Access-control system guide
Biometric access control uses a measured human characteristic as part of identification or authentication. Because biometric information is highly personal and difficult to replace if compromised, it should be considered only where necessity and proportionality are established—not as the default upgrade from cards or PINs.

Define the problem before choosing biometrics
State the risk that ordinary named credentials do not adequately address. Is the concern card sharing, a restricted high-value area or a regulated operating procedure? Compare less intrusive controls such as supervision, two-factor card-and-PIN, stronger credential technology or improved leaver management.
Convenience or novelty alone is a weak basis for collecting biometric information.
Understand enrolment and matching
Systems may store a biometric template rather than a conventional photograph, but a template is still sensitive information. Ask what is captured, how the template is generated, where it is stored, how matching occurs and whether original samples are retained.
False acceptance and false rejection are different errors. Performance varies with users, environment, configuration and presentation; headline laboratory rates do not prove site performance.
Address privacy before installation
Obtain organisation-specific advice on notice, consent or other authority, necessity, data minimisation, security, access, retention, deletion, overseas disclosure and incident response. Review current OAIC guidance and applicable workplace obligations.
Document who can enrol people, who can export or administer templates, and how deletion is verified after a person leaves.
Provide an equivalent alternative
People may be unable or unwilling to use a biometric method because of disability, injury, cultural concerns, privacy or poor matching. An alternative credential and exception process should not unreasonably disadvantage them.
Test throughput and assistance arrangements with representative users before broad rollout.
Secure the complete architecture
Protect enrolment stations, administrator accounts, networks, databases, exports, backups and vendor remote access. Verify encryption and template-protection claims from current technical documentation.
A secure reader cannot compensate for an exposed management account or indefinite retention.
Compare biometric methods before selecting one
| Method | How it is commonly used | Potential advantage | What must be tested or governed |
|---|---|---|---|
| Facial recognition | A terminal compares a live face with an enrolled template, sometimes alongside card or PIN. | Contactless presentation and no physical credential to carry. | Necessity, consent, lighting, demographic performance, presentation attacks, placement and a non-biometric route. |
| Fingerprint | A user presents an enrolled finger to a purpose-built reader. | Compact readers and an individual characteristic rather than a transferable card. | Hygiene expectations, worn or damaged fingerprints, accessibility, environmental conditions and fallback. |
| Iris or other specialised biometrics | A dedicated sensor performs matching for a tightly defined population or higher-assurance workflow. | May address a specialised identification requirement. | Cost, user acceptance, throughput, enrolment quality, integration and whether the added sensitivity is justified. |
| Biometric plus card or PIN | The system requires two supported factors before granting access. | Can reduce reliance on either a possessed credential or a biometric match alone. | Throughput, exception handling and whether the factors are technically independent in the proposed platform. |
Voice recognition and a phone’s local biometric unlock are not automatically door-access biometrics. For example, a mobile credential may be released by the phone after local Face ID or fingerprint verification while the access-control system receives a cryptographic mobile credential rather than the person’s biometric template. Ask exactly which system collects, stores and compares the biometric information.
Choose the system level as well as the biometric
A one-door biometric terminal may directly operate a relay and store a modest user database. A managed small-site system can distribute users, schedules and events across several terminals. A comprehensive platform may combine protected controllers, many doors, central enrolment, alarms, visitor management and role-based administration. Those are materially different security and privacy architectures even if the same person presents a face or finger at the door.
- One stable internal door: compare a local terminal with card-and-PIN before accepting biometric administration overhead.
- Several staff entrances: prioritise central offboarding, door status, alternative credentials and consistent audit records.
- High-risk or multi-site access: assess multi-factor authentication, protected controllers, segmented networks, resilient management and formal privacy governance.
- Public or customer-facing entrance: obtain specific privacy advice before capturing people who may not have a genuine choice.
Create a biometric decision record before procurement
The OAIC treats biometric templates used for automated verification or identification as sensitive information under the Privacy Act where that Act applies. Current OAIC facial-recognition guidance recommends assessing necessity and proportionality, consent and transparency, accuracy and bias, governance and ongoing assurance; it identifies a privacy impact assessment as a best-practice starting point. Applicability and lawful basis depend on the organisation and use case, so obtain qualified advice rather than treating equipment settings as compliance.
Record the purpose, affected people, less intrusive alternatives considered, information flows, hosting location, administrator access, retention and deletion, breach response, testing method, complaints process and equivalent alternative. Revisit whether the benefits were achieved and whether continued biometric use remains justified.
See the OAIC facial-recognition privacy-risk guide and OAIC biometric-scanning overview.
Questions about biometric access control
Are fingerprints stored as images?
Architectures differ. Some create mathematical templates, but those templates still require strong privacy and security controls. Confirm the exact proposed data flow.
Is biometric access more secure than a card?
It may reduce some credential-sharing risks, but introduces matching errors, privacy consequences and new system dependencies. Security depends on the full design.
Can employees refuse?
This is organisation- and context-specific. Obtain appropriate workplace and privacy advice and provide a practical alternative while requirements are assessed.
What happens when someone leaves?
Disable their access immediately and delete biometric records under the approved retention process, including relevant systems and backups where applicable.
Should biometrics be used on every door?
Usually no. Apply proportionate controls to defined risks and avoid collecting sensitive information where a less intrusive method is adequate.
Assess the site before selecting a platform
Send door photographs or plans, user numbers, credential preferences, integrations and operating requirements. Serious Security can assess commercial projects in Sydney and Melbourne.


