Access Control Systems

Access Control. Reimagined.

Modern, cloud-managed access control that eliminates physical keys and provides granular, real-time control over who enters your facility.

Get a System Design Explore capabilities

Not ready for a full quote? Talk to an engineer first.

Overview

ZEI deploys cloud-managed and enterprise access control across single-door deployments and multi-site campuses. Mobile credentials, biometric readers, identity provider sync, and tight integration with video and intrusion systems give security teams real-time control over who enters which space, when, and under what conditions.

Technology Partners

  • Genetec unified security platform
  • ASSA ABLOY door and access solutions
  • HID Global access control technology
  • Openpath cloud-based access control
  • Brivo cloud-based access control
  • Kantech access control systems
  • Genetec unified security platform
  • ASSA ABLOY door and access solutions
  • HID Global access control technology
  • Openpath cloud-based access control
  • Brivo cloud-based access control
  • Kantech access control systems
Representative real-world environment where ZEI deploys access control systems
In the field

A representative environment where ZEI engineers, deploys, and supports access control systems.

Problems We Solve

Where current systems fall short.

  • Lost or copied physical keys creating expensive rekey events
  • No visibility into who entered which space and when
  • Manual onboarding / offboarding that lags behind HR changes
  • Tailgating and propped-door incidents going undetected
  • Disconnected systems where access events cannot trigger video, alarms, or notifications
Core Capabilities

Anatomy of a Secure Door

We deploy enterprise-grade hardware and software to ensure your perimeter is never compromised.

Mobile Credentials

Your Phone is Your Key.

Allow employees to unlock doors using their smartphones via Bluetooth or NFC. No more lost key fobs or expensive replacements.

Biometric Access

You Are the Credential.

Deploy facial recognition or fingerprint readers for high-security areas requiring multi-factor authentication.

Cloud Management

Control From Anywhere.

Instantly grant or revoke access, set custom schedules, and view entry logs from any web browser or mobile device.

Video Integration

Don't Just See It. Solve It.

Link access events directly to video footage. See exactly who badged in, or who was denied access, with a single click.

Typical Components

What gets installed.

A real deployment is more than the headline product. These are the components we typically specify and integrate.

Door controllers

IP or PoE-powered controllers (Brivo, Genetec Synergis, HID, Verkada, Avigilon) supporting 1–32 readers per panel.

Readers

OSDP-secured prox, smart card, mobile (BLE/NFC), and biometric readers chosen per door risk class.

Locking hardware

Electric strikes, magnetic locks, electrified panic hardware, and request-to-exit devices.

Door position & REX

Position switches and request-to-exit sensors for door-held-open and forced-open detection.

Mobile credentials

BLE / NFC / Apple Wallet credentials issued on-demand without physical card stock.

Identity provider sync

SCIM / SAML / Active Directory / Okta / Entra ID provisioning so access mirrors HR truth.

Power supplies & UPS

Sized power supplies with battery backup, fire-alarm release, and surge protection.

Integrations

Connects to what you already run.

Our access control systems integrate with your existing identity, communication, and security systems for unified operations.

Active Directory integration
Active Directory
Slack / Teams integration
Slack / Teams
HR Platforms integration
HR Platforms
VMS Systems integration
VMS Systems
Alarm Panels integration
Alarm Panels
Fire Systems integration
Fire Systems
Building Mgmt integration
Building Mgmt
Custom API integration
Custom API
Deployment Process

How it gets built.

Every project follows the same engineering-led sequence — designed, documented, and delivered with no surprises.

  1. 01

    Door schedule & risk classification

    Each opening gets a risk class (perimeter, sensitive, internal, life-safety) that drives reader choice, locking type, and rule design.

  2. 02

    Power & cabling design

    Sized power supplies, lock cabling, reader cabling, REX, and door contact runs — all pre-engineered before pulling cable.

  3. 03

    Hardware install

    Controllers, readers, electrified hardware, and door hardware integration installed and tested per door.

  4. 04

    System programming

    Schedules, holiday calendars, access groups, anti-passback, and API integrations configured in the management platform.

  5. 05

    Identity sync & rollout

    IdP integration, credential issuance, and phased user enrollment with parallel run against the legacy system.

  6. 06

    Acceptance & handover

    Door-by-door acceptance test, as-builts, admin training, and documented escalation paths.

Engineering Considerations

What our engineers look for.

  • Reader-to-controller communication uses OSDP v2 (encrypted) — never plain Wiegand on new installs.
  • Doors that are part of an egress path must respect free egress and fail-safe / fail-secure rules per local fire code.
  • Credential format is standardized (HID iCLASS SE, Mifare DESFire EV2 or EV3, mobile) to avoid mixed-format fleets.
  • Time-zoned schedules, anti-passback, and dual-credential rules are designed up front, not retrofitted.
  • Audit trail retention and tamper alerting must meet any industry-specific compliance window.
Maintenance & Support

After the install.

Service tiers built around what your facility actually needs — not a one-size-fits-all SLA.

Essentials

Annual physical inspection of every door, lock, and reader; firmware updates; remote diagnostic support during business hours.

