0333 900 0101

Access Control Installation Best Practices & Commissioning Checklist (UK)

Access Control Installation Best Practices & Commissioning Checklist (UK)

A first-class access control installation is the result of disciplined design, careful door engineering, clean cabling and power, robust software configuration, and a commissioning process that proves everything works under real-world conditions. The goal is simple: control who can go where, when, and record it reliably—without ever compromising safe escape or day-to-day operations. That outcome-led view is exactly how UK protective security guidance frames Automatic Access Control Systems (AACS), and it’s the lens we use on every project we deliver. 

If you’re planning a project and want a design that’s defendable to stakeholders and auditors, our team can translate the principles below into a scoped programme with a bill of materials and phasing that fits your estate. (See: Commercial Access Control Installation)

0333 900 0101 sales@network-data-cabling.co.uk Contact us

Begin with an operational requirement, not a parts list

Before hardware selection, capture a short operational requirement that states who needs access to which zones, when, under what assurance, and with what audit. NPSA’s user guidance on AACS is a useful backdrop for this conversation because it keeps the focus on business outcomes rather than brands. It also prompts you to consider visitor flows, delivery routes, vehicle access, and the audit/reporting your managers actually use. 

Walk the building and produce a door-by-door matrix: door function, risk level, escape route status, required locking mode (fail-safe or fail-secure), credential type, reader height and position, request-to-exit method, door contact, and any interlocks or lift control. Get this right and the installation phase becomes predictable.

Design to recognised UK standards and codes (and say so in the spec)

Anchor the specification to BS EN 60839-11-1 for electronic access control systems. It sets minimum functionality and performance requirements for systems and components, giving all parties a common baseline for reliability and behaviour. Pair that with NSI NCP 109 as the delivery code of practice for design, installation, commissioning and maintenance; it turns expectations into a process your supplier can evidence at handover. 

Where doors sit on escape routes, design and testing must comply with BS 7273-4:2015+A2:2023. The recent update clarifies the critical signal path between the fire alarm and release devices and offers guidance on acoustic and radio-actuated mechanisms—detail that matters when you’re selecting hardware and deciding whether any radio elements are suitable for your fire strategy.

Treat life safety as a design line-item

Security must never impede evacuation. Agree, in the design stage, how each relevant door will release on fire alarm and on relevant fault conditions in line with BS 7273-4—then prove it during commissioning and drills. Document fail-safe vs fail-secure choices by door function (e.g., perimeter escape routes typically fail-safe; high-risk internal rooms may be fail-secure if appropriate alternative egress exists). Include manual emergency release points where required, and ensure fire system interfaces are monitored and supervised along the entire critical signal path. 

Engineer doors properly: hardware, placement and inclusive access

A door that closes smoothly and is correctly hung is cheaper and safer to control. Specify the right lock type (maglock vs electric strike vs motorised lock), monitored keeps, robust door contacts, and request-to-exit devices suited to the environment. Plan reader placement for natural approach and accessibility; the BSIA’s specifier guidance reminds us to design with the Equality Act in mind—think mounting heights, approach clearances, and when to add automatic operators. Build inclusive access into the brief; it’s far easier than retrofitting later.

For visitor control, integrate video entry so reception can verify arrivals and log releases rather than bypass the audit trail. (See: Entry Phone Installation)

Cabling, power and electrical safety are non-negotiable

Reliable access control depends on clean low-voltage power and tidy, labelled cabling. Use structured cabling for readers and contacts; plan PoE where appropriate, and size local PSUs with standby batteries for orderly operation during outages. Electrical work should conform to BS 7671 (IET Wiring Regulations); installations following BS 7671 are recognised by the HSE as likely to meet legal duties—an important assurance point when you hand over documentation.

Cable routes should be fire-stopped where they penetrate fire compartments, with as-built drawings noting routes, device addresses, breaker/PSU references and test points. Label everything—future you (and your maintenance team) will thank you.

Network and cybersecurity: segment, secure, supervise

Most modern platforms are IP-based. Place controllers and gateways on segmented VLANs, change default credentials, restrict management interfaces, and plan secure remote access if administrators will manage sites from off-premises. Even if the management plane is cloud-hosted, access decisions at the door should continue using cached permissions during WAN or server outages; events can reconcile later. This design principle (deterministic decisions at the edge) protects day-to-day operations while you keep the management plane secure. Where appropriate, you can also leverage NPSA evaluation schemes and assured product lists when specifying components for higher-risk environments. 

