SAMPLE SPECIFICATION

CARDAX FT SERIES 3 SYSTEM

The following specification is provided for the assistance of system integrators, end
users and security consultants in preparing a specification for an access control and
alarm monitoring system. This specification is provided on the basis that it may be
freely used. It is based on performance criteria to reflect the requirements of a small
to medium sized access control and alarm monitoring security system. It should be
noted, that many of the specific performance criteria detailed in the attached
document are benchmarked on the standard features of the Cardax FT Series 3
Access Control and Security Management equipment.

Cardax FT Series 3 Command Centre is a simple to use, effective access control

and alarm monitoring system, capable of controlling up to 64 doors. It is ideally
suited for small to medium sites. The system is based on the multi-media and
network capabilities of the Microsoft® Windows® 2000 Professional or XP
Professional operating system.

IMPORTANT NOTE: THE FUNCTIONALITY DESCRIBED IN THIS GUIDE

SPECIFICATION IS BEING PROGRESSIVELY RELEASED IN THE CARDAX FT
SERIES 3 SYSTEM DURING 2002/2003. PLEASE CONTACT CARDAX FOR
MORE INFORMATION ON RELEASED FUNCTIONALITY.

The document contents are as follows.

SAMPLE SPECIFICATION................................................................................................................ 1

CARDAX FT SERIES 3 SYSTEM...................................................................................................... 1

INTEGRATED SECURITY SYSTEMS SPECIFICATION...................................................................2

1.0 FUNCTIONALITY OVERVIEW................................................................................................. 4

2.0 SYSTEM REQUIREMENTS..................................................................................................... 6
3.0 CENTRAL CONTROL AND SYSTEM MANAGEMENT SOFTWARE.....................................8
4.0 ACCESS CONTROL, SECURITY ALARM AND I/O PROGRAMMING.................................11
5.0 SYSTEM INTEGRATION....................................................................................................... 11
6.0 ACCESS CONTROL READERS............................................................................................ 12
7.0 INTELLIGENT FIELD CONTROLLER (IFC)..........................................................................13
8.0 ELEVATOR CONTROL AND MANAGEMENT......................................................................15
9.0 ACCESS CARDS AND TOKENS...........................................................................................17
10.0 CARDHOLDER MANAGEMENT...........................................................................................19
11.0 INTRUDER ALARM SYSTEM............................................................................................... 21
12.0 OPERATOR MANAGEMENT................................................................................................ 25
13.0 AUDIT TRAIL & REPORTS................................................................................................... 26
14.0 PHOTO ID BADGING............................................................................................................ 27
15.0 COMMUNICATIONS & DIAGNOSTICS................................................................................30

Guidespec3131102 Page 1
Guidespec3131102 Page 2
INTEGRATED SECURITY SYSTEMS SPECIFICATION

GENERAL

This specification calls for the supply, installation and commissioning of a complete,
integrated security system including:

 Access Control
 Intruder Alarm System
 Alarms Management
 Photo ID Badging,

in line with the technical and performance criteria set out in this document.

The system is to be supplied with all equipment, hardware, software, cabling and
ancillary services as required to provide an integrated system complete and
functional in all respects. The Tenderers are to familiarise themselves with all
matters related to such requirement and to account for such in the tendered price.

It is the responsibility of the tenderer to obtain clarification of all matters in which

doubt exists as to the exact intent of this document or in which a conflict appears to
have arisen. Such information must be obtained before the closing and lodging of
tenders.

The response shall clearly detail all pricing for components, cabling, installation,
engineering, training, commissioning, setting to work, and 12 months comprehensive
warranty.

Guidespec3131102 Page 3
The tenderer must include as part of the tender submission a complete, clause- by-
clause response. Each clause is to be answered with one of the following
statements:
Response Meaning

Complies The equipment/system offered complies fully in all respects with the
specification clause.

Substantially Complies The equipment/system offered does not comply fully but offers most
or a substantial part of the requirements of the particular clause.
Compliance in excess of 75% of the requirement qualifies for this
category.

Partially Complies The equipment/system offered provides only a part of the

requirements of the clause. Less than 50% compliance with the
clause should invoke this response.

Does Not Comply The equipment/system offered provides none of the requirements of
the particular clause.

Accepted The Tenderer understands and accepts the conditions imposed or

enunciated by the particular clause, and has included provision for
such in the tender.

Not Accepted The Tenderer does not accept the condition imposed by the particular
clause and as such is not included in the tender.

PLEASE NOTE: RESPONSE COMMENTS HAVE BEEN INCLUDED WITH SOME

CLAUSES TO QUALIFY THE RESPONSE

Guidespec3131102 Page 4
1.0 FUNCTIONALITY OVERVIEW

1.1 The system shall provide a means to control access through nominated doors by
checking the access privileges stored in intelligent readers for access control tokens
presented at such readers.

1.2 The system shall provide access control in elevators enabling the access of each
cardholder to have access to any combination of floors over specified time periods.
The interface to the elevator manufacturers equipment shall be by either low level
interface (relay outputs) or by a high level interface (RS232).

1.3 The system shall monitor the condition of inputs. The system shall be able to be
programmed to apply a variety of conditions to the way in which these inputs are
monitored and shall enunciate the condition of such inputs in accordance with such
programming.

1.4 The system shall provide a fully functional intruder alarm system including entry and
exit delays where intruder detection sensors are connected to system inputs. The
Intruder Alarm Systems component shall be fully integrated with the Access Control
aspects of the system. It shall be possible to set (secure) or unset (de-secure) areas
from any access control reader associated with an area, or as required from defined
central control locations.

1.5 The system shall provide an integrated software facility for the design and production
of photo ID cards.

1.6 The system shall be OPC enabled using Microsoft COM and DCOM enabling
integration with other third party OPC enabled automation and business systems.

1.7 The operating system used by the system server shall be Microsoft Windows 2000
Professional or XP Professional.

1.8 All system communications must be totally integrated on either existing or new
LAN/WAN networks as defined by the attached configuration drawings. Connection to
Intelligent Field Controllers (IFCs) shall be achieved using Ethernet cabling
supporting 10baseT and TCP/IP protocols. Remote IFCs not connected to the
network can be connected via TCP/IP and PSTN or via the Internet using a PSTN
connection from a remote IFC to an Internet Service Provider.

