The rise and fall of British Standards for security systems; by Mike Cahalane.
Harmonised European standards have been in existence for many years, but in 1985 the EC Council of Ministers adopted a resolution setting out a new approach to the use of standards in Community law. Under this "new approach", directives made under Article 100A of the Treaty of Rome set out the essential requirements for standards in member states. Harmonisation of the technical detail should be achieved by reference to relevant harmonised standards.
The status of harmonised European standards
Harmonised standards are drawn up by one of the European standardisation bodies under a mandate from the European Commission (EC). The standardisation bodies are usually the European Committee for Standardisation (CEN) or the European Committee for Electrotechnical Standardisation (CENELEC). The British Standards Institution (BSI) is the UK member of these two European organisations, and representatives from the interested industry sectors sit on the relevant European and BSI committees. Harmonised standards should follow general rules agreed between CEN/ CENELEC and the EC. Having completed negotiation, such standards are published as Euronorms (ENs).
Prior to adoption, harmonised standards are circulated as draft or pre-Euronorms (prENs). After adoption by CEN/CENELEC they are published verbatim in each member state by the national standards-making organisation (BSI in the UK). Thus, an EN is published by BSI as BS EN etc. The ENs can be subject to an EC directive or they can be voluntary. Either way the process is the same.
In 1985 all CEN/CENELEC members agreed that work on new national standards will not start if work on an equivalent EN has been initiated, (the standstill agreement) and that any conflicting national standards should be withdrawn once the EN is published as a national standard.
A current British Standard (BS) may not however, have an exact equivalent in ENs, thus the former can continue as an operative BS until all of its specifications have been properly superseded.
The background to security systems standards in the UK
BS4737
BS 4737 is a series of 21 British Standards first published in 1971 covering detectors, signalling equipment, installation, maintenance and the service of intruder alarm systems. It has been the foundation in the UK upon which regulation of the installation companies and essential police response has been built.
In 1989 CENELEC and BSI commenced work on a new series of European Standards for security systems in a series 5013X.X.
EN 5013X.X
In 1989 the newly designated European Norms (Standards) in the series EN5013X.X consisted of some 72 separate documents. Of these some 33 documents were seen as the replacement for the BS 4737 series, whilst the others dealt with CCTV, access control and social alarms. The work to develop these documents was allocated through eight BSI committees populated by security industry nominated representatives.
In addition, 12 European working groups were populated with representatives from the various interested European countries. The first of these new European Norms, BS EN 50130-5 Alarm systems – Part 4 : Environmental test methods, was published by the BSI in 1999.
By 2000 what was soon to be recognised as an overly ambitious list of 78 prospective ENs had been reduced to 33. Of these, just 19 completed the CEN/BSI process for publication. And just two of the 19 could be generally described as resembling part of the BS4737 series. They were BS EN50131-1: 1997 Alarm systems – Intrusion systems -Part 1: System requirements, and BS EN 50131-6:1998 Alarm systems – Intrusion systems – Part 6: Power supplies.
BS EN50131-1: 1997
BS EN 50131-1: 1997 Alarm systems – Intrusion systems – Part 1: System requirements, introduced a ’risk based approach to designing security systems based on the risk and the anticipated skill of the burglar. BS EN 50131-1: 1997 was not a direct replacement for significant parts of the BS4737 series, because it did not include particular requirements i.e., deliberately operated devices, control and indicating equipment, warning equipment, maintenance and service. Incorporating BS EN50131-1: 1997 into a fully compliant system was not possible because of omissions and it was deficient in other ways. In such circumstances BS4737 continued as the accepted national standard of compliance in the UK.
