SIA Standards Roadmap 2.0 - Security Industry Association

SIA Standards Roadmap 2.0
SIA STANDARDS
COMMITTEE
August 2011
Security Industry Association | Alexandria, VA | www.siaonline.org/standards
SECURITY INDUSTRY ASSOCIATION
Virtus per securitatem

Mission Statement
The mission of the SIA Standards Committee is to develop and promote the use of technology
and application standards for the security industry; provide education and publication services for
standards; and work with other standards organizations to promote interoperability for the overall
benefit of industry stakeholders and customers.
The SIA Standards Roadmap describes the strategies for achieving the mission and enhancing stakeholder
participation.
Foreword
Much has changed in the security industry since the SIA Standards Committee published our first
Roadmap in 2007. To cite but a few of the most significant developments:
• The industry is making a wholesale shift to IP technology.
• The convergence between logical and physical security is now extending to cybersecurity.
• Multiple industry specifications have emerged with different standardized integration paths
for manufacturers, integrators and end users.
Roadmap 2.0 addresses these realities with new strategies to achieve the updated mission of the
SIA Standards Committee. The high-level goals of Roadmap 2.0 are:
• Articulate the business value of participating in the standards process.
• Explain SIA’s new role in an era of ‘competing’ standards initiatives.
• Describe how we will speed up the development and publication of SIA standards.
• We also reiterate our commitment to:
• ANSI, while adding non-ANSI standards activities.
• Ongoing support for SIA’s federally endorsed OSIPS standards.
• International participation in ISO/IEC standards bodies.

Purpose and Scope
The Roadmap is a policy and planning document that describes how we intend to execute our
mission. As such, the Roadmap guides the SIA Standards process as a whole, and the activities of its
subcommittees.
The Roadmap defines roles and priorities within the context of SIA membership, as well as the global
physical security industry and broader IT community that ultimately use our products. As the SIA
Standards Committee is an ‘open membership’ organization (i.e., SIA membership not required), all
of these constituencies inform our mission.
We believe that the following objectives best serve these stakeholders and our mission:
• Accelerate the standards development and publication process, for both formal and informal
(de facto) standards.
• Expand the scope of standards promotion to include referencing third-party standards and
recognition of de facto standards, as a complement to authoring SIA standards.
• Recognize our diverse roles of author, publisher, educator, advocate, harmonizer, and
convener of public forums in support of the SIA Standards mission.
Extend the OSIPS Framework and Pan-Industry Data Model to new standards initiatives, and
encourage their use within the industry at large.
It is worth noting that — unlike its predecessor — Roadmap 2.0 is not a technical document. While
technology has a central role in any standards discussion, we believe that it is best addressed within
our Subcommittees, which have both the expertise and processes to produce consensus results.
Those interested in technology questions or direction of specific standards are encouraged to contact
the SIA Director of Standards.
Note: Throughout this document, the term ‘standard’ is used to refer to non-binding ‘specifications’
and de facto standards, as well as to formal standards issued by accredited entities.

Background
SIA has been developing standards for the security industry since the late 1980s, initially to fulfill an
industry need for standardized communications between alarm systems and monitoring stations.
In the following decade, the SIA Standards Committee developed numerous successful communication
standards, (such as the CP-01 False Alarm Reduction standard released initially in 1994) to
mitigate the false alarm problem that had plagued the industry. In 2001, responding to the imminent
convergence of security and IT, SIA Standards launched a new program called OSIPS (Open,
System Integration, and Performance Standards). The OSIPS initiative was to be the underpinning
of a strategic plan to bring increased relevance to and extract market impact from SIA Standards in
the face of the changing electronic physical security landscape. The OSIPS initiative was tasked with
developing a family of open standards that would enable the interchange of information between
security system components and both security and non-security systems. In addition, the family of
standards would include standard measures of component performance.
In the past decade, with OSIPS as a primary focus, the SIA Standards Committee has created
subject-oriented working groups to author and publish a number of standards for ANSI accreditation.
As a result, OSIPS received federal government endorsement, which signaled to the security
industry at large that interoperability is a shared business value for the entire community.
In 2006, with ANSI considerations in mind, the SIA Standards Committee separated from the SIA
Board of Directors, giving it autonomy to elect leadership, form subcommittees and working groups,
and set strategic direction independent of the board or SIA membership. The new charter of the SIA
Standards Committee was then codified in the SIA Standards Roadmap, dated March 14, 2007. This
“Roadmap 1.0” described the goals and technical context of the revised OSIPS initiative in detail.
While high-level goals may not have changed significantly since the publication of Roadmap 1.0,
industry context certainly has. Most notably, we have seen the emergence of many other standards
organizations — both inside the security industry and beyond. These new bodies are defining relationships
among technologies that barely existed when our charter was first developed. Roadmap
2.0 aims to address these landscape changes.