1.9 All system software upgrades shall be downloadable through the network to the IFCs.

All data over the network between the IFC and the head end shall be encrypted using
asymmetrical encryption algorithm with a minimum encryption key length of 40 bits.

The encryption key shall be changed each time there is a new communication
session between the IFC and the central control.

1.10 The system shall report all events to the operator(s) as configured and shall produce
and maintain a log of all system events, alarms and Operator actions. The system
shall provide a means for an operator to extract information relative to the event log
and system configuration and produce this information in the form of printed reports,
screen displays or ASCII files.

1.11 The system shall provide for a Windows based User Interface with Site Plans and
interactive icons representing the location and real-time status of Access Control, and
Alarm Monitoring equipment.

Guidespec3131102 Page 5
 1.12 The system will provide emergency evacuation reporting.

1.13 The system shall be designed and manufactured by a reputable company who shall
be certified to the requirements of ISO 9001:2000 quality procedures.

1.14 All equipment shall have the following approvals:

1.14.1 FCC part 15
1.14.2 CE approval BS EN 50130-4 Alarm Systems Electromagnetic Compatibility
(Immunity)
1.14.3 CE approval BS EN 55022 Emissions
1.14.4 Encoders and readers will also meet CE ETS 300 683 Short Range Devices
1.14.5 C-Tick AS/NZS 4251 Generic Emission Standard
1.14.6 C-Tick RFS29.

1.15 The system software shall be written in a fully structured, fully validated and
commercially available language that provides a strictly controlled development
environment.

1.16 The system shall employ the Microsoft SQL2000 Desktop Engine database or similar
commercially available database of equivalent performance to store cardholder
information and activity.

1.17 Comprehensive backup and archiving facilities shall be incorporated as an integral

part of the system software.

1.18 The system shall allow for the connection of remote sites that do not have network
connectivity via a PSTN connection using encrypted TCP/IP from the Internet Service
Provider (ISP) on the remote site to approved Internet service provider. The
connection shall then be via an approved firewall through into the IT infrastructure for
connectivity to the Central Server. Auto answer modems on the network infrastructure
are a serious security risk and are therefore unacceptable.

1.19 IFC’s must support peer to peer communications for input and output
communications between IFC’s. Systems that require the main server for
communications between panels are unacceptable.

Guidespec3131102 Page 6
2.0 SYSTEM REQUIREMENTS

The system shall be in commercial operation with the same or similar configuration as detailed in this
specification and shall be available for inspection. A reference list of such similarly configured
systems and details of contact persons shall be submitted with the tender response.

2.1 The system described in this specification must have the following capacity as a
minimum.

2.1.1 Graphical Site Plans 2000

2.1.2 Access Controlled doors 64
2.1.3 Fully Supervised Alarm Inputs (4 state) 30,000
2.1.4 Output relays 20,000
2.1.5 Access Control Zones 4000
2.1.6 Schedules per day 100
2.1.7 Schedule categories 50
2.1.8 Holiday days 30
2.1.9 Operators 500
2.1.10 Concurrent Operator Sessions 3
2.1.11 Cardholders 900,000
2.1.12 Cardholder Issue Levels 15
2.1.13 Cardholder Personal Data Fields 64

Response Comment on Clause 2.1

There are no hard constraints on the central control’s capacities. Those listed in this guide
specification provide an indication of the scalability of the system. It should be noted that
system capacities are dependent on network and computer hardware capacities.

The following is a list of variables that will impact system performance:

Normal and peak event rates
Size of the cardholder database
Number of workstations
Geographical spread of a system
Network capacity - availability of bandwidth
Network reliability

Please note that this is not intended to be an exhaustive list. The supplier will work with the
site to determine the network and computer hardware specifications required to meet the
anticipated demands likely to be placed on the system.

The guide specification assumes the system is configured in such a way so as to deliver its
stated functionality. The supplier of the system will work with the tenderer to ensure efficient
system configuration.

2.2 Field Hardware Architecture

2.2.1 The system shall incorporate dedicated Intelligent Field Controllers (IFCs),
which communicate with and control the following equipment:

2.2.1.1 Card access readers

2.2.1.2 Elevator access equipment

Guidespec3131102 Page 7
 2.2.1.3 Alarm monitoring Input/Output panels and equipment
2.2.1.4 Alarm response equipment.

2.2.2 The IFCs shall be intelligent in that in the event of failure of power or
communications with the central control, for whatever reason, the system
shall continue to allow or deny access based on full security criteria. The IFC
shall contain all the security and access parameters to operate completely
independently from the central control. Systems that rely on the central
control PC for access decisions will not be considered.

2.2.3 The IFC shall "concentrate" activity data for immediate transmission to the
central control PC. The IFC shall hold all access and cardholder data.

2.2.4 The IFC shall be capable of holding up to 30,000 cardholder records in its
standard configuration.

2.2.5 In its standard configuration, each IFC shall be capable of buffering 5,000
events should communications fail with the central control.

2.2.6 Any failure of a card reader unit and its communications with the IFC shall be
raised immediately as a high priority alarm and shall not cause the IFC or
other units to stop or continue to allow or deny access correctly.

2.2.7 Communication between the IFC and the lower level units shall be encrypted.

2.2.8 The system shall monitor input circuits and enunciate whether the circuit is in
Normal, Alarm, Open Circuit Tampered or Short Circuit Tampered.

2.2.9 The system shall separately monitor all enclosures to detect tampering and
report low supply voltage conditions. The IFC shall include tamper protection
for the front and the back of the panel. The front panel shall be tamper
protected for door open, and the rear of the panel to detect if the panel has
been removed from the wall. This shall be an optical tamper detection.
Mechanical tamper devices are not acceptable.

Guidespec3131102 Page 8
3.0 CENTRAL CONTROL AND SYSTEM MANAGEMENT SOFTWARE

3.1 The system shall use the Microsoft Windows 2000 Professional or XP Professional
operating system.

3.2 The system shall be OPC enabled in accordance with the current OPC specification
for OPC Alarms and Events. Please refer to http://www.opcfoundation.org for further
information.

3.3 The central control shall employ a high quality personal computer incorporating the
Intel Pentium microprocessor. The PC specifications, including processor speed,
internal memory and hard disk size shall be specified by the supplier and must be
sufficient to meet or exceed the specified system requirements.