Integrate deliberately (and test those journeys)

Integrations multiply value when engineered intentionally. Link door events to CCTV bookmarks so operators can instantly review forced-door alarms; coordinate with intruder alarms for first-in/last-out arming; feed visitor management so temporary credentials expire cleanly; and, where required, link to barriers and long-range readers so vehicle permissions mirror staff permissions. We outline practical integration patterns here: CCTV–Access Control–Alarm Integration

0333 900 0101 sales@network-data-cabling.co.uk Contact us

Privacy, biometrics and governance

Access logs are personal data. If you deploy biometrics for identification (e.g., fingerprint or facial recognition), templates and related events will usually be special category personal data under UK GDPR. Plan for a DPIA, clear signage and privacy notices, proportionate retention, template security, and a lawful basis plus special-category condition. Build governance tasks into the project (and your BAU) rather than treating them as paperwork afterthoughts. The ICO’s guidance sets practical expectations for biometric deployments that your supplier should help you meet. 

Installation craft: how work gets done on site

Good projects succeed because of the basics:

  • Method statements and permits that reflect live-site constraints and out-of-hours work where needed.
  • Containment and fixings that are appropriate to the substrate, with discreet surface routes in heritage areas and robust protection in back-of-house plant.
  • Labelled terminations at controllers and patch panels; reader, contact and lock cores dressed and tested before doors are handed back.
  • Site etiquette—temporary access arrangements, safe segregation of works, and communication with reception and security staff so nobody is surprised by a door being offline.

Keep a running installation log with photos; it’s gold dust at handover and during support.

Commission with discipline (prove it, don’t assume it)

Commissioning is where you turn a pile of parts into a trustworthy security system:

  1. Software and policy. Build sites, doors, access groups and schedules; set administrators and roles; enforce MFA for admin accounts; configure alerts and reports aligned to your operating model.
  2. Device proving. Enrol a test card and (if applicable) a biometric template; prove each door: valid/invalid credential behaviour, door-held-open and forced-door alarms, time schedules, anti-passback if used.
  3. Life-safety tests. With your fire contractor present, trigger the fire alarm and verify that all relevant doors release as designed, and that the critical signal path is supervised (simulate fault conditions).
  4. Power resilience. Pull mains to PSUs and controllers in a controlled test to confirm fail-safe/fail-secure behaviour and that standby supplies perform as specified.
  5. Integration journeys. Witness tests for CCTV bookmarks on door events, interlocks, lift call logic, visitor credential issuance/expiry, and barrier operation.
  6. Security hardening. Change default passwords, verify time sync, lock down management interfaces, and export a configuration backup.
  7. Documentation & training. Deliver O&M manuals, as-built drawings, configuration exports, test certificates, and train administrators on safe day-to-day operation (adding users, revoking credentials, basic triage). Align the whole process to NSI NCP 109 so outcomes are consistently evidenced.

A concise, practical checklist (for your project file)

  • An operational requirement signed off by stakeholders (security/FM/IT/HR).
  • Spec cites BS EN 60839-11-1 and delivery to NSI NCP 109.
  • BS 7273-4 life-safety behaviour defined per door and tested with the fire contractor.
  • Door schedules with locking mode, hardware, reader type/height, RTE, contacts and interlocks.
  • Cabling and power to BS 7671; labelled and documented with fire-stopping where needed.
  • Segmented networks, secured admin paths, and edge controllers that operate deterministically during outages.
  • Privacy pack (DPIA where biometrics used), retention policy, signage and admin training.
  • Witnessed integration tests for CCTV, alarms, visitor flows and barriers; configuration backup and O&M.

Where ACCL comes in

We design to UK standards, install with tidy engineering, and commission with witness tests that leave nothing to chance. If you’re modernising your broader security estate at the same time, we can align access control with your IP security infrastructure so switching, PoE and segmentation serve all systems consistently. (See: IP Security System Installation) If reception flows and visitor journeys are in scope, we’ll integrate video entry cleanly so you get security with service, not security instead of service, and if you need hands-free options we’ll help specify readers and credentials that deliver convenience without eroding assurance. (See: Hands-Free Access Control)

0333 900 0101 sales@network-data-cabling.co.uk Contact us

Get in touch today

Have a no-obligation chat with one of our data cabling experts, who can recommend a solution to suit your requirements and budget.

0333 900 0101 sales@network-data-cabling.co.uk Contact us