Secure armored doors: RC2 to RC4 levels and access control
EN 1627 ranks 6 classes from RC1 to RC6: why RC3 remains the office standard
Systematic RC4 = a 40 to 60% cost overrun with no measurable reduction in risk. The EN 1627 standard ranks six resistance classes, and our reading of the Kytom portfolio (80 secured sites delivered since 2006, including 62% in RC3 and 23% in RC4) confirms that the right level is decided door by door, not floor by floor. An office armored door combines four inseparable requirements: an EN 1627 classification, a CNPP-certified A2P lock, NF EN 50133 access control, and compatibility with the evacuation routes mandated by articles R4216-1 to R4216-34. This guide details the regulatory framework, the architectural integration method, the measured results and the trade-offs, while explicitly identifying the cases where armoring is not the relevant answer.
The European standard EN 1627 structures six levels of resistance to break-in, from RC1 (limited deterrence) to RC6 (heavy 20-minute attack). The table below summarizes the three classes relevant to office buildings:
| Class | Attacker profile | Tools | Minimum hold |
|---|---|---|---|
| RC2 | Opportunistic | Screwdriver, pliers | 3 min |
| RC3 | Determined | Crowbar, hammer | 5 min |
| RC4 | Experienced | Axe, saw, drill | 10 min |
Standard office buildings opt for RC2 on secondary entrances and RC3 on main entrances or sensitive rooms (HR, financial management). Data centers, server rooms and confidential archives require a minimum of RC4, in addition to CNPP-certified A2P locks. The NF P25-301 standard governs the associated metal door frames, and a dedicated framework structures electronic access control. The NIS 2 directive, transposed into French law in 2024, strengthens the physical security of essential service operators and drives RC4 demand in the data segment.
Our reading diverges from the conventional security wisdom on this specific point. The profession prescribes generalized RC3 on office entrances, out of caution or by catalog default. On the headquarters under 1,500 m² that we support, below a handful of sensitive doors per site and outside NIS 2 regulated zones or CNPP APSAD R81, the cost/risk ratio of RC3-RC4 is not justified: reinforcement via an A2P lock on a standard door frame, coupled with compliant electronic access control, covers most risks for a significantly reduced budget. Systematic RC4 armoring across an entire office floor is counterproductive when the risk mapping does not distinguish between zones.
Labor Code R4216 and evacuation compatibility: the opening constraint takes precedence over armoring
An armored door placed on an exit route must remain openable without a key from the inside. This regulatory obligation governs the entire technical specification: EN 1125-compliant panic bars on emergency exits, door closers linked to the fire safety system (SSI), and coordination with fire compartmentalization. In office buildings, access to floors larger than 500 m² may require EI 60 fire doors with automatic triggering coordinated with a category A SSI.
For the architect and the IRB: integration takes precedence over the catalog. The dual requirement of RC break-in resistance and EI fire resistance significantly increases the cost of the security joinery package, but it secures regulatory compliance and insurance coverage. The challenge for the architect is not the choice of a catalog product: it is the coordination, from the detailed design phase (APD), between the security engineering office, the SSI coordinator, the inspection office and the aesthetics of the cladding (laminate, wood veneer, lacquer) to preserve the architectural appearance of the floor. Kytom maps these points during the audit phase to avoid late non-conformities. On multi-company sites, the prevention plan governs the intervention, with SPS coordination when the regulatory threshold is exceeded.
The 5-step Kytom method, from security audit to maintenance
The intervention follows a documented process:
- On-site security audit (about 2 days): mapping of sensitive zones, qualification of flows (visitors, contractors, authorized employees), inventory of structural constraints.
- Technical specification: choice of RC2, RC3 or RC4 level, type of lock (3 to 7 points), material (2 mm to 4 mm steel, anti-drill core), cladding (laminate, wood veneer, lacquer) to preserve the office aesthetic.
- Access control integration: Mifare or Desfire readers, keypads, biometrics (fingerprint, facial recognition), connection to the building management system (BMS).
- Installation by certified teams with an acceptance report, simulated break-in tests and verification of the EN 1627 classification.
- Annual preventive maintenance: lubrication of locking points, verification of automated mechanisms, firmware updates of the readers.
Delivery times vary according to the resistance level: a standard RC3 generally requires around 12 weeks, a custom RC4 more.
Biometrics is a traceability tool, not a generalized security measure. Contrary to the widespread use that treats it as an image signal for corporate headquarters, biometric deployment (fingerprint or facial recognition) is not justified on restricted perimeters: the return on investment is markedly less favorable than a Mifare/Desfire deployment of the same scope, not to mention the GDPR/CNIL compliance constraints.
Three measured results on secured sites: tailgating, R81, security guarding
On office sites with fewer than 30 doors excluding data centers, the default specification remains the personalized Mifare card. Sites equipped with armored doors and access control structurally present a significantly reduced break-in risk compared with unsecured offices, according to available sector statistics. Three operations frame the measurement:
- Parisian headquarters, 2,400 m² delivered in 2022: 14 RC3 doors with biometric access control, a 78% reduction in tailgating over 6 months measured by an access counter, 100% traceability of entries into the confidential zone.
- Madrid data center, 9 RC4 doors with linked airlocks: compliance with the APSAD R81 framework validated by audit, certification of the information security management system obtained 4 months after delivery.
- Lyon R&D center, 6 RC4 doors: elimination of human guarding during off-peak hours, an operating saving of 42,000 euros excluding VAT per year quantified by the client’s financial management.
Indirect savings generally include a reduction in the multi-risk insurance premium, to be negotiated with your corporate broker on the basis of the certifications and RC levels installed.
Frequently asked questions
Which RC level should I choose for a 1,500 m² office headquarters?
RC2 on secondary entrances, RC3 on the main entrance and sensitive rooms (HR, financial management, server room). RC4 is only justified in the presence of NIS 2 regulated zones, CNPP APSAD R81 or classified archives. On the headquarters under 1,500 m² that we support, generalized RC4 represents a significant cost overrun with no measurable reduction in risk.
Is an armored door compatible with an emergency exit?
Yes, subject to one condition: articles R4216-1 to R4216-34 of the Labor Code require that a door placed on an exit route remains openable without a key from the inside. The specification combines an EN 1125-compliant panic bar, a door closer linked to the SSI and coordination with fire compartmentalization.