PD6662: 2000
A PD is a published document in the BSI system and is said not to be a standard. PD 6662: 2000. Scheme for the application of European Standards for intruder alarm systems, was intended to deal with these difficulties. It called up a number of the BS4737 series documents together with selected requirements not present in BS EN50131-1: 1997. The purpose was to facilitate the specification and installation of intruder alarm systems that could be said to comply with BS EN50131-1: 1997 while retaining those parts of the BS4737 series that might otherwise become subject to withdrawal as a national standard. A further aim of PD6662 was to adopt the grading system set out in BS EN50131-1: 1997.
An overriding factor in the development of PD6662: 2000 was the implied threat that a conflicting national standard (in this case BS4737) had to have a ’date of withdrawal (DOW) following the publication of an EN once it reached the BS EN stage. Some might see this as a contradiction given that BS4737 was a tried and tested regulatory process complete series of standards involving some 21 documents, well understood by all users, whereas BS EN 50131-1: 1997 could not be complied with. It was also the only one published part, the other 18 EN documents still being debated in the European CENELECC/TC 79 drafting committees.
Even so, in 2000 the European committee for security systems, decided that publication of BS EN50131-1: 1997 required that a ’date of withdrawal (DOW)– for national standards be set for September 2003; six years after publication of an EN that could not be implemented. This decision can be compared with applying the brakes long after the engine had run off the track. Confusion reigned, some thought that the DOW meant that all of the BS 4737 series had to be withdrawn on that date, others believed it meant the exception of those parts that did not conflict with BS EN 50131-1:1997. Others believed that a DOW should only be set when the whole suite of 19 BS EN documents was published.
Indeed, PD6662: 2000 included the following advice in the foreword: "A series of European Standards for intruder alarm systems is being produced which will eventually replace a number of British Standards for intruder alarm systems. Some European Standards in the series have been published, others are in draft format, and work has not started on the remainder. Once the whole series of European Standards has been published, BSI will be required to withdraw conflicting British Standards. The date for such a withdrawal has yet to be established."
This latter view is supported by the criteria set out by CENELEC for Harmonised Standards.
One step forward, two steps back
The DOW decision by TC79 caused considerable problems because it was not clear which parts of BS4737 conflicted with BS EN50131-1: 1997, although it was clear that BS EN50131-1: 1997 was a problem in itself having never been proved capable of compliance.
The other alternative was to ask that CENELEC agree a derogation for BS 4737 but this was said to be unobtainable although the French had done so for their own national standard. Many installers in the BSIA were disconcerted by the situation. BSIA technical manager, Alex Carmichael, said: "The BSIA, together with a number of our European counterparts has asked CENELEC to reconsider its decision. We feel that our members have been asked to meet an unrealistic deadline of September 2003 and that customers will be confused by the situation, especially following all the recent changes brought about by DD243: 2002:
"Introducing EN 50131-1 prematurely, before other complementary product specification and application standards are available means that many aspects of BS 4737 will continue to remain in use alongside the new standard. Inevitably this will cause confusion. In addition, EN 50131-1 is itself currently under review, with the revised version due to be issued in under two years."
The BSIA says the introduction of EN50131-1 is premature because there are still many European standards for intruder alarms outstanding. The BSI (British Standards Institute) committees will also be required to make amendments to standards that conflict with EN 50131-1.
PD6662: 2004 was an endeavour to fix the problem. The BSI drafting committee GW/1/2 acted on the BSI advice they were obliged to review the BS 4737 series and select those clauses that could be retained. The preceding circumstances laid the ground for a continuing and substantial bureaucratic muddle.
prEN50131-1: 2004
BS ENs are subject to a five-year review. prEN 50131-1 Alarm systems – Intrusion systems Part 1: System requirements, was published as a draft which would subsequently replace BS EN50131-1: 1997, once it had passed through the CENELEC / BSI process. Although BS EN50131-1: 1997 had been ignored by the UK for the previous six years, it might be seen as to include prEN50131-1: 2004 in PD6662: 2004, even though it was only a draft and might not have compliant capability. Some might see this as postponing a brewing problem.
