Access Control Planning Guide

Fail-safe and fail-secure describe what an opening does when power is lost. A fail-safe opening unlocks when power is removed. A fail-secure opening stays locked when power is removed. This decision affects lock type, egress behavior, emergency coordination, battery backup, and how the door behaves during outages.

This should happen before reader selection, lock power budgeting, panel sizing, or access level planning. If the fail-state decision changes later, the hardware, power, and operational assumptions may need to change with it.

A door can look correct from a security standpoint while still creating safety, egress, or outage problems. Choosing the wrong fail behavior can also make the power design look better than reality. A fail-safe lock, for example, may require different backup-power assumptions than a fail-secure opening.

The goal is not to replace code review or AHJ direction. The goal is to make the door behavior assumption visible before the rest of the access control design is built around it.

This is the first step in the Access Control guided flow. Use Fail-Safe / Fail-Secure to document the intended outage behavior before moving into reader type, lock power, panel capacity, and access level structure.

Reader selection is where you decide what kind of user interaction and credential method the opening needs. That may include keypad, card, mobile credential, biometric, multi-technology reader, outdoor-rated reader, or another reader type depending on the environment and security expectation.

This step matters once the door behavior is understood and before the controller, credential format, and access level structure are finalized. Reader type can influence wiring, compatibility, user throughput, security level, and long-term credential management.

A reader that technically works may still be a poor fit for the site. Outdoor conditions, traffic volume, user expectations, credential policy, and controller support all affect whether the reader choice is practical. A mismatch here can create usability problems or force changes later in the design.

Use Reader Type Selector after fail-state behavior is documented. If credential details are still unclear, use Credential Format as a supporting check before treating the reader decision as final.

Lock power planning estimates how much current the controlled openings need under normal and active conditions. It includes lock current, number of locks, simultaneous unlock behavior, supply capacity, voltage assumptions, and practical headroom.

This matters before choosing or documenting power supplies, battery backup, lock groups, or panel outputs. It is especially important when several locks may energize at the same time or when the design depends on backup power to preserve expected behavior during an outage.

Lock power can be underestimated when each door is considered by itself. The system may be fine at one opening but weak when several doors unlock, latch, or release together. Headroom also matters because power supplies, cable runs, and real-world operating conditions rarely behave like perfect spreadsheet values.

Use Lock Power Budget after the fail behavior and reader approach are known. If long cable runs are part of the design, use Door Cable Length as a supporting check so distance and voltage-drop pressure are not ignored.

Panel capacity planning checks whether the access control hardware has enough room for the controlled openings, readers, inputs, outputs, expansion modules, and future growth. It is not just a door count; it is a capacity and expansion review.

This matters after the door and reader assumptions are known and before the layout is treated as ready. It is especially important when the project may add doors later, when spare capacity is required, or when multiple panels and expansion boards are being compared.

A system can meet the current door count and still be boxed in. Lack of spare capacity can force panel changes, awkward expansion, or field rework. Inputs, outputs, readers, relays, supervised points, and future openings all need to be visible before capacity is considered comfortable.

Use Panel Capacity after the main opening and reader assumptions are known. Use Door Count Planner as a supporting check when the door list itself still needs to be organized.

Access level planning organizes who can enter which doors and when. It may include roles, groups, schedules, exceptions, departments, vendors, tenants, restricted spaces, and administrative rules. The goal is not only security; it is a structure that can be maintained accurately.

This matters after the door count, reader approach, and panel capacity are understood. It becomes more important as the number of doors, user groups, schedules, and exceptions increases. Small systems can tolerate simple rules; larger systems can become difficult to administer if the structure is not planned.

Access levels can grow messy fast. Too many one-off exceptions make the system harder to audit. Too few groups can make access too broad. A clear structure reduces administrative mistakes and makes it easier to explain why users have access to specific openings.

Use Access Level Sizing after the physical design assumptions are mostly understood. This turns the access control plan from a hardware layout into an operating model that someone can actually manage.

Supporting validation means checking the assumptions that may not be part of the core guided flow but can still affect the final design. That includes cable length, credential format, elevator readers, anti-passback zones, and the overall door list.

This matters after the main access control flow is understood or whenever one of these constraints is central to the project. A standard office door may not need every supporting check, but an elevator, parking entry, sensitive area, long run, or anti-passback requirement should not be treated casually.

A clean door-and-reader plan can still fail in the details. Cable distance can affect reliability. Credential format can affect compatibility. Elevator control can multiply reader counts. Anti-passback can add operational complexity. These supporting checks help catch those issues before the plan is locked.

Use this as the final planning-review layer after the core guided flow. Supporting tools such as Door Cable Length, Credential Format, Elevator Reader Count, and Anti-Passback Zones help document the details that can change the design.

This usually happens when a lock is selected before outage behavior, egress, or emergency coordination is clear. It matters because fail-safe and fail-secure assumptions affect hardware, power, and final review.

Reader type affects credential compatibility, user experience, environment, controller support, and security level. A reader that looks convenient may not be the best fit for the opening or operating model.

This happens when lock current is considered one opening at a time instead of as a system. It matters because simultaneous activity, backup behavior, and supply headroom can expose weak power assumptions.

A panel plan that barely fits today can become expensive later. Spare capacity, future doors, extra inputs, outputs, and expansion modules should be visible before the design is treated as comfortable.

Too many exceptions and one-off groups can make the system hard to audit. Access level planning should keep the structure clear enough for future administrators to understand and maintain.