SIA Standards Roadmap 2.0 - Security Industry Association

siaonline.org

SIA Standards Roadmap 2.0 - Security Industry Association

SIA Standards Roadmap 2.0

SIA STANDARDS

COMMITTEE

August 2011

Security Industry Association | Alexandria, VA | www.siaonline.org/standards

SECURITY INDUSTRY ASSOCIATION

Virtus per securitatem


Mission Statement

The mission of the SIA Standards Committee is to develop and promote the use of technology

and application standards for the security industry; provide education and publication services for

standards; and work with other standards organizations to promote interoperability for the overall

benefit of industry stakeholders and customers.

The SIA Standards Roadmap describes the strategies for achieving the mission and enhancing stakeholder

participation.

Foreword

Much has changed in the security industry since the SIA Standards Committee published our first

Roadmap in 2007. To cite but a few of the most significant developments:

• The industry is making a wholesale shift to IP technology.

• The convergence between logical and physical security is now extending to cybersecurity.

• Multiple industry specifications have emerged with different standardized integration paths

for manufacturers, integrators and end users.

Roadmap 2.0 addresses these realities with new strategies to achieve the updated mission of the

SIA Standards Committee. The high-level goals of Roadmap 2.0 are:

• Articulate the business value of participating in the standards process.

• Explain SIA’s new role in an era of ‘competing’ standards initiatives.

• Describe how we will speed up the development and publication of SIA standards.

• We also reiterate our commitment to:

• ANSI, while adding non-ANSI standards activities.

• Ongoing support for SIA’s federally endorsed OSIPS standards.

• International participation in ISO/IEC standards bodies.


Purpose and Scope

The Roadmap is a policy and planning document that describes how we intend to execute our

mission. As such, the Roadmap guides the SIA Standards process as a whole, and the activities of its

subcommittees.

The Roadmap defines roles and priorities within the context of SIA membership, as well as the global

physical security industry and broader IT community that ultimately use our products. As the SIA

Standards Committee is an ‘open membership’ organization (i.e., SIA membership not required), all

of these constituencies inform our mission.

We believe that the following objectives best serve these stakeholders and our mission:

• Accelerate the standards development and publication process, for both formal and informal

(de facto) standards.

• Expand the scope of standards promotion to include referencing third-party standards and

recognition of de facto standards, as a complement to authoring SIA standards.

• Recognize our diverse roles of author, publisher, educator, advocate, harmonizer, and

convener of public forums in support of the SIA Standards mission.

Extend the OSIPS Framework and Pan-Industry Data Model to new standards initiatives, and

encourage their use within the industry at large.

It is worth noting that — unlike its predecessor — Roadmap 2.0 is not a technical document. While

technology has a central role in any standards discussion, we believe that it is best addressed within

our Subcommittees, which have both the expertise and processes to produce consensus results.

Those interested in technology questions or direction of specific standards are encouraged to contact

the SIA Director of Standards.

Note: Throughout this document, the term ‘standard’ is used to refer to non-binding ‘specifications’

and de facto standards, as well as to formal standards issued by accredited entities.


Background

SIA has been developing standards for the security industry since the late 1980s, initially to fulfill an

industry need for standardized communications between alarm systems and monitoring stations.

In the following decade, the SIA Standards Committee developed numerous successful communication

standards, (such as the CP-01 False Alarm Reduction standard released initially in 1994) to

mitigate the false alarm problem that had plagued the industry. In 2001, responding to the imminent

convergence of security and IT, SIA Standards launched a new program called OSIPS (Open,

System Integration, and Performance Standards). The OSIPS initiative was to be the underpinning

of a strategic plan to bring increased relevance to and extract market impact from SIA Standards in

the face of the changing electronic physical security landscape. The OSIPS initiative was tasked with

developing a family of open standards that would enable the interchange of information between

security system components and both security and non-security systems. In addition, the family of

standards would include standard measures of component performance.

In the past decade, with OSIPS as a primary focus, the SIA Standards Committee has created

subject-oriented working groups to author and publish a number of standards for ANSI accreditation.

As a result, OSIPS received federal government endorsement, which signaled to the security

industry at large that interoperability is a shared business value for the entire community.

In 2006, with ANSI considerations in mind, the SIA Standards Committee separated from the SIA

Board of Directors, giving it autonomy to elect leadership, form subcommittees and working groups,

and set strategic direction independent of the board or SIA membership. The new charter of the SIA

Standards Committee was then codified in the SIA Standards Roadmap, dated March 14, 2007. This

Roadmap 1.0” described the goals and technical context of the revised OSIPS initiative in detail.

