Resiliency in Central Station Operations - Industries

advertisement
UL’s Central Station Service Certification Program – Resiliency in Central Station Operations
In January 2016, UL recently published two Certification Requirement Decisions (CRDs) that facilitate acceptance
of contemporary technology and business practice in the professional monitoring industry. Collectively, they:



Provide requirements that address virtual technologies so these can be used to help provide resilient,
economically feasible delivery of services
Recast automation system resiliency requirements in performance terms, enabling industry to make use
of the latest technologies quickly, without the need to change prescriptive solutions enumerated in a
Standard
Provide a framework for collaborative partnering and resource sharing between service providers that
leverages the latest NIST Cloud Computing recommendations
Publication of these CRDs gives UL’s customers immediate compliance options – essentially a parallel path to
compliance. They express UL’s interpretation of the intent of current requirements in a manner that may be
more conducive to flexible application in contemporary monitoring centers. UL customers that have fashioned a
compliance strategy around the existing UL 827 language will be unaffected by these CRDs as they simply
present alternative options to, not replacements for, existing requirement language.
UL will immediately enter these CRDs into UL’s Collaborative Standards Development System as revision
proposals for full STP consideration and formal integration into UL 827.
Technical Specifics
The 8th edition of UL 827 was published in October 2014. The objective of the Standards Technical Panel (STP)
was to revise 7th edition language so that contemporary issues were better addressed. The resulting framework
is a much better fit for a modern central station. Occasionally, however, specific language and a “prescriptive”
approach to requirements proved to be limiting in application.
In response UL has published a pair of Certification Requirement Decisions (CRDs). The language of the CRDs
presents the intended performance levels out of the prescriptive language. The intent is to more clearly define
outcomes, without specifying the required technology or specific methods of achieving those outcomes.
Certification Requirement Decision Overview
Note - In all cases, please see the CRDs for exact language to be used for certification decisions.
Virtual Machine (VM) Technology
A conflict of correlation regarding VM technology exists between the language of UL 827, 8th edition and that of
UL 1981, Standard for Central Station Automation Systems, 3rd edition.

UL 827, clause 17.6.2.2 states that a VM cannot be used as a substitute for a separate computer system
required for resiliency

UL 1981, clause 7.5.1 allows virtualization under defined conditions, including guaranteed resources and
priority for an automation system; and when redundancy requires, that the VM reside on a separate
whole hardware system
Based on a review of standards development documents for UL 827 and discussion with STP members, the
intent of UL 827, clause 17.6.2.2 is better expressed by the language of UL 1981, clause 7.5.1.
The CRD covering UL 827, clause 17.6.2.2 resolves the conflict of correlation by using the referenced UL 1981
language as a base. UL will accept use of VM technology that complies with the CRD.
Minimum Monitoring Equivalent Weight (MEW) factor resiliency requirements
Clause 17.6 presents a tiered set of computer system redundancy and operational requirements built on a MEW
factor framework. In general, as MEW factor increases, a Central Station becomes responsible for elements of
security impacting a larger constituency. This means that the consequences of a large Central Station failure
represent an increased risk to the community at large. Requirements of clause 17.6 mitigate that increasing risk
with measures that increase service resiliency with Central Station size.
Unfortunately, the resilience requirement language in UL 827, 8th edition uses prescriptive language that has not
changed as quickly as developments in technology. It is difficult to apply language tailored for equipment
commonly used in central stations 10 years ago to contemporary technology and practices.
The CRD covering clause 17.6 pulls out and highlights the essential performance elements from the current
language. Performance-based requirements are presented as an alternative to the current language for those
Central Stations using more contemporary equipment and methods. While UL believes that arrangements that
comply with the current language would also comply with the alternative performance-based requirements, the
current language will be kept in place in the interest of clarity. The Collaborative Standards Development
Process will allow engagement with the wider community on appropriate final language for the future.
Type of Automation
System Employed
None - Manual
Signal Processing
Susceptible to
single fault failure
Maximum
MEW
Second Fault Fail-over
Accommodation
Section Reference for
Details
None
None
17.6.1
Manual
None
17.6.1
Automation
System
Automation
System
Automation
System
Manual
17A.6.2
Automation System*
17A.6.3
Automation System*
17A.6.4
999
999
Single-fault tolerant
9,999
Two-fault tolerant
Two-fault tolerant,
with redundant site
First Fault Fail-over
Accommodation
99,999
Unlimited
* Central Station not required to maintain manual signal handling capability
Facilitating Business Partnerships
Clause 17.8.4 currently prohibits intercompany sharing of computer equipment that hosts automation systems.
Research shows that this requirement was added to UL 827 in the mid-1990s after an incident where one
partner in a disaster recovery shared equipment scenario used the system to give its own customers
inappropriate signal handling priority.
While the risk of nonperformance by a business partner can never be eliminated completely, business practices
around shared IT resources and business models based on cloud computing have matured significantly in the
last 20 years. In May 2012, NIST published Special Publication 800-146, Cloud Computing Synopsis and
Recommendations, which codified appropriate risk mitigation factors.
Cloud computing business models enable new services and efficiencies that can benefit all stakeholders in a
professionally monitored alarm service. The CRD language for clauses 17.8A.3 & 17.8A.4 permits IT resource
sharing under the generally accepted risk mitigation principles of NIST 800-146, as they apply to Central Station
partnering arrangements. This approach, when combined with the third party oversight of the UL Certificate
Service Program, enables technologically advanced services & efficiencies, while also providing stakeholders
with contemporary risk controls.
Communication Path Diversity
Clause 12.1.5 specifies the use of two independent Internet service providers (ISPs) or two independent
managed voice facilities network (MVFN) providers for receipt of signals from monitored alarm systems. Based
on review of standards development documents and discussion with STP members, the intent was to assure a
degree of communication path diversity into a central station.
While the prescription of two independent providers will likely provide a degree of path diversity, it is also
possible to provision diversity directly via some providers. UL considers the intent of clause 12.1.5 met when
contracts are in place that lock in defined path diversity similar to that which would be obtainable through the
use of independent providers.
Clause 12.1.7 addresses voice communication channel diversity in a similar manner. UL considers the intent met
when contracts with a single provider are in place as described for signal path communications.
Summary
The net effect of these Certification Requirement Decisions is that central stations will be able to use up-to-date
technology and employ IT best practices to achieve compliance with UL 827 resiliency requirements.
For more information please contact UL at alarmcertificates@ul.com or visit ul.com/alarmcertificates.
Download