The door is the work made visible. Every other layer of the system serves the door: the cable plant carries the signal, the controller makes the decision, the head-end logs the event, but the door is where the credential meets the lock and the user decides whether the install is good or bad. Get the door layer right (the right reader, the right lock for the door type, the right wiring topology, the right egress hardware, the right fire alarm interface) and every other layer holds up. Get it wrong and every defect ends up at the door because that is where the user encounters it.
Reader selection
When the rule applies
Every reader on every door. The reader is the user interface to the access control system; the wrong reader is the most visible defect on the install.
The spec
// READER SELECTION CRITERIA Credential technology: 13.56 MHz secure smart card (HID iCLASS Seos, MIFARE DESFire EV3, or equivalent) for new institutional work. 125 kHz Prox and legacy 13.56 MHz iCLASS Standard / SE acceptable on retrofits where the existing credential population justifies them. Communication protocol: OSDP v2.2 with Secure Channel for new work. Wiegand on retrofits only, with a defined migration to OSDP at the next refresh. Mobile credential support: BLE / NFC where the institution’s credential plan includes mobile (HID Origo, Apple Wallet, or institutional equivalent) Reader form factor:: Wall-mount mullion reader (slim, for narrow door frames) Wall-mount single-gang reader (general institutional default) Keypad-and-card reader for high-security applications requiring two-factor (card plus PIN) Randomized PIN keypad (Hirsch ScramblePad) for very high-security applications: federal, courts, evidence rooms, server rooms, critical infrastructure Reader environmental rating: IP65 minimum for outdoor; IP54 for semi-exterior; standard indoor for interior dry locations Reader operating temperature range: -35°C to +66°C for Canadian outdoor; -10°C to +50°C for indoor Reader vandal rating: IK10 for public-access entries, transit, education common areas
OSDP versus Wiegand
Wiegand is the legacy reader-to-controller protocol that dominated the industry from the 1980s through the 2010s. It is unencrypted, unauthenticated, susceptible to cloning attacks at the wire (a $20 device taped to the reader cable can capture the credential and replay it later), and limited to 50 feet of cable run without signal amplification. OSDP (Open Supervised Device Protocol) v2.2 with Secure Channel is the modern replacement: encrypted, authenticated, supervised, RS-485-based with 4000 ft of cable run.
Specifying Wiegand on a new institutional build is creating a defect at install. Use OSDP v2.2 with Secure Channel on every reader on new work; if the institution has a Wiegand fleet on retrofit, document the migration plan.
Field note
HID Signo reader family for new institutional work: Signo 20, Signo 40, Signo 40K (keypad-and-card), supporting OSDP v2.2 with Secure Channel and HID iCLASS Seos credentials. HID Origo Mobile for mobile credentials where the institution’s plan includes them. For high-security PIN entry: Hirsch ScramblePad (randomized keypad, the only product where the digit layout shuffles between presses, defeating shoulder-surfing and PIN capture).
Lock hardware selection
When the rule applies
Every door under access control. The lock has to match the door type, the door material, the fire rating, and the egress requirements for the occupancy.
