Cover Story

Lock Down
NFPA provides leadership in the area of security and brings the industry its first installation standard and design guide.

NFPA Journal®, November/December 2006

By Shane M. Clary, Ph.D.

Two questions that are asked of me on many occasions are “Why is NFPA involved in security and the installation of security systems?” and “Shouldn’t other organizations, which are dedicated to the security trade, be taking the lead?”

WHAT IS UL 681? For security, the primary document is UL 681. However, UL 681 is only used for those systems for which a certificate is to be issued. This is a similar program to the UUFX- and UUJS-listing by UL for the installation of fire alarm systems. Rarely is an intrusion detection system voluntarily installed to the requirements of UL 681. These systems are primarily installed as per the requirement of an insurance company that is underwriting the risk of protected premises. These systems are generally installed in jewelry stores, manufacturing facilities, pharmaceutical manufacturing facilities, and high-value retail shops. UL 681 details protection extents and various methods of communication or line security that can be used to minimize the possibility of attack of the communication channels between the protected premises and the monitoring facility. While it is agreed that UL 681 sets a high standard for the installation of intrusion detection systems, it is generally not seen as the standard of care for the industry. There is no question that if every system were installed to the requirements of UL 681, the probability of a system compromise would be decreased. However, to install every system to this standard would be costly to the end user.

I respond with “Since the release of NFPA 5000^TM , Building Construction and Safety Code^TM, NFPA has move into the total built environment, of which electronic security systems are a part. Second, NFPA, through its standard-making process, has the mechanisms and procedures to produce an ANSI consensus-based standard and can recruit the expertise required for the Technical Committee.

There’s agreement among NFPA’s membership and at NFPA’s 2005 World Safety Conference and Exposition® in Las Vegas , they approved NFPA 730, Guide for Premises Security and NFPA 731, Installation of Electronic Security Systems.

NFPA 731 is not a burglar alarm code. It is also not a manufacturing standard. The purpose of NFPA 731 is to provide a standard that sets in place minimum installation requirements for electronic security systems, which include: Intrusion Detection Systems; Electronic Access Control Systems; Video Surveillance Systems (CCTV); and  Holdup, Duress, and Anti-Ambush.

Before the release of NFPA 731, there were several standards issued by Underwriters Laboratories that covered the installation of intrusion detection systems. These include UL 365, Police Station Connected Burglar Alarm Units and Systems; UL 636, Holdup Alarm Units and Systems; UL 1076, Proprietary Burglar Alarm Units and Systems; and UL 681, Installation and Classification of Burglar and Holdup Systems.

INFORMATION FOR TODAY'S SECURITY NEEDS This compact volume pulls together complete data about security system installation, so you’re prepared for any type of project. The Pocket Guide to Electronic Security System Installation presents formulas, tables, charts, rules, calculations, and conversions from the NEC®, the new NFPA 731, UL requirements, and other resources. Use it for working with intrusion, CCTV, and access control systems. • Covers everything from video monitoring (CCTV) systems to protective lighting systems to voice evacuation systems* Helps you install access card readers and electronic locks • Provides facts about intrusion sensing and monitoring using magnetic contact switches, glass-break sensors, and seismic or shock detectors Guaranteed to assist system installers, inspectors, and anyone involved with security, electrical, or fire alarms.  Find out more the NFPA Pocket Guide to Security System Installation.

Every system that is installed should have a risk analysis performed to determine what level of detection and line security may be required for each installation. Depending on the type of facility, it may be determined to install a system in accordance with UL 681. The practitioner is encouraged to review with the end user their expectations of the system.

For those facilities that perform classified work, a system may be installed as per the requirement of UL 2050, Standard for Industrial Security Systems for the Protection of Classified Materials. This controlled document is unavailable to the general population.

There are also many manufacturing standards for various parts of electronic security systems that are available. These include UL 294, Standard for Access Control System Units; UL 606, Standard for Linings and Screens for Use with Burglar-Alarm Systems; UL 634, Standard for Connectors and Switches for Use with Burglar-Alarm Systems; UL 639, Standard for Safety for Intrusion-Detection Units; ANSI/SIA PIR-01, Passive Infrared Motion Detector Standard — Features for Enhancing False Alarm Immunity, 2000; and ANSI/SIA CP-01, Control Panel Standard — Features for False Alarm Reduction, 2000.

