SIA Standards Roadmap 2.0 - Security Industry Association
SIA Standards Roadmap 2.0 - Security Industry Association
SIA Standards Roadmap 2.0 - Security Industry Association
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>SIA</strong> <strong>Standards</strong> <strong>Roadmap</strong> <strong>2.0</strong><br />
<strong>SIA</strong> STANDARDS<br />
COMMITTEE<br />
August 2011<br />
<strong>Security</strong> <strong>Industry</strong> <strong>Association</strong> | Alexandria, VA | www.siaonline.org/standards<br />
SECURITY INDUSTRY ASSOCIATION<br />
Virtus per securitatem
Mission Statement<br />
The mission of the <strong>SIA</strong> <strong>Standards</strong> Committee is to develop and promote the use of technology<br />
and application standards for the security industry; provide education and publication services for<br />
standards; and work with other standards organizations to promote interoperability for the overall<br />
benefit of industry stakeholders and customers.<br />
The <strong>SIA</strong> <strong>Standards</strong> <strong>Roadmap</strong> describes the strategies for achieving the mission and enhancing stakeholder<br />
participation.<br />
Foreword<br />
Much has changed in the security industry since the <strong>SIA</strong> <strong>Standards</strong> Committee published our first<br />
<strong>Roadmap</strong> in 2007. To cite but a few of the most significant developments:<br />
• The industry is making a wholesale shift to IP technology.<br />
• The convergence between logical and physical security is now extending to cybersecurity.<br />
• Multiple industry specifications have emerged with different standardized integration paths<br />
for manufacturers, integrators and end users.<br />
<strong>Roadmap</strong> <strong>2.0</strong> addresses these realities with new strategies to achieve the updated mission of the<br />
<strong>SIA</strong> <strong>Standards</strong> Committee. The high-level goals of <strong>Roadmap</strong> <strong>2.0</strong> are:<br />
• Articulate the business value of participating in the standards process.<br />
• Explain <strong>SIA</strong>’s new role in an era of ‘competing’ standards initiatives.<br />
• Describe how we will speed up the development and publication of <strong>SIA</strong> standards.<br />
• We also reiterate our commitment to:<br />
• ANSI, while adding non-ANSI standards activities.<br />
• Ongoing support for <strong>SIA</strong>’s federally endorsed OSIPS standards.<br />
• International participation in ISO/IEC standards bodies.
Purpose and Scope<br />
The <strong>Roadmap</strong> is a policy and planning document that describes how we intend to execute our<br />
mission. As such, the <strong>Roadmap</strong> guides the <strong>SIA</strong> <strong>Standards</strong> process as a whole, and the activities of its<br />
subcommittees.<br />
The <strong>Roadmap</strong> defines roles and priorities within the context of <strong>SIA</strong> membership, as well as the global<br />
physical security industry and broader IT community that ultimately use our products. As the <strong>SIA</strong><br />
<strong>Standards</strong> Committee is an ‘open membership’ organization (i.e., <strong>SIA</strong> membership not required), all<br />
of these constituencies inform our mission.<br />
We believe that the following objectives best serve these stakeholders and our mission:<br />
• Accelerate the standards development and publication process, for both formal and informal<br />
(de facto) standards.<br />
• Expand the scope of standards promotion to include referencing third-party standards and<br />
recognition of de facto standards, as a complement to authoring <strong>SIA</strong> standards.<br />
• Recognize our diverse roles of author, publisher, educator, advocate, harmonizer, and<br />
convener of public forums in support of the <strong>SIA</strong> <strong>Standards</strong> mission.<br />
Extend the OSIPS Framework and Pan-<strong>Industry</strong> Data Model to new standards initiatives, and<br />
encourage their use within the industry at large.<br />
It is worth noting that — unlike its predecessor — <strong>Roadmap</strong> <strong>2.0</strong> is not a technical document. While<br />
technology has a central role in any standards discussion, we believe that it is best addressed within<br />
our Subcommittees, which have both the expertise and processes to produce consensus results.<br />
Those interested in technology questions or direction of specific standards are encouraged to contact<br />
the <strong>SIA</strong> Director of <strong>Standards</strong>.<br />
Note: Throughout this document, the term ‘standard’ is used to refer to non-binding ‘specifications’<br />
and de facto standards, as well as to formal standards issued by accredited entities.
