0333 900 0101

Questions to Ask Your Access Control Installation Provider (Before You Sign)

Access Control Installation

Choosing an access control partner is as important as choosing the technology. The right installer should translate your risks and building constraints into a system that is reliable, safe and easy to run—not just hang readers and hand over a manual. To help you separate credible bids from box-ticking proposals, here are the questions we recommend you put to any provider. They’re written from the client’s side of the table and anchored to UK standards and guidance, so you can defend decisions to stakeholders, auditors and insurers.

If you’d like a practical conversation about your own estate, our team can translate these points into a scoped design, bill of materials and programme. (See: Commercial Access Control Installation.)

0333 900 0101 sales@network-data-cabling.co.uk Contact us

How will you design for life safety from day one?

Security can never impede safe escape. Ask how the design will ensure electronically controlled doors on escape routes release on fire alarm and relevant fault conditions, and how that behaviour will be verified at commissioning and drills. A competent provider should talk confidently about BS 7273-4:2015+A2:2023, the “critical signal path” between the fire alarm and release devices, and when hard-wired versus radio/acoustic actuation is appropriate. They should also explain how fail-safe and fail-secure locking modes are chosen by door function and fire strategy. If these answers feel vague, the design is at risk of late, costly changes—and potential non-compliance. 

Which standards and codes of practice will you work to?

Standards keep projects comparable and predictable. Ask which system and component standards the specification will cite (typically BS EN 60839-11-1 for electronic access control systems), and which delivery code of practice will govern design, installation, commissioning and maintenance (for example NSI NCP 109 Issue 4). This baseline reduces interpretation gaps between bidders, supports insurance acceptance and gives you a clear acceptance checklist at handover. A credible installer will welcome being held to these benchmarks. 

How will you align the system to our operational outcomes?

Before brands and gadgets, the provider should explore the operational purpose of the system: who should go where and when, and what audit you need afterwards. That language comes straight from UK government guidance on Automatic Access Control Systems (AACS). Expect discussion of zones by risk, user categories (employees, contractors, visitors), throughput at busy doors and the “friction budget” that keeps people moving without diluting assurance. Proposals that jump straight to kit lists without this conversation often miss the mark once installed. 

What’s your approach to data protection—especially if we use biometrics?

Access control data is personal data, and biometric templates used to identify people are usually special category under UK GDPR. Ask how the provider will support a lawful basis, a special-category condition, DPIA completion, template security, retention, signage and user information. If you’re considering facial or fingerprint readers, request vendor documentation and admin controls that make policy enforceable in practice. The ICO’s recent guidance and enforcement activity set clear expectations; your provider should know them and bake governance into delivery, not treat it as a footnote.

How will the system operate if the server, cloud link or WAN is down?

At the door, decisions must be deterministic. Ask whether controllers cache permissions and continue to enforce policy during outages, and how events reconcile later. If the platform is cloud-managed, probe the vendor’s stance against the NCSC’s Cloud Security Principles (identity and authentication, secure administration, audit for customers). If on-premises, ask about resilience (failover VMs, backups, patching windows) and remote-admin security. Either way, you need confidence that daily operation doesn’t hinge on a single fragile link. 

What integrations will you deliver—and how will you prove them?

Integrations multiply value but only if they’re engineered and tested. If you want door events to pull up corresponding CCTV or to arm/disarm intruder zones with first-in/last-out logic, ask the installer to describe the I/O design, event mapping and the witness tests they’ll run with you. We encourage clients to script these user journeys ahead of time; it shortens commissioning and reduces support noise later. For a sense of the patterns available, see our guide to CCTV–Access Control–Alarm Integration.

How will you handle visitor, delivery and reception flows?

Security outcomes often fail at the front desk. Ask how video intercoms/entry phones will be integrated so reception can verify visitors and log releases, and how visitor credentials will be issued with least-privilege access and clear expiry. For external gates and car parks, confirm how the system will control barriers and long-range/vehicle credentials, ideally keeping a single source of truth for staff permissions across doors and parking. See our pages on Entry Phone Installation and Security Barrier Installation for typical design choices.

0333 900 0101 sales@network-data-cabling.co.uk Contact us

What’s your network and power strategy?

Modern platforms are IP-based and depend on reliable low-voltage power. Ask where PoE is appropriate, how standby power will be supervised, and how networks will be segmented to protect controllers and gateways. A considered answer will mention structured cabling, labelled terminations, change of default credentials, and firewall rules if remote administration or cloud is used. If wireless locks are proposed, ask how battery health and firmware updates will be monitored and managed.

For estates modernising CCTV at the same time, it’s often efficient to consolidate on a consistent IP security infrastructure (switching, VLANs, PoE budgets) that serves both systems. (See: IP Security System Installation.)

How do you commission—and what do we get at handover?

Commissioning is where projects succeed or fail. Ask for a description of factory acceptance tests (if used), on-site testing, fire-interface tests, fail-safe/fail-secure behaviour under power loss, and how access policies are validated by role. At handover, you should receive O&M manuals, as-built drawings, configuration exports, admin training and a defects list closed out. Reputable installers align these deliverables to a code of practice such as NSI NCP 109, which standardises expectations. 

What’s the plan for accessibility and inclusive access?

Access control must work for everyone who has a legitimate reason to be there. Ask how reader placement, door hardware, and automatic operators will support users with mobility or dexterity needs, and how contactless or hands-free journeys will be provided where appropriate. This is about compliance and dignity—and it’s much cheaper to design in than to retrofit. (For touchless options and upgrade paths, see our overview of Hands-Free Access Control.) The BSIA’s specifier guidance is a useful independent reference here. 

What evidence of competence and assurance can you show?

Beyond testimonials, ask for industry certifications and accreditations (for example, NSI approvals), manufacturer training status, and experience on similar estates. For cloud-managed platforms, ask the vendor about ISO/IEC 27001 or comparable information-security assurance, and how customers can verify controls (audit logs, change histories, vulnerability management). Using recognised NCSC cloud principles as a checklist for due diligence makes this conversation concrete rather than hand-wavy. 

How will you support us after go-live?

Good systems are cheaper to live with when maintenance is planned. Ask for a preventive maintenance schedule (reader cleaning, door alignment, PSU/battery health, firmware updates) and clear SLA terms that reflect your operating hours and risks. If wireless components are in scope, ensure batteries are a tracked line item. Also ask how user governance will be supported—access reviews, leaver processes, and reporting—so the system stays tidy and defensible under audit.

What are the limits—and how do we scale?

Finally, probe the edges: maximum doors per controller, reader types supported, options for mobile credentials, rules engines for complex schedules, and API availability for future integration (visitor systems, HR identity feeds). Sensible answers will acknowledge limits and propose migration paths. Remember, the system you buy should grow with you and not strand you on a dead-end hardware island.

Why this questioning works

This isn’t about catching a provider out; it’s about ensuring alignment to UK best practice and your real-world operations. Framing your procurement around outcomes (the NPSA AACS model), life-safety behaviour (BS 7273-4), recognised system standards (BS EN 60839-11-1) and a delivery code (NSI NCP 109) keeps the conversation disciplined and the paperwork defensible. If your provider can speak fluently to those pillars—and show you how they’ll integrate intercoms, CCTV and vehicle control while meeting GDPR—they’re likely to deliver a system you can trust for years. 

0333 900 0101 sales@network-data-cabling.co.uk Contact us

Get in touch today

Have a no-obligation chat with one of our data cabling experts, who can recommend a solution to suit your requirements and budget.

0333 900 0101 sales@network-data-cabling.co.uk Contact us