The four common lock types
Electric strike Replaces the door frame’s strike plate with an electrically-controlled latch keeper. The latch on the door remains mechanical and engages the strike. On energise (typically 24 VDC) the strike releases the latch. Fail-secure (default locked) or fail-safe (default unlocked) by model selection. Used on most institutional doors with mechanical latches. Magnetic lock (maglock) Electromagnet on the door frame, steel plate on the door. Continuous holding force (typical 600 to 1200 lb). Always fail-safe by physics (no power, no holding force). Used where mechanical latches are impractical, on glass doors, on aluminum-frame doors. Code-restricted in some occupancies; not used on egress-rated doors without code review. Electric mortise lock Mortise lock with electric latch retraction. The lock itself is in the door; the access control energizes the latch retraction solenoid. Provides full mortise hardware (handle, deadbolt) with electronic control. Used on high-traffic doors where mechanical handle operation is required. Electrified panic exit device Exit device (push bar) with integrated electric latch retraction. The exit device provides code-compliant egress; the electric component controls the entry side. Used on egress doors in assembly occupancies and on stairwell doors. The spec
// LOCK SELECTION CRITERIA Egress: always permit egress from the secure side, without special knowledge, without special tools, without more than one operation Fire-rated door: lock must be fire-rated for the same hour rating as the door (UL10C / CAN/ULC-S104) Stair door: lock must allow re-entry from the stair side per the building code (typically every fourth floor minimum, plus discharge level) Voltage: 12 VDC or 24 VDC per the institutional standard; 24 VDC preferred for long runs (chapter 03) Fail mode: fail-safe (default unlocked on power loss) for emergency egress paths; fail-secure (default locked) for security-critical doors. Verify against the project specification and the AHJ. Monitoring: door position switch (DPS), latch monitor, and lock status monitor inputs back to the controller Cycle life: minimum 1,000,000 cycles for high-traffic doors Manufacturer warranty: minimum 3 years on lock hardware; some manufacturers offer 5- and 10-year warranties on heavy-duty product lines
Field note
Allegion / Schlage L-series mortise locks and ND-series cylindrical locks for general institutional work. Allegion / Von Duprin 99 series electrified panic exit devices for egress doors. Allegion / Securitron M380 and M680 maglocks where maglocks are appropriate (1200 lb and 600 lb holding force). Allegion / LCN 4640 series low-energy ADA door operators for accessibility-required doors. Electric strikes from the Allegion / HES product line, sized to the door’s existing strike pocket.
The Allegion ecosystem is the institutional default because the parts integrate cleanly: lock, strike, exit device, operator, power supply all from one manufacturer with one warranty programme and one field service contact.
Door power supplies
When the rule applies
Every access-controlled door needs DC power for the lock and the reader. The supply is sized for the worst-case load, fused per output, and UL294 / ULC-S319 listed for access control use.
The spec
UL294 / ULC-S319 listed access control power supply Multi-output: each door on a separately-fused output to isolate failures Voltage output: 12 VDC and 24 VDC as required by the connected hardware; some supplies provide both Current capacity: sized for the worst-case load plus inrush plus 25 percent margin (chapter 03) Battery backup: 4 hours minimum for life-safety-related access (egress controllers, sallyport interlocks, detention); 24 hours for intrusion-shared circuits per ULC-S304 Battery type: sealed lead-acid (SLA) standard; lithium-iron-phosphate where the institutional spec calls for extended life Battery monitor: per-supply battery voltage and current monitoring with alarm output to the head-end Fire alarm interface: dedicated dry-contact input that, on activation, drops power to all fail-safe locks and holds-open the maglocks per the institutional fire release strategy Tamper switch: cabinet-tamper input back to the controller
Field note
Allegion / Securitron AQL4 and AQL8 series multi-output access control power supplies, UL294 / ULC-S319 listed. AQL4 for typical institutional installations with 4 to 8 doors per supply; AQL8 for larger installations with up to 16 doors per supply. Both support per-output fusing, battery monitoring, fire alarm interface, and tamper monitoring. Battery backup sized per the institutional retention requirement: standard SLA in the matching battery cabinet, with the monitoring output back to the head-end.
Door position switches and REX devices
When the rule applies
Every access-controlled door. The door position switch (DPS) reports door open/closed to the controller. The Request-to-Exit (REX) device unlocks the door from the secure side for egress, shunting the door-forced alarm during egress.