3.4 The system shall support up to 3 PC based operator workstations simultaneously

running on the system. Operator workstations running terminal emulation software
will not be accepted.

Response Comment on Clause 3.4

There are no hard constraints on the central control’s capacities. Those listed in this guide
specification provide an indication of the scalability of the system. It should be noted that
system capacities are dependent on network and computer hardware capacities.

The following is a list of variables that will impact system performance:

Normal and peak event rates
Size of the cardholder database
Number of workstations
Geographical spread of a system
Network capacity - availability of bandwidth
Network reliability.

Please note that this is not intended to be an exhaustive list. The supplier will work with the
site to determine the network and computer hardware specifications required to meet the
anticipated demands likely to be placed on the system.

The guide specification assumes the system is configured in such a way so as to deliver its
stated functionality. The supplier of the system will work with the tenderer to ensure efficient
system configuration.

3.5 The system shall automatically log all events within the system including intruder
alarm set/unset events, access control events, and operator actions and activity.

3.6 The central control software shall be easy to use, make extensive use of menus and
windows and require a minimum of operator training to operate the system
proficiently.

Response Comment on Clause 3.6

It is assumed that system operators are proficient in their general use of PCs and Microsoft
Windows environments.

3.7 It should be possible to manage and monitor alarms, overrides, the general status of
site items and open doors through the Graphical User Interface with the use of
interactive real time dynamic site plans and icons.

Guidespec3131102 Page 9
 3.8 A minimum of 2,000 graphical site plans must be available. All site plans stored on
the server PC shall be automatically updated if amended at any of the networked
workstations.

3.9 The following functions should, as a minimum, be able to be executed by clicking on

a Site Plan icon:

3.9.1 View the current status of a Door, Input or Output.

3.9.2 Monitor and acknowledge an Alarm
3.9.3 Open an access controlled door
3.9.4 Jump from one plan to another plan
3.9.5 Override an alarm or access zone state.

Each item shown on the Site Plan should be able to convey information about the
current state of that item.

3.10 The central control must be capable of receiving simultaneous alarm signals from a
number of remote locations, without loss or excessive delay in their presentation to
the operator. Any authorised operator should be allowed to acknowledge, view and/or
process an alarm from any screen.

3.11 The central control shall be fitted with a real time clock, the accuracy of which shall be
preserved over the period of main power supply failure. It shall be possible to
configure the timing of automatic sychronisations between the central control and
Ethernet connected IFCs (without requiring operator intervention) down to an hourly
basis.

Response Comment on Clause 3.11

The time indications noted in this specification are subject to adequate network capacity and
do not apply to dial-up IFCs.

3.12 Operator selection of processing tasks shall be via menu selections. Authorised
Operators shall be able to process alarms, produce reports and modify database
records without degrading system performance.

3.13 The following operational and monitoring facilities are required. This list contains the
minimum required functionality:

3.13.1 The ability to program either a group or individual card readers with access
control parameters, without affecting other card readers.
3.13.2 The ability to program the access criteria for individual Cardholders or groups
of Cardholders.
3.13.3 The ability to store at least 64 non-access control data fields for each
cardholder. The names of these “Personal Data” fields shall be user
definable.
3.13.4 The ability to authorise or de-authorise a Cardholder in the system with the
result reflected immediately throughout all readers in the system.
3.13.5 The ability to place a “Card Trace” against selected Cardholders so that an
alarm is raised each and every time that cardholder presents their access
card or token.
3.13.6 The ability to pre-program holidays so that different access criteria apply
compared to normal working days. The system must have a capacity to set at
least 30 holiday days.
3.13.7 The ability to define as many access zones as there are card readers fitted.
3.13.8 The ability to:
3.13.8.1 Disallow individual card access to all card readers in real time

Guidespec3131102 Page 10
 3.13.8.2 Allow or disallow individual Cardholder access to any one, or group of
card readers, in real time.
3.13.9 The ability to display the current status of all card readers, in real time.
3.13.10 The ability to log all system and operator activity to hard disk as they occur.
3.13.11 The ability to program alarm response instructions into the system so that
these are presented to the Operator when processing an alarm event.
3.13.12 The ability to enable an Operator to enter messages against alarm events.
3.13.13 The ability to override (temporarily) a Cardholder’s, or group of Cardholders,
pre-programmed access criteria.

3.14 The central control shall display a one-line plain language event message for every
activity event (alarm or otherwise) occurring in the system. All activity logged shall be
time and date stamped to the nearest second (hh:mm:ss). On having the appropriate
operator authorisation it shall be possible to drill down into the properties of each
component that makes up that event for further details. This includes but is not
restricted to the following items:

3.14.1 All card access attempts, successful or otherwise (unsuccessful attempts

shall state the reason for the denial)
3.14.2 All door alarms
3.14.3 All operator activity including log on, log off, alarm response messages and
any alteration of system data files
3.14.4 All alarm monitoring activations
3.14.5 All communications link failures.

Response Comment on Clause 3.14

There are no hard constraints on the central control’s capacities. Those listed in this guide
specification provide an indication of the scalability of the system. It should be noted that
system capacities are dependent on network and computer hardware capacities.

The following is a list of variables that will impact system performance:

Normal and peak event rates
Size of the cardholder database
Number of workstations
Geographical spread of a system
Network capacity - availability of bandwidth
Network reliability.

Please note that this is not intended to be an exhaustive list. The supplier will work with the
site to determine the network and computer hardware specifications required to meet the
anticipated demands likely to be placed on the system.

The guide specification assumes the system is configured in such a way so as to deliver its
stated functionality. The supplier of the system will work with the tenderer to ensure efficient
system configuration.

3.15 Communications between the central control and workstations shall be secured using
the Microsoft COM/DCOM security facility.

3.16 Communications between the central control and IFC shall be encrypted.

Guidespec3131102 Page 11
4.0 ACCESS CONTROL, SECURITY ALARM AND I/O PROGRAMMING

4.1 The system shall provide complete flexibility and be capable of programming an
unlimited combination of access control, security alarm and I/O parameters subject
only to performance and memory limitations within the IFC.

