SIST EN 60839-11-2:2015

SLOVENSKI STANDARD
01-junij-2015
Alarmni sistemi - 11-2. del: Elektronski sistemi nadzora dostopa - Smernice za
uporabo (IEC 60839-11-2:2014)
Alarm and electronic security systems - Part 11-2: Electronic access control systems -
Application guidelines
Alarmanlagen - Teil 11-2: Elektronische Zutrittskontrollanlagen - Anwendungsregeln
Systèmes d'alarme et de sécurité électroniques - Partie 11-2: Systèmes de contrôle
d'accès électronique - Lignes directrices d'application
Ta slovenski standard je istoveten z: EN 60839-11-2:2015
ICS:
13.320 Alarmni in opozorilni sistemi Alarm and warning systems
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 60839-11-2

NORME EUROPÉENNE
EUROPÄISCHE NORM
April 2015
ICS 13.320
English Version
Alarm and electronic security systems - Part 11-2: Electronic
access control systems - Application guidelines
(IEC 60839-11-2:2014)
Systèmes d'alarme et de sécurité électroniques - Partie 11- Alarmanlagen - Teil 11-2: Elektronische
2: Systèmes de contrôle d'accès électronique - Lignes Zutrittskontrollanlagen - Anwendungsregeln
directrices d'application (IEC 60839-11-2:2014)
(IEC 60839-11-2:2014)
This European Standard was approved by CENELEC on 2015-04-07. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2015 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 60839-11-2:2015 E
Foreword
This document (EN 60839-11-2:2015) consists of the text of IEC 60839-11-2:2014 prepared by
IEC/TC 79 "Alarm and electronic security systems".

The following dates are fixed:

(dop) 2016-04-13
• latest date by which the document has to be
implemented
at national level by publication of an identical
national standard or by endorsement
• latest date by which the national standards conflicting (dow) 2018-04-13
with the document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.
Endorsement notice
The text of the International Standard IEC 60839-11-2:2014 was approved by CENELEC as a
European Standard without any modification.

In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC 60950-1 NOTE Harmonized as EN 60950-1.
IEC 61000-6-1 NOTE Harmonized as EN 61000-6-1.
IEC 61000-6-3 NOTE Harmonized as EN 61000-6-3

- 3 - EN 60839-11-2:2015
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year

IEC 60839-11-1 2013 Alarm and electronic security systems - EN 60839-11-1 2013
Part 11-1: Electronic access control
systems - System and components
requirements
- -  +AC 2013
- -  +AC 2015
IEC 60839-11-2 ®
Edition 1.0 2014-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Alarm and electronic security systems –

Part 11-2: Electronic access control systems – Application guidelines

Systèmes d'alarme et de sécurité électroniques –

Partie 11-2: Systèmes de contrôle d'accès électronique – Lignes directrices

d'application
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
CODE PRIX U
ICS 13.320 ISBN 978-2-8322-1774-0

– 2 – IEC 60839-11-2:2014 © IEC 2014
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Abbreviations . 8
5 System architecture . 8
6 Environmental and EMC considerations . 9
6.1 General . 9
6.2 Environmental Class I – Equipment situated in indoor but restricted to
residential/office environment . 9
6.3 Environmental Class II – Equipment situated indoor in general . 9
6.4 Environmental Class III – Equipment situated outdoor – Sheltered or indoor
extreme conditions . 10
6.5 Environmental Class IV – Equipment situated outdoor – General . 10
6.6 EMC . 10
7 System planning . 10
7.1 General . 10
7.2 Risk assessment and security grading . 11
7.3 System design . 12
7.3.1 System and components selection . 12
7.3.2 Operational considerations . 14
8 System installation . 16
8.1 General . 16
8.2 Installation planning . 17
8.2.1 Equipment . 17
8.2.2 Cabling . 19
9 Commissioning and system handover . 19
9.1 Commissioning . 19
9.2 System handover . 20
10 System operation and maintenance . 20
10.1 System operation . 20
10.2 System maintenance . 21
11 Documentation . 21
11.1 General . 21
11.2 Documentation for planning . 21
11.3 Documentation for commissioning/system handover . 22
11.4 Documentation for maintenance . 22
Annex A (normative) Allowed exceptions for installed systems . 23
A.1 General . 23
A.2 Claims of compliance . 23
A.3 Allowed exceptions . 23
Annex B (informative) Standby battery capacity calculations . 27
Bibliography . 29

