Door Locks (Commercial): An explainer for decision-makers, facilities teams, and security specialists

Door locks sit at the intersection of life safety, physical security, operational efficiency, compliance, and user experience. In commercial settings, a “door lock” is rarely just a lockset; it is part of a door assembly that can include the door leaf, frame, hinges, latch/bolt, strike, reinforcement, key system, access control, monitoring, and (where required) emergency egress hardware and fire-rated components.

This page explains the main commercial lock types and where they fit: Door Locks – Deadbolts, smart locks, keypad locks, mortise locks, cylindrical locks. It is written to be readable by non-specialists while still being useful to security and facilities professionals.

Quick orientation: what you are actually securing

Before choosing a lock type, align on what “good” means for the site:

  • Threat model: opportunistic theft, insider risk, targeted intrusion, after-hours access, or safety-only access control.
  • Traffic and abuse: high-cycle doors (office, retail), harsh environments (industrial, coastal), public interfaces.
  • Compliance: fire doors, emergency egress, accessibility, privacy, and audit requirements (varies by jurisdiction/building class).
  • Operating model: key management, contractor access, after-hours access, remote sites, multi-tenant use, incident response needs.

A recurring commercial reality: many “lock failures” are actually door and frame failures (weak frames, poor strikes, misalignment), not a problem with the lock mechanism.

Core lock types (what they are, where they fit, and trade-offs)

1) Deadbolts (a bolt-driven lock, often used as supplemental security)

What it is (plain English): A deadbolt throws a solid bolt into the frame. Unlike a spring latch, it is not easily “shimmed” back.
Commercial use cases: Back-of-house doors, secondary locking on lower-traffic doors, some perimeter doors (depending on egress requirements), and doors where you want a simple, robust mechanical control.

Strengths

  • Strong mechanical resistance compared with spring latches, when properly installed with a reinforced strike and frame.
  • Straightforward to service and inspect.

Limitations and specialist considerations

  • Many jurisdictions restrict double-cylinder deadbolts (key on both sides) on egress doors because of escape concerns. Where used, it must be carefully assessed against egress requirements and occupant safety.
  • Security is heavily dependent on door/frame reinforcement and strike quality, not just the bolt.

Reference: General deadbolt concepts and lock operation are covered in standard locksmith/lock references and product standards; for broader lock and door hardware standards context, see ANSI/BHMA materials on commercial builders’ hardware. ANSI/BHMA

2) Cylindrical locks (common commercial lever/knob locksets)

What it is: A lockset installed through bored holes (typically two-bore preparation), widely used in commercial offices and interiors.
Commercial use cases: Interior offices, meeting rooms, storerooms, and some perimeter applications when specified with the right grade and paired with door/frame hardware suited to the risk.

Strengths

  • Widely available, cost-effective, fast to install and replace.
  • Familiar to users and most facilities teams.

Limitations and specialist considerations

  • Can be less robust than mortise solutions in very high-abuse environments (depends on grade and door construction).
  • Latch and strike alignment is critical; door sag quickly becomes an operational problem (and a security problem).

Reference: Commercial lock grading and performance criteria are typically aligned to ANSI/BHMA standards. See the BHMA overview and standards resources. Builders Hardware Manufacturers Association (BHMA)

3) Mortise locks (high-durability commercial lock bodies set into the door edge)

What it is: A lock body (“case”) installed into a mortised pocket in the door edge, with heavy-duty latch/bolt options.
Commercial use cases: Higher-security doors, high-traffic doors, premium commercial fit-outs, and doors needing durable long-life hardware cycles.

Strengths

  • Generally strong and durable for high-cycle use.
  • Flexible functions (latch + deadbolt, different trim, compatibility with many door control and access control options).
  • Often preferred where door integrity and long-term serviceability matter.

Limitations and specialist considerations

  • Higher install complexity and cost; requires correct door prep.
  • Retrofits must match existing door prep or require door modifications.

Reference: Mortise lock design and commercial performance categories are widely described by commercial hardware manufacturers; standards context via BHMA is also relevant. ANSI/BHMA

4) Keypad locks (PIN-based access, standalone or integrated)

What it is: A lock that grants access using a numeric code (PIN). Can be purely mechanical, battery electronic, or part of an integrated access control system.
Commercial use cases: Shared spaces, small offices, plant rooms, short-term contractor access, and sites trying to reduce key issuance.

Strengths

  • Eliminates physical key distribution for many users.
  • Supports rapid code rotation (useful for contractors and temporary access).
  • Some models allow schedules, audit trails, and multiple user codes.

Limitations and specialist considerations

  • PIN sharing is a common human risk; controls are procedural as much as technical (code issuance, rotation, and removal).
  • Battery management is an operational control; lockouts due to poor battery processes are common.
  • Auditability varies: many standalone keypad locks have limited logs; integrated systems are stronger.