4.2 For ease of programming Cardholders shall be grouped into access groups sharing
the same access criteria.Any cardholder or access group in the system shall be able
to be programmed to have access to any combination of controlled doors in the
system with each period of access for each door controlled to within the nearest
minute.

5.0 SYSTEM INTEGRATION

5.1 The system shall support OPC (OLE for Process Control) Alarms and Events protocol
to provide an open interface to allow integration with Building and Facilities
Management, and Management Information Systems.

5.2 The OPC Interface shall allow third party OPC clients to access the security system’s
events and field device data.

5.3 The system shall provide an XML interface to allow for the import and synchronisation
of data in an ongoing basis from other application directly into the Cardholder
database both an on-line real time manner or in a batch oriented approach. A
developers kitset shall be readily available to allow for easy implementation.

5.4 A facility shall be provided in the system to allow for the real-time export of any alarm
and event information to third party systems via customisable strings.

Guidespec3131102 Page 12
6.0 ACCESS CONTROL READERS

6.1 Reader technologies shall be either low frequency Proximity or contactless Smart
Card.

6.2 Each of these technologies shall support:

6.2.1 Card plus PIN reader
6.2.2 Card only reader.

6.3 The Card only reader option shall include beepers, and red and green LEDs, to
provide feedback to users. A beeper shall give different beeps to indicate:
6.3.1 Access granted
6.3.2 Access denied.

A red LED shall flash red for access denied. A green LED shall flash green for access
granted and shall show solid green when there is free access. A method of LED
indication shall be required to indicate if a second card is needed for escort or dual
authorisation modes.

6.4 Each reader shall be identified independently at the central control by means of a
unique plain language descriptor. The central control plain language descriptor shall
be at least 60 characters in length.

6.5 Controllers shall be capable of raising an alarm if the connection to the reader is
broken.

6.6 Readers must comply with at least IP54 environmental protection rating. Provision
shall be in the case of Proximity readers and Proximity plus PIN readers to have a
vandal resistant enclosure meeting an IP66 rating.

6.7 The IFC shall check entry based on ALL of the following criteria:

6.7.1 Correct facility code

6.7.2 Authorised card in database
6.7.3 Correct issue number
6.7.4 Authorised door / access zone
6.7.5 Authorised time of day
6.7.6 Correct PIN (If PIN entry is required)
6.7.7 Double entry (anti-passback).

6.8 Any Cardholder entering an "anti-passback zone" controlled by a reader must exit
from that zone by presenting their card to an exit reader.

6.9 The system shall include an optional “anti-passbook” feature to allow Cardholders to
re-enter the zone after a user-defined, pre-set time period has expired.

6.10 Every incorrect PIN attempt shall be notified at the central control as an alarm
condition.

6.11 Each reader shall be capable of automatically switching the access mode at a door at
different times of the day, based on control parameters received from the central
control. The following access criteria modes are required:

6.11.1 Free access - Door is unlocked, no card entry required.

Guidespec3131102 Page 13
 6.11.2 Secure access - Door is locked, a successful card attempt is required for
valid entry. Door re-secures after access attempt.
6.11.3 Secure + PIN access - Door is locked, a successful card and correct PIN
number attempt is required for valid entry. Door re-secures after access
attempt.
6.11.4 Override from reader – Members of certain access groups shall be able to
change the access and PINs mode of the door at certain times.
6.11.5 Dual Authorisation - access is granted when two different but legitimate cards
are presented within a given time frame.
6.11.6 Escort – A second card is required to be presented from a cardholder who is
nominated in the “Escort Access Group”.
6.11.7 Shared PIN Number – The system Operator determines what the PIN
number will be and programs this into the system. Access is allowed through
the door when the correct 4 digit PIN is pressed followed by the “Enter” key.

6.12 Cardholder access reporting to the central control and logging in the audit trail shall
be configurable in two modes:

6.12.1 Only when there has been a successful presentation of a valid access card or
token AND the door open sensor has detected that the door has actually
been opened.
6.12.2 Whenever there has been a successful presentation of a valid access card
irrespective of if the door has been opened.

6.13 Readers with integrated PIN pads shall provide an “Entry under Duress” facility.

6.13.1 Duress shall be initiated by the cardholder by the addition of a unique number
to their PIN number.
6.13.2 There must be NO indication of a Duress entry at the reader.

6.14 A high priority “Duress Alarm” shall be displayed at the central operator station.

7.0 INTELLIGENT FIELD CONTROLLER (IFC)

7.1 The IFC shall incorporate a 32-bit processor with at least 4 Megabytes of non-volatile
FLASH EEPROM. The IFC software shall incorporate boot code in a protected
sector of the flash memory. All system software can be downloaded over the network
for upgrades from the central control.

7.2 The IFC shall operate from a separate 13.6V DC supply.

7.3 The IFC shall continue to operate for at least 24 hours in the event of a mains supply
failure.

7.4 The system shall be capable of automatically detecting and reporting a power failure,
low battery and battery not connected.

7.5 IFCs shall be fitted with automatic restart facilities to enable them to resume
processing following a power and backup failure.

7.6 IFCs shall be fitted with "watchdog" hardware and software to enable them to restart
and resume normal processing, should the processing system ever be corrupted.

7.7 The IFC shall contain its own battery backed real time clock. The battery shall have a
minimum life of ten years. The clock shall be synchronised with the central control’s
clock at least once per hour. The accuracy shall be such that the time difference
between IFCs shall not vary more than 0.5 second at any time.

Guidespec3131102 Page 14
 Response Comment on Clause 7.7
The time indications noted in this specification are subject to adequate network capacity and
do not apply to dial-up IFCs.

7.8 The IFC shall have an on board Ethernet (TCP/IP) connection and driver for
communications with the central control. The data speed for this connection should
support both 10BaseT and 10Base2.

7.9 The IFC shall include two other RS 232 multi-communications ports.

7.10 The IFC shall support remote site dial-up.

7.11 During communications failure all access, valid or otherwise, and all alarm events
shall be buffered at the IFC. The activity buffer shall be at least 5,000 events. The
IFP shall transfer the buffered events to the central control automatically when the
communications link is re-established.

7.12 A separate alarm message shall be transmitted to the central control for each of the
following alarm conditions. The alarm message shall be displayed in plain language
text.