While high-level goals may not have changed significantly since the publication of Roadmap 1.0,

industry context certainly has. Most notably, we have seen the emergence of many other standards

organizations — both inside the security industry and beyond. These new bodies are defining relationships

among technologies that barely existed when our charter was first developed. Roadmap

2.0 aims to address these landscape changes.


The Value of Standards

The ultimate value of standards is to improve the customer experience. This can mean many different

things. A short list might include:

• More features, better competitive positioning

• Easier to use and install

• Simpler to integrate

• Easier to produce and maintain

• More reliable, less support

• Less expensive, better margins

• Non-proprietary, open architecture

• Better compliance with regulations

In addition to these particular benefits, standards also create ‘meta benefits’ for the industry as

whole. The most important of these is the overall market growth that we believe is fostered by

product interoperability and simplified integration. We also believe that these industry benefits

include reducing barriers to entry and promotion of competition by establishing a level playing

field for new product innovation.

The Value of Participation

The best way to realize these values is to participate directly in the standards process. Companies

that take an active role in standards development are able to:

• Shape standards to make sure they meet customers’ needs.

• Influence technology choices to ensure product compatibility.

• Understand the long-term direction of the industry.

• Learn what your counterparts are advocating.

• Avoid obsolescence.

• Gain credibility with partners and customers.

• Enrich careers through visible industry participation.

Being an active part of the standards process is an increasingly necessary aspect of global competitiveness,

both for individual companies and the U.S. security industry as a whole. As a leading

representative of the security industry’s interests, SIA encourages all stakeholders to take an active

role in achieving the goals of this Roadmap.


Our Roles in Standards

In every standards community there are many roles and stakeholders: authors, publishers, educators,

testers, manufacturers, integrators users — and, not least, a public forum in which dialogue

can take place.

SIA Standards is best known as an author and publisher, but these are not the only roles the organization

can play. Below we outline four of the major capacities in which we will work to advance

standards throughout the security industry.

Authoring new standards will continue to be a primary activity of the Standards Committee.

We embrace both formal processes (ANSI, ISO/IEC, etc.) as well as informal or de facto standards

recognition. As the industry and technology evolve, there will always be a need for new standards

development, and we will remain at the forefront of this effort.

Publishing can be conducted apart from authorship and provides an independent value to the

stakeholders, particularly when coupled with a review process that brings informal or de facto

specifications to a wider audience. The prevalence of current de facto standards argues for a clearinghouse

for industry norms that have no clear provenance. Publishing such standards under SIA

auspices provides similar value to first-hand authorship.

Education is a constant need in our industry, and one that SIA recognizes as one of the “pillars” of

value that we bring to our members. Education in the standards curriculum is a growth area for

which we see increasing demand. Many users, integrators and manufacturers have expressed the

need for structured information on how to use and apply industry standards. Providing practical

guidance in this area is a role absent in the industry today. SIA intends to create new training

forums both for both OSIPS and related industry standards.

Harmonization Advocacy among standards bodies is an important activity, both to the industry

and its customers. Harmonization is about encouraging cross-participation by constituents of different

standards bodies, where there are commonalities, to avoid unnecessary and burdensome

conflicts in resulting standards. With multiple organizations now providing overlapping standards

for security products, vendors and buyers must often make difficult choices between ‘families’ of

compatible products. Harmonizing standards would allow users to choose the products best suited

to their needs. SIA will continue to advocate that standards be harmonized to the extent possible

under their respective charters (as discussed at greater length, below).


Advocating Harmonized Standards

We believe that advocating harmonized standards should be a priority within the security industry.

Given that several organizations are now contributing to the standards process, harmonization

promises numerous benefits, from lowering product and training costs to higher compatibility and

functionality.

But harmonization is also one of the least understood topics in the standards community. It is often

taken as implying that two standards should be made “the same” or “equivalent”. But if that’s what

advocates meant, it would be no different than simply merging standards or replacing one with

another.

Rather, it’s about taking steps to avoid unnecessary inconsistencies, conflicts and confusion. We

believe that each organization may have differing ‘sweet spots’ or centers of gravity for different

standards that might otherwise seem to overlap. Harmonization is an effort to recognize that there

might be a market force for overlapping standards, but that there need not be unnecessary or

problematic inconsistencies where the issues or use cases are similar.

