Security Systems Scope of Work: Template and Checklist for Commercial GCs

Security systems are among the most frequently fragmented and poorly defined scopes in commercial construction. Access control, CCTV, intrusion detection, intercom, and video management systems are often treated as a single "security" scope — but they involve different systems, different licensing requirements, and different integration points that must be defined separately to generate comparable bids and compliant installations. A well-written security systems scope of work protects the GC from scope gaps, ensures the owner gets a unified and functional system at occupancy, and avoids the costly integration failures that appear after the access control sub and the camera sub each assume the other is providing the network infrastructure. This guide covers the complete scope.

Security scopes must define each system type, the integration requirements between systems, and the scope boundary with the low voltage sub and the electrical sub.

Access Control System

• Card reader technology: Specify the credential technology: proximity (125 kHz, legacy, low-security), smart card (13.56 MHz, HID iCLASS, MIFARE, DESFIRE — preferred for commercial), or mobile credential (BLE Bluetooth, NFC). Mobile credentials are increasingly the standard for new commercial construction — confirm the platform with the owner before specifying.
• Controller architecture: Specify the access control system platform (Software House, Lenel OnGuard, Genetec Security Center, Honeywell ProWatch, Bosch AMS) and whether the system is server-based (on-premises) or cloud-managed. Cloud-managed access control (Brivo, Openpath, Verkada) eliminates the need for a local server but requires consistent internet connectivity — confirm the owner's preference before specifying.
• Electric locking hardware: Specify the locking device type at each controlled access point: electric strike (fail-secure or fail-safe), magnetic lock (fail-safe, requires approval for use on fire-exit doors per IBC Section 1010.1.9.8), electric mortise lockset, or electric cylindrical lock. Fail-safe devices unlock upon power loss — required on most fire-rated exit doors. Fail-secure devices remain locked — required on high-security perimeter doors where security must be maintained during a power outage.
• Request-to-exit (REX): Passive infrared or microwave REX sensor at all outbound access-controlled doors — required to allow free egress while logging the exit event. Specify the REX sensor type (ceiling-mounted PIR or door-frame PIR) and confirm it does not interfere with egress requirements.
• Door contacts: Door position switch (DPS) at every controlled door to monitor open/closed status and generate propped-door alarms. Specify surface-mount vs. recessed DPS and confirm compatibility with HM vs. wood door frames.

CCTV and Video Surveillance

• Camera resolution and type: Minimum 4MP (2688×1520) for all fixed cameras in commercial applications. 8MP or 4K for critical surveillance points (cash handling, building entrances, parking exits). Specify: fixed dome (for ceiling mount in interior spaces), bullet (for exterior under-eave mount), PTZ (pan-tilt-zoom for large areas requiring operator-directed tracking), fisheye/multi-sensor (for 180° or 360° coverage in open areas).
• Outdoor ratings: IP66 or IP67 (dust-tight and waterproof) for all exterior cameras. IK10 vandal-resistance rating for cameras in public-accessible areas (lobbies, parking structures, loading docks). Specify operating temperature range for cameras in extreme climate conditions.
• Video management system (VMS): Specify the VMS platform (Milestone, Genetec Security Center, Avigilon ACC, Hanwha Wave) and whether the system is server-based or NVR-based. For large installations (over 20 cameras), specify server redundancy and storage RAID level. Define retention policy: minimum 30 days full-motion video storage at full resolution is the commercial standard; 60–90 days for high-security or regulated applications.
• Analytics: Specify any required video analytics: motion detection (standard), license plate recognition (LPR) for parking, people counting, loitering detection, or perimeter intrusion. AI-based analytics require specific camera models compatible with the VMS platform — confirm compatibility before specifying.

Intrusion Detection

• Intrusion detection panel: Specify the panel platform (DSC, Bosch, Honeywell, Napco) and zone count. Commercial systems require a UL Listed panel if central station monitoring with insurance-required response time is needed.
• Detection devices: Motion detectors (PIR or dual-technology PIR/microwave for high-traffic areas or pet-immune applications), door/window contacts, glass break sensors (acoustic, require specific placement per manufacturer for coverage radius), and vibration sensors for high-value storage areas.
• Monitoring: Specify whether the system will be monitored by a central station (UL Listed station for commercial insurance compliance) and whether the communication path is cellular, IP, or POTS line (POTS is being phased out in most markets — specify cellular or IP-based communicators for all new installations).