Background<br />
<strong>SIA</strong> has been developing standards for the security industry since the late 1980s, initially to fulfill an<br />
industry need for standardized communications between alarm systems and monitoring stations.<br />
In the following decade, the <strong>SIA</strong> <strong>Standards</strong> Committee developed numerous successful communication<br />
standards, (such as the CP-01 False Alarm Reduction standard released initially in 1994) to<br />
mitigate the false alarm problem that had plagued the industry. In 2001, responding to the imminent<br />
convergence of security and IT, <strong>SIA</strong> <strong>Standards</strong> launched a new program called OSIPS (Open,<br />
System Integration, and Performance <strong>Standards</strong>). The OSIPS initiative was to be the underpinning<br />
of a strategic plan to bring increased relevance to and extract market impact from <strong>SIA</strong> <strong>Standards</strong> in<br />
the face of the changing electronic physical security landscape. The OSIPS initiative was tasked with<br />
developing a family of open standards that would enable the interchange of information between<br />
security system components and both security and non-security systems. In addition, the family of<br />
standards would include standard measures of component performance.<br />
In the past decade, with OSIPS as a primary focus, the <strong>SIA</strong> <strong>Standards</strong> Committee has created<br />
subject-oriented working groups to author and publish a number of standards for ANSI accreditation.<br />
As a result, OSIPS received federal government endorsement, which signaled to the security<br />
industry at large that interoperability is a shared business value for the entire community.<br />
In 2006, with ANSI considerations in mind, the <strong>SIA</strong> <strong>Standards</strong> Committee separated from the <strong>SIA</strong><br />
Board of Directors, giving it autonomy to elect leadership, form subcommittees and working groups,<br />
and set strategic direction independent of the board or <strong>SIA</strong> membership. The new charter of the <strong>SIA</strong><br />
<strong>Standards</strong> Committee was then codified in the <strong>SIA</strong> <strong>Standards</strong> <strong>Roadmap</strong>, dated March 14, 2007. This<br />
“<strong>Roadmap</strong> 1.0” described the goals and technical context of the revised OSIPS initiative in detail.<br />
While high-level goals may not have changed significantly since the publication of <strong>Roadmap</strong> 1.0,<br />
industry context certainly has. Most notably, we have seen the emergence of many other standards<br />
organizations — both inside the security industry and beyond. These new bodies are defining relationships<br />
among technologies that barely existed when our charter was first developed. <strong>Roadmap</strong><br />
<strong>2.0</strong> aims to address these landscape changes.
The Value of <strong>Standards</strong><br />
The ultimate value of standards is to improve the customer experience. This can mean many different<br />
things. A short list might include:<br />
• More features, better competitive positioning<br />
• Easier to use and install<br />
• Simpler to integrate<br />
• Easier to produce and maintain<br />
• More reliable, less support<br />
• Less expensive, better margins<br />
• Non-proprietary, open architecture<br />
• Better compliance with regulations<br />
In addition to these particular benefits, standards also create ‘meta benefits’ for the industry as<br />
whole. The most important of these is the overall market growth that we believe is fostered by<br />
product interoperability and simplified integration. We also believe that these industry benefits<br />
include reducing barriers to entry and promotion of competition by establishing a level playing<br />
field for new product innovation.<br />
The Value of Participation<br />
The best way to realize these values is to participate directly in the standards process. Companies<br />
that take an active role in standards development are able to:<br />
• Shape standards to make sure they meet customers’ needs.<br />
• Influence technology choices to ensure product compatibility.<br />
• Understand the long-term direction of the industry.<br />
• Learn what your counterparts are advocating.<br />
• Avoid obsolescence.<br />
• Gain credibility with partners and customers.<br />
• Enrich careers through visible industry participation.<br />
Being an active part of the standards process is an increasingly necessary aspect of global competitiveness,<br />
both for individual companies and the U.S. security industry as a whole. As a leading<br />
representative of the security industry’s interests, <strong>SIA</strong> encourages all stakeholders to take an active<br />
role in achieving the goals of this <strong>Roadmap</strong>.