These standards provide a minimum level of requirements for the production of equipment that is used daily by the security industry in the United States . The final two, ANSI/SIA PIR-01 and ANSI/SIA CP-01, provide requirements for false alarm reduction within Passive Inferred Units and control panels.

This is becoming an ever more important issue within the intrusion detection industry. A number of law enforcement agencies have moved to non-response or verified response of intrusion detection systems. SIA, as well as the National Burglar and Fire Alarm Association (NBFAA), Central Station Alarm Association (CSAA), and the Alarm Industry Research & Educational Foundation (AIREF) have worked together to reduce the number of unwanted alarms through the two SIA Standards, the CSAA Standard ANSI/CSAA CS-V-01-2004.XX Alarm Verification and Notification Procedures, and the module ordinance promulgated by AIREF.

The standards discussed so far cover intrusion detection systems. They are also not unified. One could install a system in accordance with UL 681, but may not use a CP-01 listed control or PIR-01 Passive Inferred. These standards also do not cover the other key components of electronic security systems.

Intense debate
During the initial development of NFPA 731, the Technical Committee on Premises Security had an intensive debate over several meetings as to whether the document being produced should be an occupancy-based security code or an installation standard. It was finally decided to create two Task Groups, one to work on the Premises Security Code and the other to develop an Installation Standard.

The Task Group felt that the primary focus should be with intrusion detection systems, but did not wish this to be only an installation standard for these systems. Law enforcement did feel that the issues of false alarms needed to be addressed. They also wished to have CCTV systems addressed so that the image obtained could be used to identify a person, and to be able to use that image to obtain conviction. They were also concerned about the terminology being used to describe an “ambush” or duress alarm signal.

The Task Group determined that for the first edition, off-site monitoring and supervision of the systems would not be included. This was done because of the time that was available to get the first cycle completed by the Report on Proposal and Report of Comment closing dates. The second cycle edition, which has just completed the ROP process, includes language relative to off-site monitoring.

The first edition
The first edition for NFPA 731 was laid out with the following chapters:

1. Administrative
2. Referenced Standards
3. Definitions
4. Fundamentals
5. Intrusion Detection Systems
6. Electronic Access Control Systems
7. Video Surveillance Systems
8. Holdup, Duress, and Ambush
9. Testing and Maintenance

The first three chapters are mandated by the Manual of Style. The definitions used are generally accepted by the security industry. The Task Group diligently obtained and used the most common definitions, rather than introducing new terms.

The fundamentals chapter sets the minimum installation requirements for all of the systems covered within NFPA 731. The chapter covers each of the systems, then goes into further detail.

The first major component of Chapter 4 is the qualifications of the designer and installer.

4.1.6 System Design. Persons who are experienced in the design, application, installation, and testing of electronic premises security systems shall develop plans and specifications in accordance with this standard.

4.1.6.1 The system designer shall be identified on the system design documents.

4.1.6.2 Evidence of qualifications shall be provided when requested by the authority having jurisdiction.

4.1.6.3 Qualified personnel shall include, but not be limited to, the following:

1. Equipment manufacturer trained and certified personnel
2. Personnel licensed and certified by state or local authority
3. Personnel certified by an accreditation program acceptable to the authority having jurisdiction (AHJ)

4.1.7 System Installation.

4.1.7.1 Installation personnel shall be supervised by persons who are qualified and experienced in the installation, inspection, and testing of electronic premises security systems.

4.1.7.2 Qualified personnel shall include, but not be limited to, the following:

1. Equipment manufacturer trained and certified personnel
2. Personnel licensed or certified by federal, state, or local authority
3. Personnel certified by an accreditation program acceptable to the AHJ
4. Trained and qualified personnel employed by an organization listed by a national testing laboratory for the servicing of electronic premises security systems

When these systems are designed and installed, the system user depends on them to work as designed and to be installed by personnel who have been properly trained in the proper application and installation of the system. For intrusion detection systems, this minimizes the probability of unwanted alarms.