IEC 60839-11-2:2014 © IEC 2014 – 3 –
Figure 1 – Typical arrangement of components and interfaces of an EACS . 9
Figure 2 – Risk assessment chart . 11
Figure 3 – Example of system grade selection . 13
Figure 4 – Equipment location versus security grade of protected area . 17

Table 1 – Security grading . 12
Table 2 – Power supply requirements for installed EACS . 18
Table A.1 – Allowed exceptions for access point interface requirements . 24
Table A.2 – Allowed exceptions for indication and annunciation requirements . 24
Table A.3 – Allowed exceptions for recognition requirements . 25
Table A.4 – Duress signalling requirements . 25
Table A.5 – Overriding requirements . 25
Table A.6 – Communication requirements . 25
Table A.7 – Allowed exceptions for system self-protection requirements . 25
Table A.8 – Allowed exceptions for power supply requirements . 26

– 4 – IEC 60839-11-2:2014 © IEC 2014
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
ALARM AND ELECTRONIC SECURITY SYSTEMS –

Part 11-2: Electronic access control systems –
Application guidelines
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60839-11-2 has been prepared by IEC technical committee 79:
Alarm and electronic security systems.
The text of this standard is based on the following documents:
FDIS Report on voting
79/476/FDIS 79/489/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

IEC 60839-11-2:2014 © IEC 2014 – 5 –
A list of all parts in the IEC 60839 series, published under the general title Alarm and
electronic security systems, can be found on the IEC website.
Future standards in this series will carry the new general title as cited above. Titles of existing
standards in this series will be updated at the time of the next edition.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC 60839-11-2:2014 © IEC 2014
INTRODUCTION
This standard is part of the IEC 60839 series, written to include the following parts:
Part 11-1: Electronic access control systems – System and components requirements
Part 11-2: Electronic access control systems – Application guidelines
This part of IEC 60839 describes the general requirements for planning, installation, operation,
maintenance and documentation for the application of electronic access control systems
(EACS).
The performance of the EACS is determined by the security grades allocated to the access
points. A risk assessment that identifies the risks and perceived threats should first be carried
out in order to establish the appropriate security grades.
Four security grades are available based upon the knowledge and tools available to a person
intent upon gaining unauthorised access and the type of application, taking into account
specific organizational aspects and the value of the assets.
Separate guidance is provided for each activity along with recommendations for the
documentation needed. A brief description of each section covering the activities is provided
below:
System planning: this section is intended to assist the designer with the selection of an
electronic access control system (EACS) that provides the control of access and security
integrity commensurate with the value of the assets requiring protection and the associated
risks. See Clause 7.
System design should minimise potential vulnerabilities that could be exploited to circumvent
the access control measures. It is recommended that safeguards are incorporated to give
early warning of attempts to circumvent the access control measures. See 7.3.
System installation: this section is intended to help those responsible for installing the EACS
by identifying issues which should be considered prior to commencing the installation and
during the installation of the system in order to ensure the EACS is correctly implemented as
specified during system planning. See Clause 8.
Commissioning and system handover: this section provides guidance to ensure the level of
performance required in the system planning is obtained and that the end user is provided
with the necessary documentation, records and operating instructions during the handover of
the EACS. See Clause 9.
System operation and maintenance: includes information regarding the responsibilities of the
end user of the EACS to ensure the system is operated correctly and adequately maintained.
It covers inspection, service and the use of remote diagnostics in order that the level of
performance determined during the system planning stages can be maintained. See Clause
10.
IEC 60839-11-2:2014 © IEC 2014 – 7 –
ALARM AND ELECTRONIC SECURITY SYSTEMS –