Our Roles in <strong>Standards</strong><br />
In every standards community there are many roles and stakeholders: authors, publishers, educators,<br />
testers, manufacturers, integrators users — and, not least, a public forum in which dialogue<br />
can take place.<br />
<strong>SIA</strong> <strong>Standards</strong> is best known as an author and publisher, but these are not the only roles the organization<br />
can play. Below we outline four of the major capacities in which we will work to advance<br />
standards throughout the security industry.<br />
Authoring new standards will continue to be a primary activity of the <strong>Standards</strong> Committee.<br />
We embrace both formal processes (ANSI, ISO/IEC, etc.) as well as informal or de facto standards<br />
recognition. As the industry and technology evolve, there will always be a need for new standards<br />
development, and we will remain at the forefront of this effort.<br />
Publishing can be conducted apart from authorship and provides an independent value to the<br />
stakeholders, particularly when coupled with a review process that brings informal or de facto<br />
specifications to a wider audience. The prevalence of current de facto standards argues for a clearinghouse<br />
for industry norms that have no clear provenance. Publishing such standards under <strong>SIA</strong><br />
auspices provides similar value to first-hand authorship.<br />
Education is a constant need in our industry, and one that <strong>SIA</strong> recognizes as one of the “pillars” of<br />
value that we bring to our members. Education in the standards curriculum is a growth area for<br />
which we see increasing demand. Many users, integrators and manufacturers have expressed the<br />
need for structured information on how to use and apply industry standards. Providing practical<br />
guidance in this area is a role absent in the industry today. <strong>SIA</strong> intends to create new training<br />
forums both for both OSIPS and related industry standards.<br />
Harmonization Advocacy among standards bodies is an important activity, both to the industry<br />
and its customers. Harmonization is about encouraging cross-participation by constituents of different<br />
standards bodies, where there are commonalities, to avoid unnecessary and burdensome<br />
conflicts in resulting standards. With multiple organizations now providing overlapping standards<br />
for security products, vendors and buyers must often make difficult choices between ‘families’ of<br />
compatible products. Harmonizing standards would allow users to choose the products best suited<br />
to their needs. <strong>SIA</strong> will continue to advocate that standards be harmonized to the extent possible<br />
under their respective charters (as discussed at greater length, below).
Advocating Harmonized <strong>Standards</strong><br />
We believe that advocating harmonized standards should be a priority within the security industry.<br />
Given that several organizations are now contributing to the standards process, harmonization<br />
promises numerous benefits, from lowering product and training costs to higher compatibility and<br />
functionality.<br />
But harmonization is also one of the least understood topics in the standards community. It is often<br />
taken as implying that two standards should be made “the same” or “equivalent”. But if that’s what<br />
advocates meant, it would be no different than simply merging standards or replacing one with<br />
another.<br />
Rather, it’s about taking steps to avoid unnecessary inconsistencies, conflicts and confusion. We<br />
believe that each organization may have differing ‘sweet spots’ or centers of gravity for different<br />
standards that might otherwise seem to overlap. Harmonization is an effort to recognize that there<br />
might be a market force for overlapping standards, but that there need not be unnecessary or<br />
problematic inconsistencies where the issues or use cases are similar.<br />
In practical terms, there are four broad principles that can guide this goal:<br />
A Shared Reference Model would provide a single nomenclature for the system components and<br />
interfaces in the industry. This would permit relevant standards — regardless of origin — to be<br />
consistently classified so that stakeholders have a shared frame of reference.<br />
Common Data Definitions would facilitate the exchange of information across multiple system<br />
interfaces that may be governed by different underlying standards. In any large system, many of<br />
the same data elements will be shared across multiple interfaces. Harmonizing these data elements<br />
means simpler development and integration of products.<br />
Harmonized Use Cases would provide a common description of the behaviors a system must<br />
exhibit to accomplish a specific task. Because use cases drive the interface behaviors that standards<br />
describe, these real-world scenarios should be aligned as much as practical across standards bodies.<br />
Complementary standards can be non-overlapping so that it is clear which standard is most appropriate<br />
for a given objective. Complementary standards would allow for the possibility of using<br />
standards from multiple sources for different parts of an overall system design.<br />
The <strong>SIA</strong> <strong>Standards</strong> Committee is dedicated to advocating harmonization across the security industry,<br />
and providing a forum for open discussion of opportunities for collaboration and commonality<br />
across standards.