Pro

Semi-annual preventive maintenance, 24/7 remote support, 4-hour critical response, and quarterly access-rule audits.

Managed

Fully managed credential lifecycle, ongoing IdP sync monitoring, audit-log review, and incident response.

Reference Architecture

How the system fits together.

Reference architecture diagram for access control systems
Access Control Systems — reference architecture
Architecture Options

Deployment Options

Scale your access control from a single door to a global enterprise.

Cloud-Managed Controllers

Edge-based controllers that communicate directly with the cloud.

  • No on-premise servers
  • Instant over-the-air updates
  • Manage multiple locations easily
  • Open API for integrations
  • Mobile-first administration

Enterprise On-Premise

Traditional server-based architecture for complex environments.

  • Complete data sovereignty
  • Active Directory/LDAP sync
  • Complex elevator dispatch
  • Legacy hardware support
  • Air-gapped capabilities
Industries

Where this system fits.

Industry

Government

NDAA-compliant security infrastructure designed to protect municipal, state, and federal government facilities and personnel
Industry

Banking

Protecting financial assets, sensitive data, and personnel with integrated security systems that meet strict regulatory requirements
Industry

Healthcare

Securing hospitals, clinics, and pharmacies while maintaining strict HIPAA compliance and ensuring a safe environment for patient care
Industry

Education

Creating safe learning environments with integrated lockdown systems, vape detection, and campus-wide mass notification
Industry

Logistics

Securing massive distribution centers and tracking fleet movement with long-range surveillance, yard management, and access control
Industry

Manufacturing

Industrial-grade security and process monitoring to protect intellectual property, ensure OSHA compliance, and minimize downtime
Industry

Cannabis

Navigating complex state regulations with robust, compliant security infrastructure for cultivation, manufacturing, and retail dispensaries
Industry

Condominiums

Elevating the resident experience while securing property perimeters, amenities, and common areas with smart building technology
Industry

Utilities

NERC CIP compliant security solutions for power plants, substations, water treatment facilities, and critical energy infrastructure
Industry

Airports

Comprehensive security and networking solutions designed to meet the rigorous compliance and operational demands of modern transportation hubs
Related Solutions

Often deployed together.

Solution

Video Surveillance

ZEI engineers commercial video surveillance systems built around modern IP cameras, edge AI analytics, and cloud or on-premise video management
Solution

Intercom Systems

ZEI deploys IP and SIP-based intercom systems that connect entry stations to mobile apps, desk phones, and security operations — bringing visitor management, video, and access control into a single workflow
Solution

Intrusion Alarm

ZEI engineers commercial intrusion detection systems that integrate with video surveillance and access control to verify threats before responders are dispatched
Solution

Entry Gates

ZEI installs and services industrial-grade entry gates — slide, swing, barrier, and crash-rated — engineered for high-cycle reliability and integrated with access control, LPR, and intercoms
Further Reading

From the engineering blog.

Background reading our team uses when designing access control systems systems.

Engineering Blog

The End of Keycards?

For decades, the plastic RFID keycard has been the undisputed standard for commercial access control.
System Architectures

OSDP: Why Wiegand Is Dead and What Replaces It

For over four decades, the Wiegand protocol has been the default communication link between access control readers and panels.
Compliance Guides

NDAA Compliance Explained

NDAA Section 889 restricts which surveillance and network gear federal agencies and federally funded sites can buy. Here is what compliance actually requires.
FAQs

Frequently asked.

Do mobile credentials really replace physical cards?
For most users, yes. Mobile credentials issue and revoke instantly, are harder to clone than legacy 125 kHz prox, and integrate with phone biometrics. We typically recommend a mobile-first rollout with smart cards as a fallback for visitors, contractors, and users without compatible phones.

Can the system work if our internet goes down?
Yes. Modern controllers cache schedules, credentials, and access rules locally and continue making access decisions during a WAN outage. Events are queued and synced to the management platform once connectivity restores.

Will it integrate with our HR or identity system?
Yes. We integrate with Workday, BambooHR, Okta, Entra ID, Google Workspace, and Active Directory via SCIM, SAML, or LDAP. New hires get access automatically based on department or role; terminations are revoked instantly without manual badge collection.

How does it handle elevators and turnstiles?
Elevator dispatch (DEC) integrations restrict floor selection by credential. Optical and tripod turnstiles integrate via standard reader interfaces or dry-contact relays. We design these as part of the access plan rather than as bolt-ons.

What happens if we need to upgrade an existing access system?
We audit your existing readers, controllers, credentials, and locking hardware, then propose a phased migration path that keeps the building operational throughout. Most credentials and locking hardware can be reused; controllers and readers are typically replaced to reach modern OSDP / encrypted-credential security.

Is biometric access GDPR / privacy-safe?
Modern biometric readers store mathematical templates (not actual fingerprints or face images) and can be configured for credential-on-device storage where the template never leaves the user's phone. We design biometric deployments around the strictest applicable privacy requirement.

Let's build your system.

Tell us about your facility. Our engineering team will design a system tailored to your security, connectivity, and automation requirements.

Request a Quote