Страница 8: ДСТУ EN 60839-11-1:2014. Alarm and electronic security systems - Part 11-1: Electronic access control systems - System and components requirements (61812)

To demonstrate the ability of the access control unit to comply with requirements in Table 4, lines 13 to 27, perform the following steps:

1. Attempt to add a new token to the system with the same number of already authorized tokens or attempt to assign the same token to two users. Confirm the attempt is rejected. Functionality shall be as per Table 4, line 13.

2. Set the EACS in operation with no access levels assigned to any user/cardholder. Assign an appropriate credential to a user/cardholder of the system. Assign an access level to this user. Apply the credential to an appropriate reader/keyboard or biometric sensor during a permitted entry period. Confirm whether access is granted. Apply any other credential not known to the system to the reader/keyboard/biometric sensor and confirm that access is denied. Functionality shall be as per Table 4, lines 14 to 17.

3. Verify that each access attempt with a valid token and invalid memorized information is denied. Verify that after the number of attempts stated in Table 4, line 18, this credential is blocked in accordance with the parameter(s) set in the configuration of the system.

4. Review the manufacturer’s documentation and confirm the required FAR levels for biometrics devices (when used with the access control unit for the appropriate grade) are indicated. Information shall be as per Table 4, line 20.

5. Review the documentation and verify the number of valid code differs are met for the number of users allowed by the system for each grade. Information shall be as per Table 4, line 21.

6. Review the documentation and verify that the minimum number of digits used for memorized information is as per Table 4, line 22.

7. Assign to 10 users a token with a facility/user code. Enter a new user/cardholder and try to assign to the new user a token which already is used. Confirm that the system refuses this input and gives notice that this token has already been allocated. Functionality shall be as per Table 4, line 24.

8. Assign tokens with different facility codes and the same user code to two or more users. Confirm that the system allows the input of different facility codes. Functionality shall be as per Table 4, line 24.

9. Review the manufacturer’s documentation and confirm whether a degraded mode of operation is supported or not. Verify that a degraded mode may be disabled automatically or manually by a supervisor level access, when the system is investigated for Grade 4 functionality. Functionality shall be as per Table 4, line 25.

10. Verify on the tokens intended to be used with the system whether the encoding structure is visible (e.g. transparent token), or whether the complete encoding is printed on the token. Information shall be as per Table 4, lines 26 and 27.

The recognition functionality shall be in accordance with the security classification dependent requirements of 6.4 and Table 4.

To demonstrate by inspection and test that the duress signalling requirements of 6.5 and Table 5 can be met.

The duress feature of the access control system described in Figure 3 shall be operated to demonstrate the access control system outputs associated with duress signalling can fulfil the security classification dependent requirements of Table 5.

To demonstrate the ability of the access control unit to comply with requirements in Table 5, lines 1 to 3, perform the following steps

1. :To confirm that duress signalling is configurable follow the manufacturer's instructions to program the duress function. Functionality shall be as per Table 5, line 1.

2. Using the appropriate procedure, provide a duress input. Monitor and record the alert received at the monitoring console. Confirm that the duress alert is distinguishable from other alerts. Functionality shall be as per Table 5, line 2.

3. By test and inspection confirm that the duress initiating device (e.g. reader, keypad) does not produce an audible or visible local indication. Functionality shall be as per Table 5, line 3.

Duress signalling shall be configurable portal by portal and the associated alert outputs shall be in accordance with the security classification dependent requirements of Table 5.

To demonstrate by inspection and test that the electronic access control system can meet the overriding functionalities of 6.6 and Table 6.

The access control system of Figure 3 shall be operated to demonstrate the security classification dependent functions of overriding as listed in the requirements of Table 6.

To demonstrate the ability of the access control unit to comply with requirements in Table 6, lines 1 to 7, perform the following steps:

1. Inspect the manufacturer’s documentation for the overriding process. Set one of the readers to single free access status. Record whether the door is free for one access procedure and then reset to normal access granting process. Functionality shall be as per Table 6, line 1.