Part 11-2: Electronic access control systems –
Application guidelines
1 Scope
This part of IEC 60839 defines the minimum requirements and guidance for the installation
and operation of electronic access control systems (EACS) and/or accessory equipment to
meet different levels of protection.
This standard includes requirements for planning, installation, commissioning, maintenance
and documentation for the application of EACS installed in and around buildings and areas.
The equipment functions are defined in the IEC 60839-11-1.
When the EACS includes functions relating to hold-up or the detection of intruders, the
requirements in standards relating to intrusion and hold-up are also applicable.
This standard provides application guidelines intended to assist those responsible for
establishing an EACS to ascertain the appropriate design and planning of the EACS, both in
terms of levels of protection and levels of performance necessary to provide the degree of
access control and protection considered appropriate for each installation. This is achieved by
scaling or classifying the features of electronic access control systems related to the security
functionality (e.g. recognition, access point actuation, access point monitoring, duress
signaling and system self-protection) in line with the known or perceived threat conditions.
This standard does not cover the methods and procedures for conducting a risk assessment.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC 60839-11-1:2013, Alarm and electronic security systems – Part 11-1: Electronic access
control systems – System and components requirements
3 Terms and definitions
For the purposes of this document the terms and definitions given in IEC 60839-11-1, as well
as the following, apply.
3.1
area zone
part of a protected area which has its own set of access levels
Note 1 to entry: It may have a different security grade than other area zones within the same protected area.
3.2
competent organization
organization possessing sufficient resources and staff with adequate expertise and training in
the maintenance of EACS
– 8 – IEC 60839-11-2:2014 © IEC 2014
3.3
fail-safe
fail-open
locking device designed to automatically release upon power failure
3.4
fail-secure
fail-locked
locking device designed to remain secure upon power failure
3.5
protected area
controlled area
area defined by a physical boundary, through which passage is controlled by means of one or
more access points/portals
Note 1 to entry: It may contain several separate area zones with the same or different security grades. Refer to
the area zone definition in 3.1.
3.6
system owner
person or group of people that make the decision about what is appropriate for the respective
premises to be used in order to get the desired access control/protection/price/etc.
4 Abbreviations
For the purposes of this document, the abbreviations given in IEC 60839-11-1, as well as the
following apply.
ACU Access control unit
EACS Electronic access control system
EMC Electromagnetic compatibility
REX Request to exit
5 System architecture
An access control system comprises all the constructional and organizational facilities
together with equipment required for controlling access. Refer to Figure 1 for an example of a
typical arrangement of components and interfaces of an EACS.
The physical protection and mechanical strength of actuators, sensors, etc., should be
commensurate for the security grade of each access point. Consideration should be given to
the physical strength of the surrounding building (e.g. walls, door construction, etc).

IEC 60839-11-2:2014 © IEC 2014 – 9 –
Other EACS Other systems
User interface
User
(e.g. readers)
Access point(s)
- actuators Access control system
- sensors
ACU
REX
System
Power supply
management
Mains
IEC
IEC 60839-11-1:2013, Table 8, states that: “The access control unit shall be provided with standby power source
capable of operating the unit and its accessories under specified full load condition for the period of time” required
according to the security grade of the EACS. It is recommended that monitored standby power sources be provided
to all actuators and monitoring console(s).
Figure 1 – Typical arrangement of components and interfaces of an EACS
6 Environmental and EMC considerations
6.1 General
Each component of an EACS is expected to operate correctly in its service environment and
that it will continue to do so for a reasonable time. Components shall be suitable for one of
the following environmental classes.
6.2 Environmental Class I – Equipment situated in indoor but restricted to
residential/office environment
Environmental Class I comprises environmental influences normally experienced indoors
when the temperature is well maintained (e.g. in a residential or commercial property).
NOTE Temperatures can be expected to vary between +5 °C and +40 °C.
6.3 Environmental Class II – Equipment situated indoor in general
Environmental Class II comprises environmental influences normally experienced indoors
when the temperature is not well maintained (e.g. in corridors, halls or staircases and where
condensation can occur on windows and in unheated storage areas or warehouses where
heating is intermittent).
NOTE Temperatures can be expected to vary between –10 °C and +55 °C.

