Keystone Integration
All articles
April 18, 20269 min read

Access control for small offices: keycards, mobile credentials, or both?

Small-office access control ranges from a $200 smart lock to a $10,000 enterprise system. Here are the three tiers, when each makes sense, how credentials compare, and why camera integration is the force multiplier.

Access ControlSmall businessKeycardsHIPAAUniFi Access

If you run a small office — a dental practice, a law firm, a co-working suite, a salon, a real-estate brokerage — you probably have a lock-and-key system that’s some combination of too many keys, no audit trail, and an ex-employee who still has a copy.

Modern access control fixes all three. But the options range from a $200 smart lock on the front door to a $15,000 enterprise system with readers on every room, and it’s not obvious where a small office should land. Here’s the practical guide.

What access control actually does for a small office

At its simplest, access control replaces keys with credentials — keycards, fobs, phone taps, PINs, or biometrics. The point is not the fancy reader. The point is:

  • Immediate revocation. When someone leaves, you disable their credential in software. No key collection, no lock re-keying, no wondering if they made copies.
  • Audit trail. Who opened which door, when, for how long. For HIPAA-regulated offices (dental, medical, therapy), this is not optional.
  • Scheduling. The cleaning crew gets access from 7–9 PM on Tuesday and Thursday. The part-time associate gets access Monday through Wednesday. The front door unlocks at 8 AM and locks at 6 PM automatically.
  • Integration with cameras. A door event triggers a camera recording. If someone opens the back door at 2 AM, you have a face and a timestamp in the same timeline.

The three tiers of small-office access control

Tier 1: Smart lock on the front door (~$200–400)

A Schlage Encode Plus, Yale Assure Lock 2, or similar commercial-grade smart lock on the main entrance. PIN codes per person, phone unlock, scheduled auto-lock, basic audit log in the app.

  • Pros: cheapest option, self-install, works immediately, no infrastructure required.
  • Cons: one door only (usually front), limited audit depth, battery-powered (replace every 6–12 months), no camera integration unless you bolt together separate systems, PINs are share-able and visible to shoulder-surfers.

Best for: a 1–3 person office with one entry point and no compliance requirements.

Tier 2: Keycards or fobs + a basic controller (~$800–2,500)

A controller (HID Mercury, Kisi, Openpath, or similar cloud-managed system) connected to one or two readers at the main entries. Staff get keycards or fobs; visitors buzz in or get a temporary card.

  • Pros: real audit trail with timestamps, instant credential revocation, scheduling, cloud dashboard for remote management, supports multiple doors.
  • Cons: monthly SaaS fee on most cloud platforms ($5–$15/door/month), reader hardware costs, needs Cat6 or PoE wiring to each door, professional install recommended.

Best for: 3–15 person offices with 2–4 doors, especially if compliance (HIPAA, PCI) requires access logging.

Tier 3: Enterprise access control integrated with cameras (~$3,000–10,000+)

UniFi Access, Verkada, Avigilon Alta, or a traditional enterprise system (Lenel, S2, DMP). Readers on every controlled door, mobile credentials, full camera integration (door opens → camera clips to the access event in one timeline), multi-site management, and granular permission groups.

  • Pros: everything in one dashboard (if using UniFi, it’s the same app as cameras and networking), mobile credentials replace physical cards, enterprise-grade logging and compliance reporting, scales to dozens of doors.
  • Cons: real cost — readers are $300–600 each, hubs are $500–1,000, plus wiring and install labor. Some platforms (Verkada) have annual licensing fees. UniFi Access has no recurring fee, which is one of the reasons we default to it.

Best for: 10+ person offices, multi-suite buildings, medical/dental/legal offices with compliance needs, any business that already runs cameras and wants one system.

Keycards vs mobile credentials vs PIN codes

The credential type matters more than most people think:

Physical keycards / fobs

  • Simple, familiar, no phone needed.
  • Can be lost, stolen, or shared — but revocation is instant in software.
  • $2–5 per card. Buy in bulk.
  • Work even if the user’s phone is dead.