7.12.1 Tamper
7.12.2 Tamper Return to Normal
7.12.3 Unit Stopped Responding
7.12.4 Card error
7.12.5 Maintenance Warning
7.12.6 Alarm Sector State Change
7.12.7 User Set
7.12.8 User Unset
7.12.9 Card Trace
7.12.10 Wrong PIN
7.12.11 Access Denied
7.12.12 Duress
7.12.13 Zone Count Maximum
7.12.14 Zone Count Minimum
7.12.15 Door Open Too Long
7.12.16 Forced Door
7.12.17 Door Not locked
7.12.18 Power Failure
7.12.19 System Reboot.

Guidespec3131102 Page 15
8.0 ELEVATOR CONTROL AND MANAGEMENT

8.1 The system must provide fully integrated elevator control facilities. The elevator
control access equipment must communicate with the same central control as the
door card readers.

8.2 The elevator control architecture shall comprise a card reader in each elevator car,
reporting to elevator control interface equipment mounted in or near the elevator
motor room. Reader type shall be the same as that used on access control doors.

8.3 The elevator control system shall be capable of controlling access independently in a
number of elevator shafts simultaneously.

8.4 The elevator control system shall incorporate dedicated intelligence and a local
database of authorised cardholders.

8.5 Each elevator reader shall be identified independently at the central control by means
of a unique plain language descriptor. The central control plain language descriptor
shall be at least 60 characters in length.

8.6 Each reader head shall be capable of raising an alarm if it stops communicating with
its elevator controller or is removed from the elevator.

8.7 The elevator reader shall check entry based on ALL of the following criteria:

8.7.1 Correct facility code

8.7.2 Authorised card in database
8.7.3 Correct issue number
8.7.4 Authorised level
8.7.5 Authorised time of day
8.7.6 Correct PIN (If PIN entry is required).

8.8 Each elevator car reader shall be capable of automatically switching the current
access criteria at an elevator card at different times of the day, based on control
parameters received from the central control. The following access criteria modes are
required:

8.8.1 Free access - elevator level select button for that level is unlocked, no card
entry required.
8.8.2 Secure access - Elevator level is locked. A successful card attempt is
required for valid entry. Elevator level re-secures after access attempt
8.8.3 Secure + PIN access - Elevator level is locked, a successful card and correct
PIN number attempt is required for valid entry. Elevator level re-secures after
access attempt.
8.8.4 Dual Authorisation - access is granted when two different but legitimate cards
are presented within a given time frame.
8.8.5 Escort – A second card is required to be presented from a cardholder who is
nominated in the “Escort Access Group”.
8.8.6 Shared PIN Number – The system Operator determines what the PIN
number will be and programs this into the system. Access is allowed at the
elevator level when the correct 4 digit PIN is pressed followed by the “Enter”
key.

Guidespec3131102 Page 16
 8.9 Low Level Interface.

8.9.1 The interface between the access system elevator control equipment and the
actual elevator switching control equipment shall be via dry relay contacts.
8.9.2 The elevator control system shall provide one relay contact per elevator shaft
per level for the system. This relay contact shall be used to interface with the
elevator switching control equipment.
8.9.3 An input shall be provided for each level per elevator to indicate what level
the user selected. On activation of this input all relays return to secure state.

8.10 High Level Interface

8.10.1 The interface between the access system elevator control equipment and the
actual elevator switching control equipment shall be via RS-232 connection.
8.10.2 The elevator control equipment will provide feedback as to which level was
selected by the cardholder and only allow the one level to be selected per
valid card swipe.

8.11 Elevator Access Management

8.11.1 The elevator control system shall be capable of setting individual levels to
public access (no card required) while other levels require a valid card
access attempt.
8.11.2 Levels must be securable on a level-by-level basis, using command
instructions transmitted from the central control.
8.11.3 The central control must provide operator override facilities to enable
temporary override capability on a level by level basis.

8.12 The elevator control system shall continue to operate without performance
degradation in the event of a communications link failure with the central control.

Guidespec3131102 Page 17
9.0 ACCESS CARDS AND TOKENS

9.1 Two access token technologies shall be proposed, being Proximity and contactless
Smart Card.

9.2 All Proximity cards, Vehicle Tags and Personal tokens shall be passive.

9.3 Proximity and contactless Smart Card cards shall be of standard credit card size,
being no larger than CR-80 and shall be direct printable using a dye-sublimation print
process or be capable of accepting an adhesive label printed through such a process.
All cards shall meet ISO standards.

9.4 If Smart Card is the chosen technology:

9.4.1 Smart Cards shall incorporate Mifare Standard technology.

9.4.2 The card numbering shall not be the card serial number, it must be a number
specifically encoded on the card.

9.5 As well as CR80 sized cards, vehicle tokens and key-ring transponders should also
be proposed as an alternative, where available.

9.6 The access token shall contain a unique facility code, unique cardholder identification
number and issue level.

9.7 The access control token shall uniquely identify the cardholder to the access control
system.

9.8 Access control information shall be stored on or in the access token in an encrypted
manner.

9.9 During transmission of data between a proximity access token and a proximity
reader, the data shall be encrypted.

9.10 All access control encoding data shall be invisible to the naked eye.

9.11 There shall be barriers employed to prevent the deciphering of access control data
stored on the card using any readily available equipment. The tenderer shall
document the barriers used.

9.12 There shall be barriers employed to prevent the copying or altering of access control
data stored on the card using any readily available equipment. The tenderer shall
document the barriers used.

9.13 Additional cards and access tokens shall be available and delivered on site within 24
hours of request.

9.14 The system shall be assigned a unique facility code worldwide, exclusively for this
project.

9.15 The system shall be capable of uniquely recognising card or token numbers up to
seven (7) digits in length.

9.16 The system shall be capable of uniquely recognising and handling up to 15 issue
levels for each unique Card number ID.

9.17 Cards and access tokens shall be able to be encoded by the supplier according to the
clients specifications, made known at the time of order. Cards and tokens supplied
with manufacturer determined card numbers will not be acceptable.

Guidespec3131102 Page 18
 9.18 It shall be possible to encode cards and tokens to allow operation of a user defined
Personal Identification Number (PIN) and the card still be supplied ex stock as
defined above.