The spec
DPS: balanced magnetic or recessed magnetic switch on the strike side at the top of the door frame, 50 mm (2”) in from the frame edge DPS supervision: 4-wire end-of-line resistor pair for monitored alarm input (open, closed, short, cut) REX device options:: PIR sensor above the door on the secure side (most common for general institutional work) Mechanical pushbutton on the secure side at 1100 to 1200 mm (44 to 48”) AFF Mechanical handle switch integrated into the lock (electric mortise locks) Push bar switch integrated into the exit device (electrified exit devices) REX signal sent to the controller, which shunts the door-forced alarm and releases the lock for fail-secure doors REX does not unlock fail-safe maglocks except by separate release input (most maglocks need a separate Request-to-Exit button wired to drop the power; the REX input alone does not break the magnet circuit) REX adjustment: PIR-based REX adjusted at commissioning to cover the egress path without nuisance triggers from passing traffic
Field note
// MAGLOCK EGRESS IS A WIRING TOPOLOGY A maglock on a building code-compliant egress door has to release on three independent signals: the REX request (PIR or button), the fire alarm interface, and a hardwired egress device on the door (typically a push-to-exit button labelled “EXIT” at the door). All three signals have to drop the power to the maglock, not just signal the controller; the maglock’s failure mode is fail-safe by physics but the controller’s relay may be the failure point if not wired correctly. Verify the wiring topology at design and the test at commissioning.
Fire alarm release
When the rule applies
Every door under access control. The building code requires that every egress door release on fire alarm; the access control system’s interface to the fire alarm system is the integration point that makes this happen.
The spec
Dedicated dry-contact relay from the fire alarm system to the access control power supply or to a dedicated release interface On fire alarm activation, the relay opens (fail-safe configuration), dropping power to fail-safe locks and maglocks Release scope per the institutional release strategy:: Building-wide release: every door on the building releases (typical for office, retail, education) Zone release: doors on the affected fire zone release; doors on other zones remain controlled (typical for high-rise, healthcare, detention) Smoke compartment release: doors in the affected compartment release (typical for healthcare) Release interface tested at commissioning per CAN/ULC-S1001 integrated systems testing Release interface tested annually by the fire alarm contractor under CAN/ULC-S537 Fail-secure doors not released by fire alarm typically (controlled by the institutional release strategy; verify against the AHJ and the institutional life-safety design)
Field note
// VERIFY THE RELEASE STRATEGY AT DESIGN The institutional release strategy varies by occupancy type, by AHJ, and by the institution’s preference. Some institutions release every door on every alarm; others zone the release to the fire compartment; healthcare often does smoke-compartment release. Verify the strategy at design with the fire alarm consultant and the AHJ. Build the verification into the commissioning checklist (chapter 22) so every release is tested at acceptance.
Door wiring topology
When the rule applies
Every access-controlled door. The wiring topology is the cable plan from the door hardware to the controller; consistency across the install determines maintainability.
The spec
Reader cable: OSDP requires twisted-pair RS-485 cable, typically 4-conductor (TX+, TX-, +12 VDC, GND) or 6-conductor with shield and drain. Belden 9842 or equivalent. Maximum 4000 ft per RS-485 segment. Lock power cable: stranded copper, AWG sized per chapter 03 voltage drop tables. Belden 5300UE or equivalent for typical 18 AWG / 16 AWG runs. DPS cable: 2-conductor 22 AWG shielded, with end-of-line resistors at the device for supervised input REX cable: same as DPS (2-conductor 22 AWG shielded) for PIR or button Door junction box: single-gang or 4-square box at the door header, conduit-fed to the controller WAGO 221 lever-action connectors at the door junction box for every wire-to-wire connection (chapter 09) Service slack at the door junction box: 300 mm (12”) minimum coiled in the box for future service Cable identification at both ends per chapter 06
Pigtail-and-service-loop at the lock
// WHY THE PIGTAIL MATTERS The cable from the controller terminates at the door junction box with WAGO 221 lever-action connectors. From the junction box to the lock, the lock manufacturer’s pigtail (the short factory-supplied cable on the lock body) connects to the field cable. This serviceable pigtail-and-junction-box topology lets a future technician replace the lock without re-pulling cable; the replacement lock’s pigtail joins to the existing junction-box wires at the WAGO connector. Skip the junction box and the next lock replacement becomes a cable re-pull.