In practical terms, there are four broad principles that can guide this goal:

A Shared Reference Model would provide a single nomenclature for the system components and

interfaces in the industry. This would permit relevant standards — regardless of origin — to be

consistently classified so that stakeholders have a shared frame of reference.

Common Data Definitions would facilitate the exchange of information across multiple system

interfaces that may be governed by different underlying standards. In any large system, many of

the same data elements will be shared across multiple interfaces. Harmonizing these data elements

means simpler development and integration of products.

Harmonized Use Cases would provide a common description of the behaviors a system must

exhibit to accomplish a specific task. Because use cases drive the interface behaviors that standards

describe, these real-world scenarios should be aligned as much as practical across standards bodies.

Complementary standards can be non-overlapping so that it is clear which standard is most appropriate

for a given objective. Complementary standards would allow for the possibility of using

standards from multiple sources for different parts of an overall system design.

The SIA Standards Committee is dedicated to advocating harmonization across the security industry,

and providing a forum for open discussion of opportunities for collaboration and commonality

across standards.


Formal and International Standards

As an ANSI Standards Development Organization (SDO) providing electronic physical security

industry standards, SIA has ensured that any major standards efforts meet the essential domestic

requirements for openness, balance, consensus and due process. The ANSI accreditation gives SIA

strength and credibility within the industry. We intend to continue to use this strength to advocate

standards within the industry, along with less formal routes that may be useful in particular situations.

In addition to national standards, SIA also intends to pursue standards with international relevance

and applications. For the past few years, we have monitored and advised proceedings of global

standards organizations including the International Organization for Standardization (ISO) and the

International Electrotechnical Commission (IEC), and we are in the process of officially becoming

a member of the U.S., Technical Advisory Group (TAG) for participation in industry relevant working

groups. Being an ANSI SDO provides a clear path for international recognition of SIA Standards

initiatives, and for extending the influence of SIA standards beyond the U. S.

Regulatory

For many products in many markets, regulatory compliance is the primary driver of standards

definition. In the U.S., for example, many aspects of the security industry are driven by regulations

developed by our federal government — from encryption to identity management to privacy.

For the security industry, one of the most significant new bodies of regulations to emerge in this

context is the Federal Identity, Credential and Access Management (FICAM) Roadmap and Implementation

Guidance (November 10, 2009). The security requirements established in this publication are

driving the next generation of physical access control systems and how they interact with the rest

of the enterprise.

FICAM currently references the SIA/ANSI OSIPS standards as normative requirements for new federal

security systems. It is therefore important that related standards within our industry continue

to be harmonized with this core set of requirements that are central to the federal regulatory

environment.

In the harmonization effort among standards bodies, SIA will continue to maintain consistency

with existing federal requirements of SIA/ANSI OSIPS publications, and maintain our current normative

status with the federal government.


Priorities

The SIA Standards Committee has established to following priorities for executing the Roadmap.

Prioritize Standards Activities by Business Need

To date, OSIPS component interoperability standards have focused on abstract data models rather

than implementation. This approach exhibited a lengthy development period with no implementable

results. The Committee will now identify which functional aspects of standards are in

most demand within the industry, but not yet addressed by existing standards.

Direction: On a sub-committee basis, identify a core set of industry business priorities that are

not yet addressed by other standards organizations. Our surveys and strategic research are a rich

source of data for this exercise.

Achieve Demonstrable Results within 12 Months

It is our goal to publish new SIA standards and demonstrate implementations on an accelerated

schedule, based on our new leadership and committee structure.

Direction: On a subcommittee basis, fast-track one or more standards that result in published

specifications and demonstrable product interoperability (‘plug-fest’) within 12 months.

Establish an Education Program

SIA will leverage our educational expertise to meet the demand for training and courseware for

standards education.

Direction: Consistent with our education mandate, establish a standards education program

within 12 months.

Harmonization Advocacy

Maintaining compliance with redundant, overlapping standards is expensive for manufacturers,

and brings no additional value to end users. Future standards development should therefore seek

to avoid further fragmentation of the manufacturer and user community with additional standards

that address identical subject matter.

Direction: Incorporate the concepts of harmonizing into our own pursuit of standards, and advocate

the same in industry forums and direct outreach to other standards organizations.

More magazines by this user
Similar magazines