2. Review the manufacturer’s documentation and determine that there is a statement that installation and operation of the EACS shall not prevent the functionality of the emergency exit functions. Information shall be as per Table 6, line 5.

3. Inspect the manufacturer’s documentation for support of scheduling portals for timed blocked access. Enter for one of the access points the time and date of beginning and time and date of ending of the blocked access.

4. Set time and date to 2 minutes before the beginning of the blocked access status and verify that access is granted. After the beginning of the blocked access period check whether access is not granted for several access procedures.

5. If supported according to Table 6, line 7, set time and date to 2 minutes before the end of the blocked access status and check whether access is not granted. After end of blocked access period check whether access is granted when normal access granting procedure is performed.

The overriding functionality shall be in accordance with the security classification dependent requirements of 6.6 and Table 6.

To demonstrate by inspection and test that the electronic access control system can meet the self-protection requirements of 6.7, 6.8 and Table 7.

The access control system of Figure 3 shall be operated to demonstrate the security classification dependent functions of communication and self-protection as listed in the requirements of Table 7.

To demonstrate the ability of the access control unit to comply with requirements in Table 7, lines 1 to 28, perform the following steps:

1. If memory retention component(s) are non-volatile (example: EEPROM) check the data supplied by the manufacturer and verify that storage components are non-volatile for the period required by Table 7, lines 1 and 17.

2. If memory retention components are volatile (example: RAM), record the system configuration settings and stored events before removal of power.

3. Disconnect the mains power supply and the standby batteries (data retention batteries shall remain connected) for the period of time required by Table 7, lines 1 and 17.

4. After the period defined by the appropriate system grade, as per Table 7, lines 1 and 17, reconnect the mains power supply and the standby batteries. The order of reconnection shall be in accordance with the equipment manufacturer’s recommendations. Functionality shall be as per Table 7, line 2.

5. By inspection, compare the recorded system configuration settings and stored events with those of the access control system after reinstating power. The settings and the content of the event log shall not be lost or corrupted (with the exception of power failure and restoration events) and the real time clock shall continue to display the correct time.

6. In conjunction with the manufacturer of the access control system, determine a method by which checksum errors or data loss can be introduced or simulated. For example by erasing stored events from non- volatile memory, such that the access control unit cannot restart properly upon re-instatement of power. Functionality shall be as per Table 7, line 3.

7. Review the manufacturer’s documentation for reference to the tool(s) required to open the housing of the access control unit or the component of the access control system. Functionality shall be as per Table 7, line 4.

8. Mount the access control system component according to the manufacturer’s instructions with the housing securely closed.

9. Open the housing by normal means (using the tools and instructions provided in the manufacturer’s instructions) and attempt to introduce a sabotage tool (steel rod as defined in IEC 60529 with 1 mm diameter and 100 mm long) into the unit without causing physical damage and before tamper detection operates.

10. If the tool is successfully inserted it should be manoeuvred to try to interfere with the tamper detection mechanism or other internal components and cause an access granted condition. Functionality shall be as per Table 7, line 5.

11. Position the access control unit or component of the access control system on a horizontal flat surface taking into account any requirements specified by the manufacturer to operate the removal from mounting detection mechanism.

12. Lift the equipment from the flat surface in a perpendicular direction to the mounting surface and attempt to slide a flat bar 10 mm wide, longer than 300 mm and 1 mm thick, to defeat the removal from the mounting detection. Functionality shall be as per Table 7, line 6.

13. Review the manufacturer’s documentation for reference to the appropriate IP and IK rating. Information shall be as per Table 7, line 7.

14. Disconnect the communication channel between the access control unit and the monitoring console. While communication with the monitoring console is interrupted generate access requests using valid credentials and verify functionality is as per 6.7, item 3) and Table 7, lines 8, 20 and 21.