Mobile credentials (phone tap / Bluetooth)

  • No card to lose — the credential lives on the phone.
  • Harder to share (tied to a specific device/account).
  • Requires the reader to support Bluetooth LE or NFC, and the user to have a compatible phone.
  • Apple Wallet / Google Wallet integration is the polished version; vendor-specific apps are the common version.

PIN codes

  • No card, no phone — just a code.
  • The weakest security: PINs are observable, shareable, and often written on sticky notes.
  • Useful as a backup (what happens when someone forgets their card) but not great as the primary credential.
  • Best use case: cleaning crews, delivery access, and one-time visitors who don’t warrant a card.

Our default recommendation for most small offices: keycards as the primary credential, mobile as the backup for people who prefer it, PIN as the emergency fallback. This covers everyone without forcing anyone onto a specific device.

Wiring: what needs to get to each door

Access control readers need power and data at the door frame. The typical wiring per door:

  • One Cat6 drop from the network closet to the reader location (typically at 48” height, lock-side of the frame).
  • A door-position sensor (magnetic contact, usually included with the reader/lock kit) — wired to the controller to log open/close state.
  • An electric strike or maglock on the door if you’re going beyond just logging and want the reader to actually unlock the door electronically.
  • Power: PoE from the switch (for PoE-powered readers like UniFi Access) or a low-voltage power supply in the closet (for traditional systems).

If you’re doing a tenant improvement or office build-out, add access-control wiring during construction. Retrofitting a reader into a finished door frame is doable but costs 2–3x more in labor.

Camera integration: the force multiplier

Access control without cameras tells you whose credential opened the door. Access control with cameras tells you who actually walked through it. Those are not always the same person.

On UniFi, an Access reader event appears in the same Protect timeline as the camera footage. You tap on “John Smith unlocked the server room at 9:47 PM” and the camera clip plays inline. For a local-NVR camera system, this is a single-app experience with no subscription.

For offices handling sensitive data (medical records, financial files, legal documents), this paired audit trail — credential + video — is often what compliance actually requires.

The compliance angle: HIPAA, PCI, and insurance

If your office handles protected health information (HIPAA), payment card data (PCI DSS), or sensitive legal/financial records:

  • HIPAA requires “facility access controls” (§164.310(a)) — documented policies for who can access areas where PHI is stored or accessed. An audit log from an access-control system is the simplest way to demonstrate compliance.
  • PCI DSS Requirement 9 mandates restricting physical access to cardholder data environments. Keycards with per-person audit logs satisfy this directly.
  • Insurance: some commercial property policies offer reduced premiums for businesses with documented access control and surveillance. Ask your agent — the savings sometimes cover the annual cost of the system.

What we typically install for a small Utah office

For a 5–15 person office with 2–3 controlled doors:

  • UniFi Access Hub + 2–3 UniFi Access Readers (one per door).
  • Mobile + keycard credentials for staff; PIN for cleaning crew.
  • Electric strike on the front door for remote/scheduled unlock.
  • Camera at each controlled door, feeding into the same UniFi Protect timeline.
  • Scheduling: auto-lock at close of business, auto-unlock at open.
  • All on the same segmented network as the cameras and guest Wi-Fi, with proper firewall rules.

Typical installed cost: $2,500–5,000 depending on door count and whether electric strikes are needed. No monthly fees on UniFi Access.

Bottom line

Access control for a small office is not the enterprise install people imagine. A smart lock handles the simplest case. Keycards + a controller handle most offices. Enterprise-grade systems (UniFi Access, Verkada) handle the rest and integrate with cameras for a single audit trail. The right tier depends on door count, compliance needs, and whether you want camera integration — not on office size alone.

Keystone Integration installs access control for small offices across Taylorsville and the rest of the Wasatch Front — keycards, mobile credentials, camera integration, and compliance-ready audit trails. You can see the full list of what we do on our main site, or get in touch to scope a system for your office.

Keep reading