What is Access Control?

Access control is focussed on controlling who has access, e.g. to an office or facility. This is typically achieved by restricting access by certain types of groups or access levels. With access control visitors, employees, executives, freelancers or employees can easily and securely access.

There are different fields of access control such as network access control, logical access control and physical access control. Unlike open access, access control provides control and security to address security and convenience to keep your business running securely.

access control introduction

The access control methodology

The best way to allow people controlled and secure access to what they need.

what is access control

Along the top are five phases of electronic access control (Authorize, Authenticate, Access, Manage and Audit) that turn in the case of physical access control the many strangers coming and going into authorized users and - eventually into auditable members. The concept becomes even more powerful when paired with digital file or workstation access control.

Along the bottom is a full stack of access control hard- and software for managing employees, visitors, executives but also for audit and controlling. Through integrations with a cloud based physical access system at the core they get even better when used together, helping you to grow your security strategy and practice.

The proven methodology to secure your growing business

In the world of on-demand availability, access is extremely important - often assumed. Certainly it's easy to say "I'd like to restrict and control access and that's why I'm looking at access control."

In the end the question is: How should we set up access control to least interfere with user behavior but provide the secure controls our business needs?

With the access control concept and Kisi's on-demand access, you have an unfair advantage for getting everyone through the door while keeping control and being able to scale a proven model.

The 5 Phases of the Access Control Methodology


You don't want just anyone coming to your facility. You want people who you know have permission to be here.

How to authorize them efficiently so they can get in while the others stay out? You share or provision access with them from your system so they are expected and subject to your security rules.

Role based access control (RBAC)

By assigning roles to users, they get a certain set of access privileges assigned. That helps because you don't have to individually update each user when something changes.

Access Control Policies

Your space - your rules. Policies define what people are allowed to do - and what not.
Which members of your organization can share access with whom? Which groups have access to which doors? Policies regulate exactly that.

Access control list

The access control list is in modern organizations mostly organized as directory - some sort of list that lists all authorized users and their access level.


Once you’ve authorized employees or visitors, the next step for them is to authenticate when they want to access. To do so they have gotten some sort of credential, or token during the authorization process. They present this credential to e.g. a door reader that check if it is valid.

Credential / Token

The door has pre-existing electrified locks or they are installed by certified Kisi installer

Single Sign On (SSO)

The door has pre-existing electrified locks or they are installed by certified Kisi installer

Two-Factor-Authentication (2FA)

The door has pre-existing electrified locks or they are installed by certified Kisi installer


You’re on the right track. You’ve authorized the right visitors or employees, they authenticate with their credentials but now you need to get them actual access. How can you most effectively do this? The access control tools available at this stage make sure you’re getting everyone in the right door at the right time, faster and easier.


After the user is correctly authenticated, he actually can unlock whatever he wants to access. This happens by clicking a button, presenting a card, fob or badge which requests access.°


Once the request to access has been received by the access control system, the access is triggered, e.g in form of a door unlock.


If the door unlocks, multiple events are tracked at once: The user triggered an unlock, the user was correctly authenticated, the door opened and the door closed.


Managing an access control system can be quite a challenge - Adding new access points while on-and offboard users, keeping the system secure and help troubleshoot problems are some of the challenges that require an excellent access control setup.


You are opening a new office next month and need to add physical access control quickly. Cloud-based physical access systems can help with flexible and modular extensions of the existing setup.


Keeping an eye on all access points and getting alerted when things are going sideways is for many access managers a priority. Online systems allow to get updates in real time, not when users already complain or have trouble.


Should access points or users have issue, modern access control systems are remotely configurable or allow for support from the vendor. Compared to locally hosted systems this is a big advantage.


Auditing access control can have multiple purposes: You can audit your system settings and permissions or authorizations. You can review suspicious or flagged events. Some companies also do audits in terms of access control compliance reportings in regular time-frames.

System Review

To make sure everything on your access control system is set up properly, companies do regular system reviews or maintenance. Avoid users being in the system that have left the company and review access control policies.

Suspicious Events

Since during the access event many datapoints have been tracked, they can be analyzed against the access policies or historic data to flag or highlight unusual or suspicious access behavior. This simplifies the job of of the security manager.

Compliance Reports

If your company processes sensitive data like payment or health data you will have to comply with audit requirements in the access control space. Some special certifications like cyber security or ISO certifications also require managed and auditable access control.

Looking for Access Control?

Get in touch or request a demo.