15. Restore communication with the monitoring console. Functionality shall be as per Table 7, line 8.

16. Review the manufacturer’s documentation to verify the number of stored events capability in the access control unit while the communication with the monitoring console is lost. Functionality shall be as per Table 7, line 8.

17. With the access control system operating normally as per Figures, disconnect the communication circuit between the access control unit and an access point interface (reader) for the duration indicated in Table 7, line 9. Repeat the test as appropriate for other types of communication circuits supported by the access control unit. Functionality shall be as per 6.7, item 4) and Table 7, lines 9, 18, 19 and 20.

18. Review the manufacturer’s documentation and confirm implementation of the requirements as per Table 7, lines 24 and 25.

19. Review the manufacturer’s documentation and confirm that tokens accepted by the access control system and their initialization procedure comply with the security grade requirements as per 6.8, item 9) and Table 7, line 19.

20. Review the manufacturer’s documentation and confirm that access to the configuration of the access control unit is restricted by the use of valid credentials (defined in accordance with the security grade claimed) and that it is possible to restrict access to different functions in the system by access levels. Functionality shall be as per Table 7, lines 10 to 16.

21. Verify that processing rules stored in access point readers (e.g. via dip switches) are not visible from outside the reader enclosure when the reader is installed. Compliance shall be as per Table 7, line 22.

22. Confirm by pressing each keypad button that the audible sound (if available) is identical for all keys. Functionality shall be as per Table 7, line 23.

23. With the access control system in configuration mode, attempt to enter from the monitoring console invalid data (for example other than a supported format or type of characters expected) and confirm data is not accepted by the system. Functionality shall be as per Table 7, line 27.

24. Access the configuration mode at the monitoring console and do not enter any data. Monitor the effect of the inactivity period on the system. Functionality shall be as per Table 7, line 28.

The communication and self-protection functionalities shall be in accordance with the security classification dependent requirements of 6.7, 6.8 and Table 7.

The standby power requirements of Table 8, line 1, shall be demonstrated by tests and inspection in accordance with the following procedure.

To demonstrate the ability of the power supplies used with the electronic access control system to comply with requirements in Table 8, line 1, perform the following steps:

1. Connect to the access control system (excluding the monitoring console and access point actuators) a power supply with the standby batteries of the type and capacity recommended by the manufacturer. Outputs of the components shall be connected to loads representative of maximum conditions (7_max) within the manufacturer's specification.

2. The access control system and accessories shall be monitored throughout the test to identify any changes of state.

3. Charge the batteries for a minimum duration of 24 h while the power supply is connected to the nominal mains supply (K_n).

4. Confirm correct operation by application of the reduced functional test.

5. Disconnect the mains power source and confirm there is no unintentional change of state.

6. Allow the access control system and accessories to operate from the standby batteries for the duration defined by the appropriate system grade of Table 8.

7. Immediately after operating on standby batteries for the required duration, confirm correct operation of the access control unit and accessories by application of the reduced functional test.

8. Reconnect the mains power source and again confirm there is no unintentional change of state.

The requirements of the reduced functional test shall be met following the period of operation on the standby batteries and there shall have been no unintentional changes of state.

The recharging capability requirements of Table 8, line 2, shall be demonstrated by tests and inspection in accordance with the following procedure.

To demonstrate the ability of the access control unit to comply with requirements in Table 8, line 2, perform the following steps:

1. A battery of the maximum capacity recommended by the equipment manufacturer shall be used.

2. Discharge the battery to its final voltage at a discharge current of 7_d = C/20 A for lead acid type batteries, (or 7_d = C/10 A for nickel cadmium type batteries), where C is the rated ampere hour capacity of the battery, given by the battery manufacturer.

3. For other battery types, the discharge current shall be that for which the battery manufacturer specifies the rated capacity.