9.19 As an alternative, pricing should be supplied for the supply of encoding software and
hardware that enables the Client to encode their own cards and/or tokens on site.

Guidespec3131102 Page 19
10.0 CARDHOLDER MANAGEMENT

10.1 The cardholder database shall be structured so that the name field is the key field for
each record. Use of the card number as the key field is not acceptable.

10.2 The IFC shall cater for up to 30,000 cardholders in its standard configuration. The
entire system should cater for up to 50,000 cardholders.

10.3 The system must allow at least 15 Issue Levels per card or token and must deny
access and raise a stolen card alarm to the operator when a wrong issue level is
presented to a reader.

10.4 Cardholders must be able to be issued with more than one access token of different
description and different number (i.e. access card and vehicle token) whilst
maintaining only one cardholder record in the database.

10.5 A “Personal Notes” facility shall be provided which shall accept standard keyboard
entered data and store this against that Cardholder.

10.6 At least 64 user-definable “Personal Data” fields shall be provided which may be
selectively reported on.

10.6.1 Personal Data Fields shall be able to be set up as either:

10.6.1.1 Text – User data may be entered.

10.6.1.2 Text List – User selects text from a pre-prepared list of text strings.
10.6.1.3 Numeric – User must enter numeric data.
10.6.1.4 Default Value – The field has a default value assigned.
10.6.1.5 Image – User assigns an image to the field.

10.6.2 Personal data Fields shall be able to be configured as:

10.6.2.1 Required field – Data must be entered.

10.6.2.2 Unique Values – Data must be unique form all other card records.
10.6.2.3 No Default Value – Default value disabled.

10.7 It shall be possible to “group” or “filter” cardholders for the purposes of editing access,
generating reports and assigning operator privileges.

10.8 The following information fields shall be displayed on the Cardholder editing window:

10.8.1 The date when a cardholder record was created

10.8.2 The date when the record was last modified and by whom.

10.9 For ease of programming Cardholders shall be grouped into access groups sharing
the same access criteria and default personal data fields.

10.10 It shall be possible to enter an automatic expiry date for the card.

10.11 It shall be possible to program future start and end dates and time for a new
cardholder’s access or any specific part of their access.

10.12 It shall be possible to allocate start and end dates and time for an Access Group’s
access to a particular access zone.

10.13 It shall be possible to program up to 8 temporary access requirements for each

cardholder or group of cardholders.

Guidespec3131102 Page 20
 10.14 Access shall have start and end dates and time to within one minute.

10.15 There shall be an easy mechanism to modify personal data fields or access criteria
for groups of cardholders.

Guidespec3131102 Page 21
11.0 INTRUDER ALARM SYSTEM

11.1 It shall be possible to utilise the system as an intruder alarm system using the card
readers to set and unset alarms.

11.2 Alarm input points and Access Control Alarms shall be able to be grouped into zones.
A zone can be defined as a geographical area, or group of areas, within a building
being controlled, all having the same security control criteria.

11.3 A zone can be in any one of four states and shall handle alarms differently depending
of the state. The first two shall be defined as set (armed) and unset (disarmed). The
names of the other states shall be able to be defined at the central control.

11.4 Alarm priorities can be assigned to any of the four input states.

11.5 The system shall provide entry and exit delays for the setting and unsetting of
alarms.

11.6 The entry delay shall be configurable from 0 to 5 minutes in steps of one second.

11.7 An optional audible warning must sound during the entry delay (from the time that the
alarm occurs to the time that the Zone state is changed). It must be possible to
designate either a specific card reader (or up to 4 readers) that should sound a
repeating beep, or an output relay that should be switched on during the Entry Delay.

11.8 An exit delay is to be provided to groups of inputs so that a change of state of an exit
delayed zone is delayed by the exit delay period which can be adjusted from 5
seconds to 5 minutes in steps of one second.

.
11.9 An optional audible warning must sound during the exit delay. It must be possible to
designate either a specific card reader (or up to 4 readers) that should sound a
repeating beep, or an output relay that should be switched on during the exit delay.
This applies to both manually and automatically changing the state of a zone – in the
case of automatically changing the state of a zone the exit delay and audible warning
gives people working late in the building time to unset the alarms or leave the
building.

11.10 The system shall include Alarm Escalation. It shall be possible to configure an Alarm
Escalation Time for each Point. If an alarm has not been processed, and the Alarm
Escalation time has elapsed since the alarm occurred, then a new event shall be
generated. This new event shall correspond to the original alarm, but may have a
different (usually higher) priority, and may cause a different set of alarm relays to
switch.

11.11 It shall be possible to have automatic time based setting and unsetting of alarms.

11.12 It shall be possible to configure the system such that events (such as a card swipe or
operation of a key switch connected to an input) can cause the state of a zone to be
manually changed.

11.13 It shall be possible to authorise selected cardholders to be able to set and unset
alarm zones by operation of the Card plus PIN reader as an alarm panel.

11.14 All alarm occurrences shall be presented at the central control within 4 seconds of
their occurrence at the remote field device.

Guidespec3131102 Page 22
 Response Comment on Clause 11.14
The following is a list of variables that will impact system performance:
Normal and peak event rates
Size of the cardholder database
Number of workstations
Geographical spread of a system
Network capacity - availability of bandwidth
Network reliability.

Please note that this is not intended to be an exhaustive list. The supplier will work with the
site to determine the network and computer hardware specifications required to meet the
anticipated demands likely to be placed on the system.

The time indications noted in this specification are subject to adequate network capacity and
do not apply to dial-up IFCs.

The guide specification assumes the system is configured in such a way so as to delivered its
stated functionality. The supplier of the system will work with the tenderer to ensure efficient
system configuration.

11.15 All Alarm events shall be viewable from an Alarm Stack.

11.16 It shall be possible to view all alarm events by clicking on interactive Site Plan icons
that, because of their changing audible and visual states, indicate the presence of
alarms.

11.17 All alarm events arriving at the central control shall be "time stamped" with the time
they occur and the time they were logged at the central control.

11.18 All alarm events shall have a user definable alarm priority assigned. A minimum of
10 alarm priority levels shall be provided.

11.19 Incoming Alarms shall be presented in the Alarm stack according to their assigned
priority with the highest level at the top. Alarms with the same priority shall be
presented in time order.