The Value of Standards
The ultimate value of standards is to improve the customer experience. This can mean many different
things. A short list might include:
• More features, better competitive positioning
• Easier to use and install
• Simpler to integrate
• Easier to produce and maintain
• More reliable, less support
• Less expensive, better margins
• Non-proprietary, open architecture
• Better compliance with regulations
In addition to these particular benefits, standards also create ‘meta benefits’ for the industry as
whole. The most important of these is the overall market growth that we believe is fostered by
product interoperability and simplified integration. We also believe that these industry benefits
include reducing barriers to entry and promotion of competition by establishing a level playing
field for new product innovation.
The Value of Participation
The best way to realize these values is to participate directly in the standards process. Companies
that take an active role in standards development are able to:
• Shape standards to make sure they meet customers’ needs.
• Influence technology choices to ensure product compatibility.
• Understand the long-term direction of the industry.
• Learn what your counterparts are advocating.
• Avoid obsolescence.
• Gain credibility with partners and customers.
• Enrich careers through visible industry participation.
Being an active part of the standards process is an increasingly necessary aspect of global competitiveness,
both for individual companies and the U.S. security industry as a whole. As a leading
representative of the security industry’s interests, SIA encourages all stakeholders to take an active
role in achieving the goals of this Roadmap.

Our Roles in Standards
In every standards community there are many roles and stakeholders: authors, publishers, educators,
testers, manufacturers, integrators users — and, not least, a public forum in which dialogue
can take place.
SIA Standards is best known as an author and publisher, but these are not the only roles the organization
can play. Below we outline four of the major capacities in which we will work to advance
standards throughout the security industry.
Authoring new standards will continue to be a primary activity of the Standards Committee.
We embrace both formal processes (ANSI, ISO/IEC, etc.) as well as informal or de facto standards
recognition. As the industry and technology evolve, there will always be a need for new standards
development, and we will remain at the forefront of this effort.
Publishing can be conducted apart from authorship and provides an independent value to the
stakeholders, particularly when coupled with a review process that brings informal or de facto
specifications to a wider audience. The prevalence of current de facto standards argues for a clearinghouse
for industry norms that have no clear provenance. Publishing such standards under SIA
auspices provides similar value to first-hand authorship.
Education is a constant need in our industry, and one that SIA recognizes as one of the “pillars” of
value that we bring to our members. Education in the standards curriculum is a growth area for
which we see increasing demand. Many users, integrators and manufacturers have expressed the
need for structured information on how to use and apply industry standards. Providing practical
guidance in this area is a role absent in the industry today. SIA intends to create new training
forums both for both OSIPS and related industry standards.
Harmonization Advocacy among standards bodies is an important activity, both to the industry
and its customers. Harmonization is about encouraging cross-participation by constituents of different
standards bodies, where there are commonalities, to avoid unnecessary and burdensome
conflicts in resulting standards. With multiple organizations now providing overlapping standards
for security products, vendors and buyers must often make difficult choices between ‘families’ of
compatible products. Harmonizing standards would allow users to choose the products best suited
to their needs. SIA will continue to advocate that standards be harmonized to the extent possible
under their respective charters (as discussed at greater length, below).