4. Charge the battery for 72 hours with the appropriate charger connected to the nominal mains (F_n) while the power supply output is loaded by 7_max.

5. Repeat the procedure as in step 2) above and measure the discharge time (T^) in hours.

6. Charge the battery again for 24 hours at F_n while the access control system outputs are loaded by 7_max.

7. Discharge the battery again to its final voltage at a discharge current as in step 2) above and measure the discharge time (T₂) in hours.

The product of the discharge time T₁ and the discharge current 7_d shall be not less than:

1. 100 % of the rated capacity of the battery after charging for 72 hours, and

2. 80 % of the rated capacity of the battery after charging for 24 hours.

To demonstrate the means are provided to monitor and signal a low battery condition, as required by Table 8, line 3.

The following procedure shall be applied to access control systems incorporating standby batteries:

1. Where appropriate replace the standby batteries with a variable supply power set to the recommended nominal supply voltage (K_nom).

NOTE Some types of battery power source cannot be simulated by the substitution of a variable power supply e.g. lithium batteries. Where necessary, alternative methods to demonstrate compliance are permitted provided the applicant and the test laboratory agree.

2. Confirm correct operation of the access control system by applying the reduced functional test.

3. Slowly lower the level of K_nom at a rate of approximately 10mV/s until a low battery condition is indicated on a local display and/or at the monitoring console.

4. Record the voltage at which the low battery condition indication is given (K|_0W) and apply the reduced functional test.

5. Remove the standby batteries from the access control system entirely and repeat step 4).

The access control system shall have signalled a battery trouble indication, alert and logged event in response to a low battery voltage condition before correct operation is prevented. The access control system shall continue to meet the requirements of the reduced functional test whilst the operating voltage is at K|_OW. A battery trouble indication, alert and logged event shall be given upon detection of a missing battery.

The applicable EMC and environmental tests specified in Table 9 shall be conducted as follows:

1. The test apparatus and the test procedures shall be as described in IEC 62599-1 and IEC 62599-2. Apply the tests indicated in Table 9.

2. Unless otherwise indicated in the test procedure, the tests shall be carried out at the rated supply voltage for the component.

3. The levels of severity to be applied are defined by four levels from environmental Class I to environmental Class IV:

1. Class I: indoor but restricted to residential/office environment (e.g. living rooms and offices);

2. Class II: indoor in general (e.g. sales floors, shops, restaurants, stairways, manufacturing and assembly areas, entrances and storage rooms);

3. Class III: outdoor but sheltered from direct rain and sunshine or indoor with extreme environmental conditions (e.g. garages, lofts, barns and loading bays);

4. Class IV: outdoor in general.

4. System interconnections for test purposes (i.e. to inputs and outputs) shall be made with unscreened cables, unless the manufacturer’s installation data specifies that only screened cables shall be used.

5. Where the equipment has a number of identical types of inputs or outputs, then the tests shall be applied at least to one input and one output representative of each type.

In addition to the criteria for compliance specified in IEC 62599-1 and IEC 62599-2, the functional test of 8.2 shall be applied during the initial measurements.

Mount the specimen(s) in accordance with the manufacturer’s instructions and connect to suitable power supply equipment as recommended in the documentation supplied with the electronic access control system.

The following measures shall be observed while conducting the tests required in Table 9:

1. The test specimens shall be exposed to the conditioning and tests specified in Table 9 using the methods described in IEC 62599-1 and IEC 62599-2.

2. The impact operational conditioning shall be applied to all components of the access control system. However, impacts shall not be applied directly to displays (e.g. liquid crystal displays) or other types of visible indicators.

3. Electrostatic discharges shall be applied only to parts of the access control equipment likely to be accessible to the end user when installed as a system.

4. Fast transient bursts shall be applied to the a.c. mains lines by the direct injection method and to the other inputs, signal, data and control lines by the capacitive clamp method.

Monitor the specimen during the conditioning period to detect any access granted, alerts or fault signals.