– 10 – IEC 60839-11-2:2014 © IEC 2014
6.4 Environmental Class III – Equipment situated outdoor – Sheltered or indoor
extreme conditions
Environmental Class III comprises environmental influences normally experienced out of
doors when the EACS components are not fully exposed to the weather or indoors where
environmental conditions are extreme.
NOTE Temperatures can be expected to vary between –25 °C and +55 °C.
6.5 Environmental Class IV – Equipment situated outdoor – General
Environmental Class IV comprises environmental influences normally experienced out of
doors when the EACS components are fully exposed to the weather.
NOTE Temperatures can be expected to vary between –25 °C and +70 °C depending on the region. The
temperature range can be extended to plus and/or minus for different geographical or climatic zones.
6.6 EMC
It is recommended that installation good practice be followed to reduce the unwanted effects
of electrical interference, e.g. interconnection wiring should not be run in the same conduit or
trunking as cables carrying mains supplies, or network and data cables carrying high
frequency signals unless they are physically separated and/or suitably screened so as to
prevent cross interference.
Additional filtering and/or screening of interconnecting cables might be necessary for
applications known to have high levels of conducted or radiated electrical interference, e.g. an
industrial plant operating high power electrical equipment.
The manufacturers’ guidelines for electromagnetic compatibility should be followed.
7 System planning
7.1 General
The objectives of the system planning stage are to determine the extent of EACS, to select
components of the appropriate functionality/performance criteria, security grade and
environmental classification and to prepare a system design proposal.
An access control system comprises all the logical functionality, constructional and
organizational facilities together with the physical equipment required for controlling access.
Particular care should be taken to minimize inconvenience to authorized users.
The implementation of an access control system should be in accordance with the following
sequence:
a) risk assessment and security grading;
b) system and components selection;
c) operational considerations;
d) system installation;
e) system handover;
f) system operation and maintenance.
System installation shall be conducted in accordance with national and local regulations.

IEC 60839-11-2:2014 © IEC 2014 – 11 –
7.2 Risk assessment and security grading
It is essential that a risk assessment is performed before the implementation of the access
control system. The risk assessment chart of Figure 2 identifies the key considerations.
Asset Threat Risk What to do
• Requirement
Chance of vulnerability
What to protect Against what
• Efficiency
exploitation
• Cost effectiveness
Compare
• Confidentiality • Make vulnerability
• Who
exploitation improbable
• Integrity
• Safeguards
• Detect it
• Availability • What
• Threat
• Limit impact
• Value
• When
• Injury
• People • Response
Define security grading for each access point
IEC
Figure 2 – Risk assessment chart
The security grade levels are defined in terms of the value of the assets requiring protection
and the determination (knowledge/skills) and methods of attack of persons intending to
bypass the system (adversaries). Refer to Table 1 for examples of typical applications for
each grade.
– Grade 1: Low risk. The adversary is expected to have little knowledge of the access
control system and be restricted to a limited range of easily available tools. Physical
security is provided to deter and delay adversaries. Assets have limited value and
adversaries will probably give up the idea of attacking when confronted with minimum
resistance.
– Grade 2: Low to medium risk. The adversary is expected to have limited knowledge of the
access control system and the use of a general range of tools and portable instruments.
Physical security is provided to deter, delay and detect adversaries. The assets have
higher value and adversaries are likely to give up the idea of succeeding when they realize
they may be detected.
– Grade 3: Medium to high risk. The adversary is expected to be conversant with the access
control system and have a comprehensive range of tools and portable electronic
equipment. Physical security is provided to deter, delay, detect and means are provided to
help identify adversaries. The assets have high value and adversaries may give up the
idea of succeeding when they realize they may be identified and caught.
– Grade 4: High risk. The adversary is expected to have the ability or resources to plan the
attack in detail and have a full range of equipment including means of substitution of
components in the access control systems. Physical security is provided to deter, delay,
detect and means are provided to help identify adversaries. The assets have very high
value and adversaries may give up the idea of succeeding when they realize they will be
identified and caught.
– 12 – IEC 60839-11-2:2014 © IEC 2014
Table 1 – Security grading
Grade 1 2 3 4
Risk level Low Low to medium Medium to high High
Application Organizational Organizational Fewer organizational Mainly protection of
aspects, protection of aspects, protection of aspects, protection of very high value
low value assets low to medium value medium to high value commercial or critical
assets commercial assets infrastructure
Skill/ knowledge of Low skill, low Medium skill and High skill and Very high skill and
adversaries/attackers knowledge of EACS, knowledge of EACS, knowledge of EACS, knowledge of EACS,
no knowledge of low knowledge of medium knowledge of high knowledge of
token and IT token and IT token and IT token and IT
technologies. technologies. technologies. technologies.
Low financial means Low to medium
Medium financial High financial means
for attacks financial means for
means for attacks for attacks
attacks
Typical examples Hotel Commercial offices, Industrial, Highly sensitive
small businesses administration, areas (military
financial facilities, government,
R&D, critical
production areas)
7.3 System design
7.3.1 System and components selection
The security grading shall be defined for each access point taking in consideration the needs
for control of entry and exit.
Different security grades can be used for access points in the same system. It shall be
ensured that the common system components, protecting access points with different security
grading, meet the requirements of the highest security grade access point that they are
operating in conjunction with (see Figure 3).