PD6662: 2004
The security systems installers regulated by the NSI and SSAIB are required to comply with published BSs and BS ENs. The installers had been made subject to published PDs, even though PD6662: 2000 could not be complied with because it incorporated BS EN50131-1: 1997, which also could not be complied with. The publication of PD6662: 2004 was intended to introduce BS EN systems that could be assessed as compliant from October 2005 (the March 2004 DOW for BS4737 " Parts 1 and 2 had become a pressing imperative). PD6662: 2004 came with a date of implementation of October 2005, as confirmed in BSIA Form No 171: Guideline for the use of the D6662:2004 scheme for the implementation of prEN50131-1:2004. PD6662: 2004 included the following guidance:
"It should be noted that BS EN 50131-1, Alarm systems – Intrusion systems – Part 1: General requirements, was issued in 1997, but despite two amendments has not been widely used by the UK alarms industry. The standard is undergoing a major revision and the latest draft, prEN 50131-1:2004 has been issued for comment. In the UK it has been agreed that prEN 50131-1:2004 will be called up in this PD and will be used as the UK standard for I&HAS installation until the revised EN 50131-1 is implemented as a BS EN. For the purpose of use within the UK, this action will have the effect of "freezing the current edition of the prEN 50131-1 and give UK industry a period of stability. This is necessary because of the withdrawal of BS 4737. The guidance in PD6662: 2004 confirmed that prEN50131-1: 2004 would be replaced by a subsequent BS EN. Inevitably, PD6662: 2004 would also become subject to revision. The regulated installers are dependent on the advice of their inspectorates, the NSI and / or SSAIB, regarding any relevant new inspection criteria resulting from the publication of any new requirements. The following advice was circulated to the installers by the NSI in an ’Industry Statement dated September 21, 2006 regarding the publication BS EN50131-1: 2006 and PD6662: 2006.
"PD 6662:2004 is being revised to call up the new edition of EN 50131-1 (when published) and to include other requirements that are important to the implementation of the European Standards for intruder and hold-up alarm systems. It was expected that PD 6662: 2006 would be published with an implementation date of October 2006, but due to the delay in the publication of EN 50131-1:2006 this has not occurred.
It is necessary to implement these standards-specifications in a practical way to
minimise any negative impact a rushed implementation may have on the industry. Therefore the following implementation plan has been proposed by the main UK industry organisations that: -Compliance with PD 6662: 2004 including amendments No1 and No2 will be implemented with the exception of the use of DD CLC/TC 50131-2-6: 2006 from October 2006.
Junction boxes used in all Grades of systems will need to be environmentally classified, having been environmentally tested to the same environmental tests as specified in TS 50131-2-2 (Table 6 and Table 7 refer) and this will be implemented from April 2007.
(Note: In the new edition of EN 50131-1 Junction box tamper detection is mandatory in Grade 3 and Grade 4 systems and optional in Grade 1 and Grade 2 systems.) DD CLC/TS 50131-2-6: 2004: Requirements for Opening Contacts. This technical specification is called up in PD 6662: 2004, but due to manufacturing issues and training on installation methods its implementation will be delayed. On the implementation date, the "Note" immediately beneath Table 12 of pr EN 50131-1:2004 will no longer apply. The implementation date will be from April 2007. Compliance with the new edition of PD 6662 incorporating EN 50131-1:2006 and any amendments that take account of the publication of any Standards and technical specification and industry requirements in the interim will be implemented from October 2007.
It is important to remember that the dates stated above are based on the publication of the relevant documentation at the expected time. The industry organisations believe that the above proposals will allow a structured implementation to the 2006 version of EN 50131-1 with minimal disruption to the industry. As the new edition of PD 6662 should be published well before the implementation date, installers who can source the equipment may, if they so wish, install to this new PD 6662 prior to October 2007.
