<SpecificationName>

1. Competencies

1.1. Competencies shall be cardholder-based assignable attributes, used to determine if

the cardholder is allowed access to specified areas based on factors relevant to the
cardholder. The factors may be based on authority, or skill levels, or similar.

1.2. Multiple competency attributes may be assigned to one or more cardholder records.

1.3. Each competency will assume one of 4 different states:

1.3.1. Active - The competency is currently valid for the cardholder.

1.3.2. Expiry due - The competency is currently valid for the cardholder but will
expire in a specified period.

1.3.3. Expired - The competency has been assigned to the cardholder but has
expired.

1.3.4. Disabled - The competency, is temporarily disabled (or overridden) for the
cardholder.

1.4. The competency states shall be configurable as “soft” - allowing access but generating
an alarm; or “hard” - denying access, should a competency requirement not be met.

1.5. Each competency shall be individually set per cardholder

1.6. A field shall be provided to store the reason for disabling a competency.

1.7. Competencies shall be configured as required per access zone.

1.8. It shall be possible to exempt specific access groups from the requirement to meet
specific competencies.

1.9. Denied access due to an invalid or missing competency shall be displayed to the user
at the door reader.

1.10. Access permission based on competency criteria must be determined at the IFC,
independent of the ISMS being on line.

1.11. The reason for denied access due to an invalid competency shall be displayed on the
door reader or keypad.

1.12. Advance warning of a cardholder’s competency about to expire shall be sent to the
individual and/or other nominated persons via email.

1.13. A consolidated report detailing competency expiry warnings for cardholders shall be
sent via email to the associated manager.

<SpecDate> Page 1