National Security Inspectorate Sentinel House, 5 Reform Road, Maidenhead, SL6 8BY E: nsi@nsi.org.uk | W: nsi.org.uk Page 1 of 3 © NSI 2024 Date: 7th October 2024 To: All NACOSS Gold and Systems Silver approved companies and applicants TECHNICAL BULLETIN No: 0066 Publication of NSI NCP 109 Issue 4 – Code of Practice for Design, Installation, Commissioning and Maintenance of Access Control Systems NCP 109 “Code of Practice for Design, Installation, Commissioning and Maintenance of Access Control Systems” is now published at Issue 4. The content and structure differences between NCP 109 Issue 3 and Issue 4 are an evolution and, as such, the changes are relatively minor. Consequently, this Technical Bulletin provides an overview of the main changes rather than including the actual new or amended text. This Technical Bulletin must be read in conjunction with NCP 109 Issue 4. Please note: This Technical Bulletin is not a definitive list of all the changes introduced in Issue 4 of NCP 109; only significant changes are listed. Implementation timescale for applicant companies New applicant companies to NSI NACOSS Gold and Systems Silver schemes will be audited against NCP 109 Issue 4 with immediate effect. Any Improvement Needs recorded against clauses of the Standard will need to be satisfactorily addressed before approval can be granted. Where an application for approval was already in progress with the NSI before the date of this Technical Bulletin, the approval will continue to progress against the appropriate standards. Implementation timescale for existing approved companies NSI approved companies will need to be compliant with NCP 109 Issue 4 by the 30th September 2025. Key updates and enhancements in NCP 109 Issue 4 Introduction This section has been updated with a note aimed at providing a clearer overview of the scope, including the requirements for compliance with national building regulations, CPR (construction Technical Bulletin No: 0066 Page 2 of 3 © NSI 2024 products regulation) and specific standards such as EN 179 (Emergency exit devices), EN 1125 (Panic exit devices), and EN 13637 (Electrically controlled exit systems for use on escape routes). 1. References References have been updated to include the latest standards and regulations, with BS EN 13637 added. 2. Abbreviations Expanded definitions to include new terms such as “Construction Product Regulations (CPR)” 3. Risk assessment A more structured approach to risk assessment including a new table detailing typical door types and their impact on Access Control Systems (ACS) design. This section now includes specific considerations for emergency and panic exit doors to ensure compliance with EN 179, EN 1125, and EN 13637. 4. Classification of access points No significant changes in this area. However, sentence relating to RFID relaying on CSN has been removed due to it not being common practice and difficult to comply with. 5. Survey The survey process must now consider compliance with BS 7273-4, particularly where the access control system interfaces with fire alarm systems or other emergency egress controls. This integration ensures that the access control system does not hinder emergency escape routes. 6. Equipment selection and installation New guidelines detail the need for risk assessments and surveys to determine suitable control equipment and hardware. Access control solutions for emergency or panic exit doors must comply with EN 179, EN 1125, and EN 13637 standards. The guidelines also integrate requirements from BS 7273-4, detailing the installation of emergency manual release controls and the importance of consulting fire door manufacturers to ensure the integrity of fire-resisting doors is maintained. 7. Data cables Network Cabling: The new guidelines clarify that network cabling should be run according to the manufacturer’s guidelines, with a focus on maintaining correct distances, termination standards and bend radius. The update introduces the allowance for range extenders, provided there is no loss in data integrity and makes greater allowances for simple point-to-point systems. Technical Bulletin No: 0066 Page 3 of 3 © NSI 2024 8. Network security Minor changes to ensure login credentials are not left as default and that permission to have access into customers’ networks using devices such as laptops and USB sticks is recorded. 9. Commissioning, handover and documentation Minor changes to the wording so as to ensure at the time of Installation all system applications and operating software are of the latest firmware/software versions. 10. Maintenance and documentation More explicit instructions on maintaining records with additional security management guidelines, particularly around software/firmware and security patches. Conclusion NCP 109 Issue 4 introduces updates driven from CPR and building regs and information/network security guidelines along with bringing in some elements of BS7373-4 to make them mandatory thus reflecting the evolving needs of security and access control systems specifically surrounding the consideration of safe egress in the event of Fire, Emergency or Panic situations. It is crucial for all stakeholders, including designers, installers, and maintenance personnel, to familiarise themselves with these changes to ensure continued adherence to best practices and regulatory requirements. For further details or clarification on implementing these changes, please contact the Technical Services Department.