbing trends toward visitor impatience, patients in behavioral health facilities being more easily upset, and staff being unprepared to respond appropriately to bad behavior. These problems can involve access and egress of unauthorized people into higher-risk areas, potentially leading to violent incidents. All of this can be particularly acute for small, single facility entities like urgent care centers, outpatient surgery centers, and rural medical clinics that do not require enterprise-wide security systems but still need viable solutions.

Once again, low-power PoE hardware devices and IP-based access control powered with existing Ethernet cable offer a practical alternative. Although it is generally not an accepted practice to lock entry and exit doors to everyone who enters a hospital, clinic or healthcare facility, it is acceptable to control access to specific areas. Physical electronic security applied to funneling patients and visitors into areas can provide them with a positive, safe and secure experience. Restricting access into high-risk areas is also part of a well-designed program. These areas may include:

  • Emergency Room
  • Pharmacy
  • Maternity
  • Pediatrics
  • Geriatrics
  • Behavioral Health

Using low-voltage PoE hardware and IP-based access control for physical electronic security is one of the easiest and most cost-effective means for preventing health care crime and violence.

Pharmaceutical facilities have come under increased scrutiny by the Food and Drug Administration (FDA) and the Drug Enforcement Administration (DEA) and greater pressure to comply with good manufacturing practices, good distribution practices, good storage practices and international World Health Organization (WHO) standards. Additionally, physical security and access control regulations from the Department of Homeland Security (DHS) and DHS’s Chemical Facility Anti-Terrorism Standards (CFATS) must be adhered to in order to prevent access to dangerous chemicals by terrorists.

Small pharmaceutical manufacturers, wholesalers and logistics providers have few alternatives for physical electronic security solutions beyond the large, enterprise systems currently offered them. Yet they must also meet the many guidelines of FDA Title 21, Subchapter C, dealing with the security of facilities that “must be secure from unauthorized entry” and whose “access from outside the premises shall be kept to a minimum and be well controlled.” Here, too, low-power PoE hardware devices and IP-based access control connected and powered by existing Ethernet cable is a viable, cost-effective, code-compliant solution for the needs of a small facility.

Data rooms and clean rooms are commonly found in pharmaceutical facilities, and the physical electronic security solutions previously described are equally effective here. The protection of people – e.g., researchers, executives, managers – is foremost, followed by the facility’s critical assets, including the research/intellectual property and raw materials used to develop and manufacture products. As with other facilities, all perimeter exit doors and loading entrances can be included in the solution.

Retrofit Projects

Ethernet cable is everywhere. Buildings are smart.

Imagine the savings in cost and installation time from being able to avoid long cable runs and power supplies for every door by simply tapping into the nearest Ethernet connection.

Low-power, PoE-capable locking hardware connected to IP-based access control does just that by allowing easy integration and connection to a physical electronic access control system.

Physical electronic access control solutions are particularly suited to tenant improvement and retrofit projects, providing the ability to purchase and install just what is needed without having to invest in a more costly enterprise system designed for larger facilities. The beauty of the PoE hardware and IP-based access control approach is that it is easily expandable as needs grow without a big upfront commitment to an oversized solution.

As with any tenant improvement or low-voltage implementation via Ethernet cable, it is recommended that installers be comfortable with Ethernet network best practices and test any installation by using an Ethernet cable tester before startup. Also, by following industry standards – ANSI/TIA-1005 (MICE) and ANSI/TIA-569C.0 (cable lengths) – many issues that are residuals of previous installations can be avoided.

Without a doubt, using viable, legacy Ethernet cable with PoE hardware and an IP-based controller will save money, time and manpower when retrofitting for physical electronic security. Plus, the building or facility can remain operational without the need to remove, install and recycle cable.

A smaller organization or facility can now meet many of the physical electronic security requirements of their industry by using lower-cost, low-voltage, easy to install and operate PoE hardware and IP-based access control solutions with existing Ethernet cable and avoiding the heavy cost commitments of complex, oversized, enterprise-wide systems.

Kerby Lecka (kerby@wmwinc.com) is director of marketing for Security Door Controls (www.sdcsecurity.com)