Replacing STK, DACS, BioTime, ARS: What to Look for in the Modern Industrial Access Platform
Walk through the IT room of any Indian industrial plant that was set up between 1998 and 2012. You will find roughly the same stack at the gate: an STK biometric (or its successor), a DACS access control panel, an ARS or BioTime attendance system, a separate paper visitor register, a separate vehicle register, and (if the plant is more recent) a basic LMS or training tracker bolted on. Each system was a defensible choice when it was installed. Each system did one thing reasonably well. The combined stack was the industry standard for two decades. The 2024 to 2026 audit regime changed the calculus. CLRA inspections now expect Forms XIII to XXIII auto-generated, not Excel rewrites. Schedule M 2024 expects gate-verifiable induction trails, not paper sign-offs. DPDPA 2023 expects consent-based visitor PII handling, not Aadhaar photocopies in a cabin drawer. The legacy stack cannot meet the new bar without an integrated layer above it, and at that point the question becomes whether the stack itself is still worth keeping. This guide explains what to look for in the modern platform that replaces it.
Why STK / DACS / BioTime + ARS is no longer enough
The legacy stack has three structural limitations that show up in every modern audit cycle. First, each system has its own data store, its own format, its own retention window, its own UI. The plant operates four separate data narratives that reconcile only through Excel exports and manual workflows. Second, none of the systems were architected for the consent-based PII regime that DPDPA introduced. The visitor register sits outside the digital stack entirely; the biometric stores worker PII without explicit consent or withdrawal mechanisms; the audit log is partial at best. Third, none of the systems were architected for the gate-verifiable evidence chains that the modern audit regime expects. The audit chain from gate event to induction certificate to CLRA form to BRSR metric does not exist in the legacy stack. Each link of the chain is a separate manual exercise. The cost is operational (HR pulled into audit prep cycles, Security pulled into manual log exports) and reputational (audit findings stack up over time).
What auditors ask that the legacy stack cannot answer
The auditor questions that the legacy stack cannot answer cleanly are the questions every modern audit cycle now starts with. Show me Form XVI for the previous quarter in the Central Rules format (the legacy stack stores attendance data, not Form XVI; HR has to rewrite). Show me the per-zone access log for the paint shop for the last 30 days (the legacy stack tracks gate entries, not zone-level access; Security has to reconstruct). Show me the GMP induction certificate for the worker who entered Cleanroom 3A this morning (the legacy stack has no induction record at all; the certificate lives on a whiteboard or a paper sign-off). Show me the DPO toolkit for visitor PII (the legacy stack predates DPDPA; the toolkit does not exist). Show me the inbound logistics chain for the truck that delivered raw material yesterday (the legacy stack has no vehicle data at all; the security cabin has a paper register). Each of these gaps creates an audit finding when the auditor pulls. The legacy stack worked for the audit regime of 2008. It does not work for 2026.
The replacement checklist: what the modern platform has to do
The replacement platform must satisfy seven non-negotiable criteria. First, single signed event stream across visitor, contractor, worker, vehicle, induction and training. Second, gate-verifiable evidence chain from any event back to its originating record. Third, auto-generation of statutory forms (CLRA Forms XIII to XXIII, FSSAI hygiene records, BRSR operational metrics, customer audit packs). Fourth, DPDPA-compliant PII handling with explicit consent, India-resident storage, withdrawal and erasure workflows, and DPO toolkit. Fifth, multi-tier deployment options (Cloud for fast deployment, Hybrid Edge for plant-resident data, On-Premise for air-gapped requirements). Sixth, integration with existing biometric and ANPR hardware (so the hardware investment is preserved), and integration with existing ERP, HRMS and payroll systems. Seventh, single-vendor consolidation: one platform, one renewal, one Care contract, one escalation path. A modern industrial access platform that satisfies all seven is the right replacement for the legacy stack. Anything less is a point solution that recreates the integration problem the plant is trying to solve.
Migration path: hardware retention and data continuity
The good news for plants migrating from the legacy stack is that the hardware investment is largely preserved. Modern platforms (Zentry included) work with the existing biometric hardware from ZKTeco, Suprema, Matrix, ESSL, Honeywell and Hikvision, and with existing ANPR hardware from Honeywell, Hikvision and Milesight. The legacy access control software gets replaced, but the legacy turnstiles, biometric readers and IP cameras stay in place. The migration sequence is typically: install the platform in parallel with the legacy stack for two to four weeks (during this time both systems run and the platform validates against the legacy data), cut over by gate on a phased schedule (typically one gate per week for a multi-gate plant), and decommission the legacy software once all gates are cut over. Historical data from the legacy stack is typically retained for the statutory retention window in its original form (so any historical audit query can still be answered from the archive) and the new platform takes over forward operations from the cut-over date.
TCO comparison: what the math actually looks like
The TCO comparison between the legacy stack and a modern integrated platform consistently favours the integrated platform at the scale of a mid-to-large industrial plant. The legacy stack typically involves four AMC contracts (biometric, access control, attendance, training tracker), four vendor relationships, four escalation paths, four annual price escalations, plus the operational cost of HR and Security teams reconciling data across the four systems during every audit cycle. The integrated platform typically lands 30 to 45% below the sum-of-parts of the legacy stack, with one renewal, one Care contract, one escalation path. The operational saving is harder to quantify but typically larger than the AMC saving: audit prep time drops by 70 to 80%, manual reconciliation effort drops to near zero, and the plant's compliance posture moves from defensive to demonstrable. Plants modelling the TCO during procurement qualification typically build a 3-year TCO model that captures both the AMC consolidation and the operational saving. The model almost always justifies the migration.