Reference: NIST’s guidance on access control and identification/authentication is useful conceptual framing when evaluating PIN-based access (even though it is IT-focused, the principles map to physical access governance). NIST SP 800-53 (Access Control family)

5) Smart locks (digital credentials, remote management, and logging—sometimes)

What it is: A lock that uses electronic credentials (mobile app, BLE/NFC, cards/fobs, PIN, or combinations), often with remote administration and activity logs. Smart locks range from consumer-grade retrofits to enterprise-grade access control components.

Commercial use cases

  • Multi-site SMEs needing centralized management.
  • Roles requiring time-bound access (cleaners, contractors, visitors).
  • Environments where audit trails and rapid access revocation are required.

Strengths

  • Faster provisioning/deprovisioning than keys (especially across multiple sites).
  • Can support audit trails, schedules, alerts, and integration with security operations tooling (product-dependent).
  • Can reduce rekeying costs when staff turnover is high.

Limitations and specialist considerations

  • Cyber-physical risk: wireless interfaces, cloud dependencies, mobile device security, and vendor lifecycle become part of the security posture.
  • Reliability engineering matters: offline modes, power/battery strategy, fail-secure vs fail-safe behaviour, and incident playbooks.
  • “Smart lock” is not a security grade by itself; commercial suitability depends on certification, architecture, and operational controls.

Reference: For security architecture and assurance framing around connected devices, NIST’s IoT security guidance is useful. NISTIR 8259A (IoT Device Cybersecurity Capability Core Baseline)

How to choose in commercial environments (a pragmatic selection guide)

Step 1: Classify doors by function and consequence

A simple, effective approach is to define a few door categories:

  • Perimeter / after-hours entry (highest consequence)
  • Controlled internal zones (IT/server rooms, stores, records, labs)
  • General internal doors (offices, meeting rooms)
  • Life-safety doors (fire egress paths, stairwells)

Lock selection changes materially based on the category, especially for egress and fire door assemblies.

Step 2: Decide how access is governed (keys vs credentials vs hybrid)

  • Mechanical keying can be excellent when supported by strict key control, restricted keyways, and disciplined rekeying. It tends to fail operationally when organisations cannot control duplication or retrieval of keys at offboarding.
  • Keypad and smart locks can improve agility and reduce rekeying, but shift risk into credential governance, device management, vendor reliance, and operational resilience.

Step 3: Specify hardware quality and the door assembly, not just the lock type

For security specialists: treat lock, strike, frame, hinges, and reinforcement as a unit. Attackers often bypass by targeting the weakest component.

For laypeople: a strong lock on a weak frame is like a high-end alarm on a door that doesn’t close properly.

Step 4: Build operational controls (the part most organisations skip)

Regardless of lock type, define:

  • Who can approve access and how fast it can be revoked
  • How contractors are handled (time-bound access)
  • How lost devices/keys are handled
  • Battery/service schedules (for electronic locks)
  • Audit/log review expectations (if supported)
  • Incident response for lock failures and security events

NIST’s access control governance concepts provide a strong baseline for these controls. NIST SP 800-53 Rev. 5

Common commercial patterns (what tends to work)

Pattern A: High-traffic office with moderate security needs

  • Cylindrical locks for general internal doors
  • Mortise locks (or higher-grade cylindrical) at key perimeter points
  • Consider keypad locks for shared spaces and contractors where key control is difficult

Pattern B: Retail / public-facing with high abuse risk

  • Mortise locks or high-grade commercial hardware for durability
  • Consider smart locks only where operational processes and reliability requirements are clear (power, offline access, support model)

Pattern C: Multi-site SME with frequent staff changes

  • Smart locks for doors where rapid provisioning/deprovisioning matters
  • Keep a mechanical override strategy and documented fallbacks for outages
  • Focus on vendor security posture and lifecycle support

Security specialist notes (what to probe in procurement)

When engaging vendors/integrators, ask for evidence on:

  • Door hardware grade / standards alignment (commercial grade performance and durability expectations)
    Reference context: BHMA
  • Credential lifecycle: issuance, revocation, shared PIN controls, contractor workflows
  • Audit logs: fidelity, retention, export capability, time sync, admin actions logging
  • Resilience: power failure behaviour, battery life and low-battery warning, offline mode, mechanical override controls
  • Cybersecurity (for smart locks): encryption, firmware updates, vulnerability disclosure, cloud dependency, admin MFA, device binding
    Reference context: NISTIR 8259A
  • Governance controls: role-based administration, separation of duties, periodic access reviews
    Reference context: NIST SP 800-53 Rev. 5

Plain-English summary

  • Deadbolts: strong, simple, good as supplemental security when egress rules allow.
  • Cylindrical locks: common and economical; great for many interiors; quality varies widely.
  • Mortise locks: durable and robust for commercial, high-traffic, and higher-risk doors.
  • Keypad locks: convenient; success depends on PIN governance and battery/service discipline.
  • Smart locks: powerful for multi-site management and audit, but bring cyber, vendor, and resilience considerations.