11.20 The priority of Alarms in the alarm stack shall be identifiable by a different text colour.

11.21 The central control must be able to control the actual priority assigned to any alarm
activation throughout the day. This means an alarm activation may be programmed
as "Low Priority" during office hours, and "High priority" at all other times.

11.22 It shall be possible to nominate an Input (e.g. Smoke, Fire or Gas detection) as an
“Evacuation Input” in which case certain doors within the Site will revert immediately
to Free Access.

11.23 Operators shall have a 2-stage alarm processing mechanism available to them,
being:

11.23.1 Acknowledge Alarm.

11.23.2 Process Alarm.

11.24 An Acknowledged alarm shall remain in the alarm stack and be easily identified as
having been Acknowledged but not yet Processed.

Guidespec3131102 Page 23
 11.25 A Processed alarm shall be cleared from the Alarm Stack. The central control shall
record in the hard disk activity log that the operator has processed the alarm. An
alarm is “Processed” by the operator selecting the “Process” button that is displayed
on the alarm viewing window.

11.26 An alarm shall not be able to be finally processed and cleared from the Alarm
Window until the alarm cause has returned to the normal state.

11.27 The Alarm viewing window will display the pre programmed alarm instructions to the
operator.

11.28 Alarm Instructions shall have the following features:

11.28.1 Default Alarm Instructions shall be able to be programmed and automatically

applied to all events of a common type e.g. all wrong PIN events in the
system for all readers.
11.28.2 Individual Alarm Instructions shall be able to be programmed and applied to
individual alarm events.
11.28.3 A table of contact names, phone numbers or other frequently used volatile
information shall be available when programming Alarm Instructions, and
applied to Alarm Instructions from a pick list. When this table is maintained,
all Alarm Instructions having links to the table will automatically be updated.
11.28.4 It shall be possible to cut, copy and paste Alarm Instructions between alarm
events.

The Alarm window will allow the operator to enter a comment. Such
comment will be date stamped by the system, and recorded against that
alarm event in the audit trail.

11.29 The system shall provide relay output facilities that are system activated in response
to alarm activations.

11.30 The system relay output facilities shall be capable of activating at least the following
types of response devices:

11.30.1 Alarm sounder

11.30.2 Flashing light
11.30.3 Pager
11.30.4 Auto-dialer.

11.31 The system shall provided the following relay output functions:

11.31.1 Activate and latch relay in response to alarm. Relay to remain latched until
alarm processed.
11.31.2 Activate relay for pre-set "pulse" time. Relay to return to "idle" after "pulse"
time lapses.
11.31.3 Relay activation to "mirror" alarm input activation.

Guidespec3131102 Page 24
 11.32 The system shall incorporate relay outputs which can be activated by time, rather
than alarm event. These outputs may be used to control lighting, heating, or to
electronically lock or unlock non-monitored doors.

11.33 The system shall translate specific alarms and/or events into ContactID strings,
available at a serial port on the Server.

11.34 The system shall incorporate a dialer for Contact ID format.

Guidespec3131102 Page 25
12.0 OPERATOR MANAGEMENT

12.1 The system must provide for at least 500 operator identifiers.

12.2 Operator establishment and maintenance shall be limited to assigned Senior

Operators.

12.3 It shall be possible to force operators to change their password after a predetermined
time.

12.4 It shall be possible to configure the system to only allow one logon per operator.

12.5 It must be possible to allow or deny Operators access to system menu functions.
This includes the viewing of Cardholder Personal Data fields, Personal Notes and
Images.

12.6 Any menu option not available to an Operator should be greyed out.

12.7 It must be easy to define operator privileges for a group of operators and it must be
easy to add an operator to the group.

12.8 Operator access to the system is to be restricted by means of an operator identifier

and password.

12.9 Each operator shall have the authority to alter his own password, but not that of
others.

Guidespec3131102 Page 26
13.0 AUDIT TRAIL & REPORTS

13.1 An electronic hard disk shall be used to record all system activity for archiving
purposes. Once archived it shall not be possible to alter data.

13.2 Every system activity event, whether valid access attempt, intruder alarm, camera
activation or system activation, or alarm event, shall be time stamped with the time of
occurrence and shall be recorded in the system activity log. Time stamping shall
include the date, and be to the nearest second.

13.3 The central control shall provide an on-line facility to archive system data and event
records to floppy diskette, tape or CD-ROM to free hard disk space for further activity
logging.

13.4 All operator initiated actions shall be recorded in the audit trail. Each operator action
event logged to audit trail shall be stamped with time of day and operator ID. The
audit trail shall include all details of any change that an operator has carried out.

13.5 The central control shall provide historical reporting capabilities from the following
sources of information:

13.5.1 System activity data.

13.5.2 Cardholder's access
13.5.3 Cardholder Personal Data fields
13.5.4 Cardholder access groups
13.5.5 Site configuration and setup data.

13.6 The report generation facility shall be easy to use and based on a “wizard” style of
parameter selection and preparation. The wizards shall provide features to simplify
report generation by incorporating selections such as report for “yesterday”, “last
week”, “last month” etc. This is for the purpose of quickly generating recurring,
standard format, reports.

13.7 The parameters for producing the report must be fully user definable and must be
capable of searching on any cardholder or access event criteria.

13.8 It shall be possible to produce an “Evacuation Report” upon request that will list all
cardholders by their last known Access Zone.

13.9 The central control shall generate and format reports in "background". This means
the operator must be able to process alarms, alter database parameters and perform
other system changes while the report is being generated. Report generation must
continue if the operator decides to perform any other task.

13.10 The central control shall have a screen preview function, so that reports can be
previewed on-screen before they are printed.

13.11 Report formats shall be able to be saved for future use.

13.12 The central control shall have a "printer spooler" so that reports can be printed at any
of the printers connected to the system.

13.13 The central control shall have a printer queue facility to enable reports to be queued if
the target printer is off-line, busy, not connected or faulty.

Guidespec3131102 Page 27
14.0 PHOTO ID BADGING

14.1 Overview

14.1.1 The system shall provide a means to electronically capture images, store
those images in an electronic database, integrate those images into a pre-
designed ID card, from within the system, and produce an integrated and
completely finished identification card within the nominated time frame.