Advocating Harmonized Standards
We believe that advocating harmonized standards should be a priority within the security industry.
Given that several organizations are now contributing to the standards process, harmonization
promises numerous benefits, from lowering product and training costs to higher compatibility and
functionality.
But harmonization is also one of the least understood topics in the standards community. It is often
taken as implying that two standards should be made “the same” or “equivalent”. But if that’s what
advocates meant, it would be no different than simply merging standards or replacing one with
another.
Rather, it’s about taking steps to avoid unnecessary inconsistencies, conflicts and confusion. We
believe that each organization may have differing ‘sweet spots’ or centers of gravity for different
standards that might otherwise seem to overlap. Harmonization is an effort to recognize that there
might be a market force for overlapping standards, but that there need not be unnecessary or
problematic inconsistencies where the issues or use cases are similar.
In practical terms, there are four broad principles that can guide this goal:
A Shared Reference Model would provide a single nomenclature for the system components and
interfaces in the industry. This would permit relevant standards — regardless of origin — to be
consistently classified so that stakeholders have a shared frame of reference.
Common Data Definitions would facilitate the exchange of information across multiple system
interfaces that may be governed by different underlying standards. In any large system, many of
the same data elements will be shared across multiple interfaces. Harmonizing these data elements
means simpler development and integration of products.
Harmonized Use Cases would provide a common description of the behaviors a system must
exhibit to accomplish a specific task. Because use cases drive the interface behaviors that standards
describe, these real-world scenarios should be aligned as much as practical across standards bodies.
Complementary standards can be non-overlapping so that it is clear which standard is most appropriate
for a given objective. Complementary standards would allow for the possibility of using
standards from multiple sources for different parts of an overall system design.
The SIA Standards Committee is dedicated to advocating harmonization across the security industry,
and providing a forum for open discussion of opportunities for collaboration and commonality
across standards.

Formal and International Standards
As an ANSI Standards Development Organization (SDO) providing electronic physical security
industry standards, SIA has ensured that any major standards efforts meet the essential domestic
requirements for openness, balance, consensus and due process. The ANSI accreditation gives SIA
strength and credibility within the industry. We intend to continue to use this strength to advocate
standards within the industry, along with less formal routes that may be useful in particular situations.
In addition to national standards, SIA also intends to pursue standards with international relevance
and applications. For the past few years, we have monitored and advised proceedings of global
standards organizations including the International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC), and we are in the process of officially becoming
a member of the U.S., Technical Advisory Group (TAG) for participation in industry relevant working
groups. Being an ANSI SDO provides a clear path for international recognition of SIA Standards
initiatives, and for extending the influence of SIA standards beyond the U. S.
Regulatory
For many products in many markets, regulatory compliance is the primary driver of standards
definition. In the U.S., for example, many aspects of the security industry are driven by regulations
developed by our federal government — from encryption to identity management to privacy.
For the security industry, one of the most significant new bodies of regulations to emerge in this
context is the Federal Identity, Credential and Access Management (FICAM) Roadmap and Implementation
Guidance (November 10, 2009). The security requirements established in this publication are
driving the next generation of physical access control systems and how they interact with the rest
of the enterprise.
FICAM currently references the SIA/ANSI OSIPS standards as normative requirements for new federal
security systems. It is therefore important that related standards within our industry continue
to be harmonized with this core set of requirements that are central to the federal regulatory
environment.
In the harmonization effort among standards bodies, SIA will continue to maintain consistency
with existing federal requirements of SIA/ANSI OSIPS publications, and maintain our current normative
status with the federal government.

Priorities
The SIA Standards Committee has established to following priorities for executing the Roadmap.
Prioritize Standards Activities by Business Need
To date, OSIPS component interoperability standards have focused on abstract data models rather
than implementation. This approach exhibited a lengthy development period with no implementable
results. The Committee will now identify which functional aspects of standards are in
most demand within the industry, but not yet addressed by existing standards.
Direction: On a sub-committee basis, identify a core set of industry business priorities that are
not yet addressed by other standards organizations. Our surveys and strategic research are a rich
source of data for this exercise.
Achieve Demonstrable Results within 12 Months
It is our goal to publish new SIA standards and demonstrate implementations on an accelerated
schedule, based on our new leadership and committee structure.
Direction: On a subcommittee basis, fast-track one or more standards that result in published
specifications and demonstrable product interoperability (‘plug-fest’) within 12 months.
Establish an Education Program
SIA will leverage our educational expertise to meet the demand for training and courseware for
standards education.
Direction: Consistent with our education mandate, establish a standards education program
within 12 months.
Harmonization Advocacy
Maintaining compliance with redundant, overlapping standards is expensive for manufacturers,
and brings no additional value to end users. Future standards development should therefore seek
to avoid further fragmentation of the manufacturer and user community with additional standards
that address identical subject matter.
Direction: Incorporate the concepts of harmonizing into our own pursuit of standards, and advocate
the same in industry forums and direct outreach to other standards organizations.