Tip for PMs: The most common security scope gap is the network infrastructure for IP camera and access control systems. IP cameras and access control panels require network switches with PoE (Power over Ethernet) to power the devices and carry video and data traffic. Define whether the security sub is providing dedicated PoE switches for security devices or whether the low voltage or IT sub is providing the network infrastructure — this is a grey zone that generates costly disputes at installation.

Security system submittals require owner approval on system platform and credential technology before any equipment is ordered. Platform decisions are difficult and expensive to reverse after installation.

Required Submittals

• System architecture drawing: showing access control panel locations, camera locations, network switch locations, server room or NVR location, and conduit routing for each system
• Camera coverage plan: floor plan showing each camera's field of view, confirming coverage of all required areas with no blind spots at entry points
• Access control point schedule: door-by-door listing of reader technology, locking device type, REX sensor, DPS, and monitoring zone
• Product data sheets for all cameras, access control hardware, panels, and VMS software
• UL listing documentation for all intrusion detection components where central station monitoring requires UL certification
• Network requirements: PoE switch specifications, IP address allocation, and VLAN requirements submitted to the owner's IT team before installation

Licensing and Insurance Requirements

• Security alarm contractor licensing is required in most jurisdictions. Confirm that the security sub holds the required license for the project's jurisdiction before award.
• Central station monitoring contracts and UL certificates of installation must be provided to the owner at project closeout — these are required by most commercial property insurance policies for alarm premium discounts.

Best Practices from Leading GCs

• Hold a unified security coordination meeting with the security sub, low voltage sub, electrical sub, and owner's IT and facilities teams before rough-in begins. Establish who provides and installs conduit, who provides PoE network infrastructure, and who programs the access control and VMS platforms. Unresolved handoff issues between these parties are the primary cause of security system commissioning delays.
• Confirm the owner's credential policy before specifying the access control platform. Some owners want mobile credentials; others require physical cards for compliance reasons (visitor management, regulated facilities). The credential choice drives the reader technology, which drives the panel and platform — and cannot easily be changed after installation.
• Require a camera coverage walk-through with the owner or security consultant before conduit is pulled. Camera locations shown on plan drawings frequently miss coverage of blind spots that are only apparent in the actual space.

Security systems coordinate with the access control hardware (installed in DHF frames), the fire alarm system (integration for alarm shunting and access release), and the owner's IT infrastructure.

Door Hardware and DHF Coordination

• Electric strikes, magnetic locks, and electric mortise locks must be compatible with the door frame design. Coordinate with the DHF sub before door frames are ordered. Mortise lock electric retrofit requires a specific door prep that must be specified at the time of door fabrication — it cannot be field-modified cost-effectively after delivery.
• Reader and keypad mounting heights: ADA requires card readers at controlled access points to be mounted at 48" maximum AFF (above finished floor) to reach (forward approach) or 54" AFF (side approach). Confirm mounting heights with the architect and DHF sub before rough-in.

Fire Alarm Integration

• In a fire alarm event, access-controlled doors on required egress paths must unlock. The interface between the fire alarm panel (FACP) and the access control panel is typically a dry contact relay from the FACP to the access control system. Define this interface in both the fire alarm scope and the security scope — and confirm the integration is tested during fire alarm commissioning.
• Electromagnetic door hold-opens integrated with the fire alarm system must be listed in the access control hardware schedule and coordinated with the fire alarm sub for wiring and programming.

Pre-Installation Coordination Checklist

• System architecture approved by owner
• Camera coverage plan reviewed and field-walked with owner
• Access control point schedule confirmed against DHF schedule
• PoE network switch infrastructure confirmed — provided by security sub or low voltage sub
• Electric locking hardware compatibility confirmed with DHF sub
• Fire alarm integration interface defined in both scopes
• Network requirements submitted to owner's IT team
• Licensing confirmed for jurisdiction

Tip for Estimators: When reviewing a security systems bid, verify that network switches (PoE), server hardware (for VMS), conduit and cabling, programming, commissioning, and owner training are included. Security system bids that price only "supply and install cameras and readers" may be missing 40–60% of the total system cost. A complete security bid prices the fully commissioned, operational system — not just the hardware.