Images are defined as being one or more of the following:

14.1.1.1 Photographic image of the cardholder

14.1.1.2 Signature of the cardholder and/or authorising person
14.1.1.3 A fingerprint of the Cardholder
14.1.1.4 Organisation Logos or designs.

14.1.2 The system shall be capable of importing database information, on selected

cardholders, from other systems and be capable of exporting that
cardholder’s data, either with or without controlled alteration or amendment,
to other databases.

14.1.3 The system shall have an integrated method of card design within the system
software without the requirement of having to import background files from
other software programs. The facility to import background images from other
sources must also be available. This must include scanned logos and other
graphical imagery if desired.

14.2 Image Capture

14.2.1 The system offered shall capture images in 24 bit colour and at least 640 x
480 pixel resolution using standard video capture hardware offering a TWAIN
standard interface or a USB digital camera.

14.2.2 Images must be able to be “cropped” after capture to optimise the image size
within the desirable image area. This movable “cropping” box must be user-
definable as to size.

14.2.3 Images must be capable of being enhanced by the use of variable Contrast
and Brightness controls and by the use of Smoothing and Sharpening
controls from within the capture software after they have been captured.
These controls must be easy to use from within the system software and
once set, these controls must be capable of applying the same setting on
subsequent image captures for different cardholders. Mouse operated
“sliding” bars are preferred however numerical controls may be acceptable.

14.2.4 The image, once captured, must also be capable of being flipped and
inverted as required before being printed or stored as per clause 14.3.1.

14.2.5 Up to three images per cardholder must be capable of being captured and
stored within the system. Images may be defined as per section 14.1.1
above.

Guidespec3131102 Page 28
 14.3 Image & Cardholder Data Storage

14.3.1 The system shall store images in the JPEG compression format. User-
definable compression rates shall be easily selectable by the operator
permitting, as a minimum, at least three levels of JPEG compression.

14.3.2 The system offered shall be capable of importing image files, for use in either
card layout or cardholder images, from at least the following formats:

JPEG, PCX, Windows BMP, TGA, Mac-Pic, CMP, Sun-Rast.

14.3.3 The card design must be capable of incorporating, storing, printing and
displaying bar-code information and must support the following bar-code
formats:

Code 39
Code 39 with checksum
Interleave 2 of 5
Interleave 2 of 5 with USS
Interleave 2 of 5 with OPC.

14.4 Card Design

14.4.1 The system must have an integrated card design program. Systems offering
only a separate card design program where card design images must be
created in alternate drawing programs and imported are not acceptable
however the system offered must also be capable of using imported images
as per clause 17.3.2.

14.4.2 The card layout section of the system must be capable of user-selecting up to
16.7 million colours with a custom colour palette available.

14.4.3 Card design must be accomplished by the use of “grab and move” options
using a mouse.

14.4.4 The system must be capable of using all of the common word processing
fonts and must also be capable of normal text manipulation including, text
sizing - left and right justification, centering, bolding, underlining & italicising.

14.4.5 The variable cardholder image files that are selected to incorporate into the
card design must be user-definable as to size. Full size being defined as
30mm x 40mm. The sizing must be fully user-configurable from 25% of full
size up to 200% of full size, as a minimum, and must offer automatic aspect
ratio adjustment throughout the size range.

Guidespec3131102 Page 29
 14.5 Output Options

14.5.1 The system shall be capable of producing hard copy output of images and
data using any standard MS-Windows™ printer including laser, bubble-jet
and dot-matrix printers.

14.5.2 The system shall produce photo ID cards using a single step hard-card colour
MS-Windows compatible printer. Systems offering multi-stage production,
any heat lamination or heat & pressure card production are not acceptable.
The system shall be capable of printing directly onto Hi-Co magnetic stripe
cards, Wiegand effect cards and proximity smart cards without damaging the
properties of each card technology.

14.5.3 Cards must be capable of either landscape or portrait printing and Bar-codes
must be capable of either vertical or horizontal orientation on the card when
printed.

Guidespec3131102 Page 30
15.0 COMMUNICATIONS & DIAGNOSTICS

15.1 The IFC shall communicate with remote devices (card readers, alarm equipment,
elevator readers) using a fully encrypted data communications protocol. Unencrypted
ASCII text or similar data transmissions are not acceptable.

15.2 All communications between the IFCs and the remote devices must be check-digit
coded to protect data from manipulation during transmission.

15.3 All communications links between the IFCs and the remote devices shall be
monitored such that an alarm is raised at the central control if the data being
transmitted is corrupted or tampered with in any way.

15.4 All communications between the IFC and the system PC shall be encrypted TCP/IP.
Communications shall be on-line and monitored for interruption.

15.5 Direct Connection

15.5.1 All communications between the IFCs and the remote devices shall be "on-
line" at all times.
15.5.2 Communications shall be as defined in Part 1 of this specification.

15.6 Remote Connection

15.6.1 Remote communication between the IFC’s and the remote devices shall use
the switched telephone network circuits.
15.6.2 Connection shall be via an ISP service.
15.6.3 Modems connected to the customer LAN are not permitted, however dialout
directly from the Server is allowed provided the modem is fixed to “non-
answer” mode.

15.7 The central control shall automatically restart full and complete processing after a
power failure.

15.8 The central control shall provide a full diagnostic performance log to enable system
engineers to monitor system performance in the event of a system malfunction.

15.9 The diagnostic performance log shall be stored in a separate file on hard disk from all
other data files.

15.10 The diagnostic performance must be available without shutting down or "freezing the
system."

15.11 The central control shall provide on-line system diagnostic facilities which enable
authorised operators or systems engineers to monitor and then tune the system
performance (communications network performance tuning, for example).

Disclaimer
Whilst every effort has been made to ensure accuracy, neither Cardax (International) Ltd nor any employee of
the company, shall be liable on any ground whatsoever to any party in respect of decisions or actions they may
make as a result of using this information.
In accordance with the Cardax policy of continuing development, design and specifications are subject to
change without notice.
Cardax access control systems and products are developed and manufactured by Cardax (International) Ltd, an
ISO 9001:2000 Certified Supplier.
Cardax is a registered trademark of Cardax (International) Ltd. All trademarks and logos are properties of the

Guidespec3131102 Page 31
respective owners.
Cardax FT: Patents pending.

Guidespec3131102 Page 32