Part of the design process is to look at the environment where the system is being installed. It is important to select the proper equipment for the application and to verify that there are no environmental issues that may cause the system to work improperly. The following criteria for the system designer to consider are found in the Annex:

1. Fog
2. Rain
3. Snow
4. Humidity/corrosion
5. Cold/heat
6. Vibration
7. Radio frequency interference (RFI)
8. Electrical discharge
9. AC induction
10. Dust
11. Smoke
12. Animals/insects
13. Vegetation
14. Decorations/marketing aids

Power, both primary and secondary, is next covered in Chapter 4. This became an area of some controversy during and after the development of NFPA 731. Law enforcement as well as others feel that a major source of false alarms is due to failure of the power source. For access control systems, there needs to be power to restrict entry to sensitive areas during a power outage. The standard as adopted required that there be twenty-four hours of standby power for an intrusion detection system. This was felt to be adequate time to prevent false alarms. However, after the Standard was adopted, it was found that at the preset time there are still control panels made to UL 365, which only requires four hours of standby power. Until a change to twenty-four hours can be made to the UL Standard, the Technical Committee felt that it was prudent to make the reduction within NFPA 731. Tentative Interim Amendment 06-1 (NFPA 731) was issued by the Standards Council in July 2006 with this correction.

The Standard also covers the documentation of the system. The extent of documentation is left to the Authority Having Jurisdiction. At a minimum, the end user is to be provided the following:

1. Owner’s manual and installation instructions covering all system equipment.
2. User’s instructions.
3. Electronic Premises Security Record of Completion form completed by the installer of the system.
4. Name and contact telephone number of the organization maintaining the electronic premises security system.
5. Name and contact telephone number of the organization monitoring the electronic premises security system displayed at the control unit.

Training is to also be provided to the end user. The Task Group felt that as with proper design and the correct use of equipment, there have been problems with systems when the end user was not properly instructed on the use and operation of the system.

NFPA 731 is an installation standard. It does not require the installation of an electronic premises security system. What NFPA 731 is intended to do is provide a minimum standard for the installation of these systems.

Chapter 5 covers the installation of intrusion detection systems. Section 5.1.3 covers the entry/exit delay time for a system. One source of false alarms is the system user either not clearing the protected premises quick enough after setting the system or not disarming the system soon enough after entering. This section requires that the time be set for double the time that it takes to get from the entry portal to the human/machine interface to disarm the system or after setting the system to depart the building. However, to limit the possibility of compromise, the entry/exit time cannot exceed 240 seconds. Therefore, the machine/human interface for arming and disarming the system must be no further away than 120 seconds.

The general installation requirements are left to the manufacturer of the devices or appliances being used. Section 5.1.4 requires that the devices shall be installed per the manufacturer’s instructions. Spacing of volumetric detection devices is to be based upon the intended threat as specified by the designer in consultation with the end user.

Chapter 5 proceeds to cover both external and internal detection devices. There are several key provisions within this section. The first is that for external protection, notification of law enforcement is not to occur until there has been verification of the signal. This can be accomplished by two methods:

1. On-site verification
2. Video verification

A second provision is that Passive Infrared (PIR) detectors shall meet the requirements of ANSI/SIA PUR-01, Passive Infrared Motion Detector Standard – Features for Enhancing False Alarm Immunity. The Task Group felt that this was another means to decrease the possibility of a false alarm.  Additionally, it precludes the use of ultrasonic volumetric detection as a single source. Ultrasonic detection is still allowed to be used with a second technology. This was done as the Task Group felt that this method of detection is prone to unwanted alarms as a single technology.

Chapter 6 covers Electronic Access Control Systems. This chapter defines what an access portal is, the location of the reader relative to the portal, the locking systems to be used, and the interface between the electronic access control system and the premises life-safety system. Section 6.1.6 defines two methods of portal egress:

1. Free Egress
2. Controlled Egress

Free egress requires no special user knowledge to use the request-to-exit (RTE) device. Controlled egress shall require the use of access credentials that are to be presented to a reader that is installed on the secured side of the portal. Controlled egress is to be used for such applications as:

1. Anti Pass-Back
2. Mustering
3. Patient Wandering
4. Infant Abduction
5. Two-Person Rule

Chapter 7 covers Video Surveillance Systems. This can include both closed circuit television systems (CCTV) and digital imaging systems (DIS). Within Section 7.1, two key criteria are set:

1. The installer shall ensure that the final image meets the design requirements.
2. The system shall be able to provide positive visual identification of a person, object, or scene as may be required by the AHJ.