IEC 60839-11-2:2014 © IEC 2014 – 13 –
Grade 4
monitoring console
(central)
Grade 2
Grade 4
monitoring console
monitoring console
(local)
(local)
Grade 2 Grade 2 Grade 3 Grade 3
access point ACU ACU access point
Grade 4 Grade 4
Grade 2 Grade 2
ACU access point
access point ACU
Grade 4
ACS components
Grade 1
Grade 1
access point
access point
Site 1
Site 2
IEC
Figure 3 – Example of system grade selection
Where it is not practical to have different grades of access points managed by a single access
control system it is permitted to have more than one separate access control system. An
access point shall not be controlled by more than one separate access control system.
The mandatory functions of the equipment associated with each security grade are defined in
the IEC 60839-11-1.
Not all mandatory functions defined in the IEC 60839-11-1 need to be implemented in an
installed EACS. A list of allowed exceptions is provided in Annex A. Exceptions shall be
agreed between the installer and the system owner and be recorded in the as-built
documentation.
The installer shall point out to the system owner that exceptions from the requirements,
especially for access points, recognition and communication, may affect the functions and the
security of the whole EACS.
– 14 – IEC 60839-11-2:2014 © IEC 2014
7.3.2 Operational considerations
7.3.2.1 General
The operational considerations in this subclause are guidelines for points of discussion with
the customer in order to understand and address the needs of the final installation.
These guidelines have also to be reviewed in conjunction with the mandatory functions for
each security grade of the EACS as specified in the IEC 60839-11-1.
The guidelines are not exhaustive and are not listed in any order of priority.
7.3.2.2 Guidelines
The following items should be considered:
a) manufacturer’s recommendations;
b) the threat(s);
c) specific assets requiring protection;
d) activities undertaken at the site/building;
e) access control measure philosophy;
f) security grade for each access point;
g) user flow (number of persons in a period of time);
h) operation of the access control system while under fault conditions (e.g. the need for a
second source of power, equipment cable infrastructure, loss of communication, etc.);
i) access control for users with disabilities;
j) safety requirements (e.g. emergency exits, fire protection, etc.);
k) environmental and EMC conditions of the site;
l) redundancy, disaster recovery plans for monitoring console;
m) location of the equipment (control unit, user interface, monitoring console);
n) co-operation of users (motivation, training, etc.);
o) training of operators;
p) the cable routes, the type of cable, the maximum cable length;
q) the communication links (availability, reliability, security, performance);
r) tamper detection;
s) alarm/alert reporting method;
t) throughput of personnel (staff and visitors);
u) management of visitors;
v) response force (e.g. police) arrangements;
w) vehicle access;
x) access levels (authorization) for each area zone.
7.3.2.3 Regulatory requirements
Attention should be paid to any applicable international, national and local regulatory
requirements including:
a) measures for persons with disabilities;
b) data protection and privacy legislation;
c) industry specific regulations;