Mounting heights and ADA compliance
When the rule applies
Every reader, every operator button, every keypad, every accessible egress device. CSA B651 and the building code’s accessibility section define the height ranges; the project specification may tighten them further.
The spec
// DOOR DEVICE MOUNTING HEIGHTS Card reader, general: 1100 mm (44”) to centre, ADA-compliant; 1200 mm (48”) to centre where ADA does not apply Card reader paired with door operator: 1000 mm (40”) to centre, coordinated with the operator push plate height Door operator push plate: 900 to 1200 mm (35 to 48”) AFF, 100 mm (4”) minimum diameter actuator, ADA-compliant force activation Door operator push plate location: 150 to 600 mm (6 to 24”) from the door swing edge (so the user is clear of the swinging door) Egress button (push-to-exit on maglock): 1100 to 1200 mm (44 to 48”) AFF, labelled “EXIT” with high contrast Keypad: 1100 to 1300 mm (44 to 51”) AFF to top row of keys, with consistent height across the project Door position switch: at the top of the door frame, strike side, 50 mm (2”) in from the frame edge (not user-accessible) REX PIR: above the door frame on the secure side, centred over the clear opening
Field note
Accessibility requirements vary by jurisdiction and by occupancy type. Verify the project specification’s accessibility requirements against CSA B651 and the local building code at design. Some projects require Reach Range A (low forward reach 380-1220 mm; high forward reach 1220 mm) for all controls; others allow Reach Range B for non-public spaces. Get the height schedule signed off by the architect and the accessibility consultant at design, then the field work just follows the schedule.
Two-factor authentication: card-plus-PIN
When the rule applies
High-security doors where the institution’s policy requires two-factor authentication. Common applications: server rooms, evidence storage, pharmacy and controlled substances, financial transaction rooms, IT command centres.
The spec
// CARD-PLUS-PIN AUTHENTICATION Reader with integrated keypad supporting card presentation followed by PIN entry PIN length: 4 to 8 digits per institutional policy; 6 digits is the institutional default for balance between security and usability Lockout: 3 to 5 failed PIN attempts triggers a temporary lockout (typically 15 to 30 minutes) and an event to the head-end PIN entry timeout: 10 to 30 seconds between card and PIN; controller cancels the authentication if PIN entry exceeds the timeout Schedule: two-factor activated by time-of-day schedule (typically after hours and on weekends; single-factor card during business hours when the area is staffed) PIN reset: cardholder-self-service through the institutional credential portal, or administrator reset through the head-end For high-security applications, randomized PIN keypad (Hirsch ScramblePad) instead of fixed-layout keypad
Hirsch ScramblePad for very high security
The Hirsch ScramblePad is a randomized PIN keypad: the digit layout shuffles between presses so an observer cannot map the user’s finger movement to a specific PIN. The ScramblePad is the institutional choice for very high-security applications where shoulder-surfing and PIN-capture are documented threats: federal facilities, courts, evidence rooms, server rooms, critical infrastructure. The ScramblePad integrates with most access control platforms through OSDP or Wiegand and pairs with a smart card reader for two-factor authentication.
For other applications (general two-factor where shoulder-surfing is not the primary threat), a fixed-layout keypad is adequate and lower-cost. Pick the keypad type at design against the documented threat model.
// THE PRACTITIONER POSITION The door is the work made visible. Every reader on new institutional work is OSDP v2.2 with Secure Channel and 13.56 MHz secure smart card credentials; Wiegand on retrofits only. Allegion / Schlage locks, Allegion / Von Duprin exit devices, Allegion / Securitron maglocks and power supplies, Allegion / LCN ADA operators integrate cleanly because they come from one ecosystem. Mount every reader and operator at ADA-compliant height. Wire every door through a junction box with WAGO 221 lever-action connectors. Fire alarm release strategy verified at design and tested at commissioning. Two-factor authentication where the institution’s policy requires it; Hirsch ScramblePad for very high-security PIN entry. Every door specified, installed, and commissioned this way passes the user-experience test that everyone applies after the install is done.