In addition to the environmental considerations that are to be given to all electronic premises security system found in Chapter 4, Chapter 7 has additional environmental conditions to be examined:

1. Icing
2. Sunlight angles
3. Temperature extremes
4. Wind loading
5. Rain

Chapter 7 also requires that anchoring and mounting of the camera, camera housing, and making the camera as vandal resistant as possible be based upon a risk assessment. NFPA 731 also provides two Annexes that system designers and installers will find useful:

• Annex B – Camera Specifications
• Annex C – Camera Selection

Chapter 8 covers holdup, duress, and ambush systems. This chapter was created principally at the request of law enforcement. Their concern was that one firm calls a system a duress system, while another calls the same system an ambush system. Law enforcement was uncertain on how to respond to an alarm from the system, and felt that they were putting their officers and the public at risk.

Chapter 8 defines the following systems:

1. Holdup Alarm Systems
2. Private Duress Alarm Systems
3. Public Duress Alarm Systems
4. Ambush Alarm Systems

While it is generally accepted that a hold up alarm is for an armed robbery, there is confusion by law enforcement as to what is a duress system and what is an ambush system. NFPA 731 defines a public duress alarm system as a device that can be observed by the public. An example of this type of system can be found in the parking lots of shopping centers and college campuses. A private duress system is one that cannot be observed by the public, such as to alert security at a government services facility or a hospital.

An ambush system is part of an intrusion detection system in which the end user enters a secondary Personal Identification Number (PIN), which while it appears to disarm the system, also sends a unique signal to the monitoring center that the person using the system is being forced into the store.

The final chapter in the first edition covers testing and inspections. No matter how well a system is designed and installed, if it is not maintained it will develop problems at some point in the future. Like a fire alarm system or any other electronic or mechanical system, electronic premises security systems need an ongoing maintenance program. Chapter 9 requires that an inspection, testing and maintenance program perform the following:

1. Satisfy the requirements of this standard.
2. Conform to the equipment manufacturer’s recommendations.
3. Verify correct operation of the electronic premises security systems.

The Standard also requires in the first edition that impairments be corrected within 24 hours after a fault indication is received, unless there is not a risk to the protected property of the occupants.

Chapter 9 also requires that service personnel be qualified and experienced in the inspection, testing and maintenance of electronic premises security systems. This shall include but not be limited to individuals with the following qualifications:

1. Factory trained and certified.
2. Certified or licensed by state or local authority.
3. Trained and qualified personnel employed by an organization listed by a national testing laboratory for the servicing of electronic premises security systems.

This chapter also provides a list of recommended methods to test electronic premises security systems.

The work on NFPA 731 is not complete. At the time of the writing of this article, the ballot for the Report on Proposals for the second edition is in the hands of the Technical Committee. Based on the work that was done at the ROP meeting, the second edition will have a number of changes from the first edition. The most important will be the adoption of a chapter that covers off-site monitoring of these systems and for intrusion detection systems, bringing into the Standard the requirements for Enhanced Call Verification, a method of false alarm reduction that has been very successful.

While there remain detractors to the notion that the National Fire Protection Association should be writing a standard for security systems, the general consensus is that now is the time to address these vital systems that play a very large part in Homeland Security.

---

SHANE M. CLARY, PH.D., of Livermore, California, is a member of NFPA’s Standards Council. Dr. Clary has worked in the automatic fire alarm and central station security industry since 1974, and is currently Vice President of Codes and Standards Compliance for Bay Alarm Company, Pacheco, Calif. He serves on technical committees for NFPA 1, 70, 72, 720, 730, 731 and 5000. He is also the author of NFPA Pocket Guide to Electronic Security System Installation.