IEC 60839-11-2:2014 © IEC 2014 – 15 –
d) health and safety, safe exit in emergency conditions.
7.3.2.4 Recognition
When selecting the recognition equipment and methods the following should be considered:
a) the suitability of the recognition equipment for the specific application including
convenience of use, anticipated user flow, the operating environment and expected life
time of the equipment, etc;
b) the methods of recognition, for example the use of pin only, token/card only, biometrics or
a combination of methods (i.e. multi-factor).
7.3.2.5 System management
To maintain the continued and reliable operation of the EACS adequate system management
is required and the following items should be considered when applicable:
a) operation of and responsibility for the system (programming, credentials management,
access rights administration, configuration, alarm management day and night);
b) skills and training of system operators;
c) reporting;
d) archiving and back-up policy;
e) the number of users and access levels taking into account both present and predicted
future needs;
f) ease of operation (user, management, serviceability, etc.);
g) requirements for annunciation (e.g. display, logging, alert, etc.);
h) the capacity of the logging device;
i) co-ordination of annunciation functions (location, procedures, presentation, etc.);
j) override.
7.3.2.6 Access point(s)
For proper installation and operation of the access points the following items should be
considered:
a) requirements for indication;
b) operation during fault conditions;
c) other relevant factors (e.g. risk of vandalism, etc.);
d) physical strength;
e) surrounding building structure;
f) selection of appropriate access point actuators, i.e. locks, door strikes (security level,
appearance, operating environment, operating response times, requirements to fit on
existing structure);
g) safety requirements (e.g. emergency exits, fire protection, etc.);
h) access point monitoring;
i) detection/prevention of two or more persons attempting simultaneous entry (i.e.
singularisation);
j) method of returning the access point to the closed condition (e.g. automatic door closing
equipment);
k) operating configuration in the event of power failure (fail-safe, fail-secure.);
l) measures for persons with disabilities;
m) specific measures for handling deliveries;
n) the security classification for access points leading to the same security controlled area;

– 16 – IEC 60839-11-2:2014 © IEC 2014
o) additional recognition/detection measures (weight, metal detection, image comparison,
visual inspection, etc.);
p) anti-passback (logical, timed, area controlled);
q) override;
r) duress alarm;
s) two users access condition;
t) presence check.
7.3.2.7 Interface with other systems
When it is necessary to interface the EACS with other systems such as intrusion alarm
systems, video surveillance systems, administration systems, intercom, elevator control, etc.
consideration should be given to the following:
a) the type of communication links, the desired availability, reliability and security of
transmitted data associated with those links;
b) the network infrastructure requirements;
c) specific operating commands for example, call for elevator, selection of floor and
destination;
d) reporting commands associated with elevator control.
8 System installation
8.1 General
Prior to commencing work, all relevant safety requirements should be considered.
Electrical installation methods shall comply with current national and site local regulations.
The components of the EACS should be installed in locations that ensure adequate security of
operation and permit easy access for maintenance and service.
All system components should be suitable for the environmental conditions in which they are
to operate.
Care should be taken during the selection of components to ensure all system components
are compatible. Where uncertainty arises the appropriate consultation should take place, e.g.
with the component manufacturer, supplier, a test house or another relevant third party.
The results of the risk assessment shall determine the security grades of the area zones
within the protected area. The access points to those area zones shall be of an equivalent
grade or higher. For each area zone separate access levels may be defined.
With the exception of the user interface, equipment critical to the security integrity of the
access control system shall not be located within an area zone designated as having a lower
security grade than the highest grade of the protected area it is controlling. Refer to Figure 4.

IEC 60839-11-2:2014 © IEC 2014 – 17 –
Grade 2 Grade 2
access point access point
Grade 3
ACU
Area zone Area zone
grade 3 grade 3
Grade 3 Grade 3
access point access point
Grade 3
ACU
Area zone
Area zone
Grade 2 Grade 2
grade 2
grade 2
access point access point
Protected area
IEC
Figure 4 – Equipment location versus security grade of protected area
The installer shall make the system owner aware of any specific functionality that shall be
implemented in order to meet the necessary organizational and constructional measures that
are required for the proper operation of the EACS. For example the detection/prevention of
two or more persons attempting simultaneous entry (singularisation) is recommended for the
implementation of anti-tailgating measures.
Consideration should be given to routing cables only within the protected area (see 8.2.2).
8.2 Installation planning
8.2.1 Equipment
The equipment used in installations covered by this standard shall be compliant with the
requirements covered by IEC 60839-11-1 for the applicable security grade and environmental
classification.
The equipment should be installed in accordance with the manufacturer's instructions by
suitably trained personnel. If the installation of a component in accordance with the
manufacturer’s recommendations is not possible advice should be sought from the
manufacturer and this should be recorded in the as-built documentation.
When the EACS is using existing communication (network) infrastructure at the customer site
attention should be paid to ensure there are sufficient capacity, performance and protection
measures in place to allow proper operation of the EACS for the selected security grade.
The housings for components of an EACS shall be provided with the means to prevent
undetected access to internal elements to minimise the risk of tampering. The requirements
for t
...