Formal and International <strong>Standards</strong><br />
As an ANSI <strong>Standards</strong> Development Organization (SDO) providing electronic physical security<br />
industry standards, <strong>SIA</strong> has ensured that any major standards efforts meet the essential domestic<br />
requirements for openness, balance, consensus and due process. The ANSI accreditation gives <strong>SIA</strong><br />
strength and credibility within the industry. We intend to continue to use this strength to advocate<br />
standards within the industry, along with less formal routes that may be useful in particular situations.<br />
In addition to national standards, <strong>SIA</strong> also intends to pursue standards with international relevance<br />
and applications. For the past few years, we have monitored and advised proceedings of global<br />
standards organizations including the International Organization for Standardization (ISO) and the<br />
International Electrotechnical Commission (IEC), and we are in the process of officially becoming<br />
a member of the U.S., Technical Advisory Group (TAG) for participation in industry relevant working<br />
groups. Being an ANSI SDO provides a clear path for international recognition of <strong>SIA</strong> <strong>Standards</strong><br />
initiatives, and for extending the influence of <strong>SIA</strong> standards beyond the U. S.<br />
Regulatory<br />
For many products in many markets, regulatory compliance is the primary driver of standards<br />
definition. In the U.S., for example, many aspects of the security industry are driven by regulations<br />
developed by our federal government — from encryption to identity management to privacy.<br />
For the security industry, one of the most significant new bodies of regulations to emerge in this<br />
context is the Federal Identity, Credential and Access Management (FICAM) <strong>Roadmap</strong> and Implementation<br />
Guidance (November 10, 2009). The security requirements established in this publication are<br />
driving the next generation of physical access control systems and how they interact with the rest<br />
of the enterprise.<br />
FICAM currently references the <strong>SIA</strong>/ANSI OSIPS standards as normative requirements for new federal<br />
security systems. It is therefore important that related standards within our industry continue<br />
to be harmonized with this core set of requirements that are central to the federal regulatory<br />
environment.<br />
In the harmonization effort among standards bodies, <strong>SIA</strong> will continue to maintain consistency<br />
with existing federal requirements of <strong>SIA</strong>/ANSI OSIPS publications, and maintain our current normative<br />
status with the federal government.
Priorities<br />
The <strong>SIA</strong> <strong>Standards</strong> Committee has established to following priorities for executing the <strong>Roadmap</strong>.<br />
Prioritize <strong>Standards</strong> Activities by Business Need<br />
To date, OSIPS component interoperability standards have focused on abstract data models rather<br />
than implementation. This approach exhibited a lengthy development period with no implementable<br />
results. The Committee will now identify which functional aspects of standards are in<br />
most demand within the industry, but not yet addressed by existing standards.<br />
Direction: On a sub-committee basis, identify a core set of industry business priorities that are<br />
not yet addressed by other standards organizations. Our surveys and strategic research are a rich<br />
source of data for this exercise.<br />
Achieve Demonstrable Results within 12 Months<br />
It is our goal to publish new <strong>SIA</strong> standards and demonstrate implementations on an accelerated<br />
schedule, based on our new leadership and committee structure.<br />
Direction: On a subcommittee basis, fast-track one or more standards that result in published<br />
specifications and demonstrable product interoperability (‘plug-fest’) within 12 months.<br />
Establish an Education Program<br />
<strong>SIA</strong> will leverage our educational expertise to meet the demand for training and courseware for<br />
standards education.<br />
Direction: Consistent with our education mandate, establish a standards education program<br />
within 12 months.<br />
Harmonization Advocacy<br />
Maintaining compliance with redundant, overlapping standards is expensive for manufacturers,<br />
and brings no additional value to end users. Future standards development should therefore seek<br />
to avoid further fragmentation of the manufacturer and user community with additional standards<br />
that address identical subject matter.<br />
Direction: Incorporate the concepts of harmonizing into our own pursuit of standards, and advocate<br />
the same in industry forums and direct outreach to other standards organizations.