The above industry statement is approved by ACPO and ACPOS. All well and good, you might think. Clearly the NSI and SSAIB had to address the practical issues of implementation for the expected new requirements. But once again the European spectre that has bedevilled ’national standards in the UK, since the ’standstill agreement of 1985, has thrown it all up in the air again.
BS EN50131-1: 2006
BS EN50131-1: 2006 Alarm systems – Intrusion and hold-up systems – Part 1: System requirements, was published by the BSI on November 30, 2006. It is clear that the publication of BS EN50131-1: 2006 meant that any previous conflicting standard must be withdrawn in accordance with the general rules agreed between the BSI / CEN / CENELEC and the EC. It is also clear that prEN50131-1: 2004 and PD6662: 2004 would both be obsolete and under the rules must be withdrawn.
The ’Industry Statement
On May 21, 2007 the following press release was issued by the BSIA, IPCRes, NSI and the SSAIB, on the continuing implementation of new or revised European intruder alarm standards " it was titled ’The Industry Statement:
"The introduction of new or revised European Standards or Technical Specifications in the EN 50131 series for intruder alarm systems continues to be a challenge to the industry. Having regard to delays in the continuing development of other European draft standards in the family of the EN 50131X.X series, and in the interests of stability for the industry and its clients, the following statement has been prepared: It has been agreed that the adoption of BS EN 50131-1:2006 by the industry will be deferred until further notice. The above industry statement is approved by ACPO and ACPOS.
Whilst it is an understandable position on the part of those who issued the ’industry statement, given the history of the development of European harmonised standards intended to replace national standards, and the circumstances outlined above. Even so, there are several points that cause further concerns.
The claim that this group represents "the industry and thereby has the ability to make such arbitrary agreements, when they has no mandate to speak for the whole of the security industry affected by the statement is bogus. For example the BSIA website quotes that its members provide over 70 per cent of UK security products and services. Many will question whether this is correct in the case of the technical security industry to which EN 50131 applies. It cannot be said that the NSI, SSAIB or IPCRes represent the installers, users, or other associations who have an interest.
Quo Vadis
BSI committees GW/1 and GW/1/2, are responsible for the UK participation in drafting of both British and European Standards. The BSI lists those parties represented on these committees:
Association of British Insurers.
Association of Chief Police Officers.
Association of Security Consultants.
Association of Social and Community Alarms Providers.
British Telecommunications plc.
British Security Industry Association.
Electrical Contractors Association.
National Security Inspectorate.
Security Systems and Alarms Inspection Board.
While the BSIA, IPCRes, NSI, SSAIB and ACPO can speak for themselves, they cannot be said to speak for the other parties at GW/1. Indeed the statements they have jointly issued give the impression that the long-time and extensive pro-bono participation and/or views of the others can readily be ignored. It is clear that those parties not consulted by those that issued the so-called industry statement have every reason to see the snub as discourteous in the least, if not downright arrogant.
It is understood that once an EN standard has been published, the UK has to adopt it. When problems arise that make it difficult to implement a standard it then puts everyone in a complex position which can lead to a loss of confidence in the standard-makers.
A bottomless pit of costs and resources and unresolved issues
For virtually ten years there has been no BS EN in place to replace BS4737 and this so-called ’industry statement presents a confusing spectacle to any outside observer. Further, over the same period the installers have been subject to training exercises related to all of these failed documents and procedures. This has been a costly exercise, given that many of the courses have been chargeable, and have been a diversion of management from the imperative that they continue to provide compliant installations and service to the end user. How those installers feel today is probably unprintable.
How have the installers dealt with the vagaries and uncertainties of these transient conflicting ’standards particularly in regard to the so-called grading of systems? It is doubtful that any risk assessment referred to in DD CLC/TS50131-7 can be relied on in terms of assessing ’value as this would normally be based on a declaration for insurance purposes. Unsurprisingly, the installers have sought to minimise these issues and attendant risks. It is doubtful that in such circumstances an installer can realistically provide systems above a Grade 2 installation unless they have a specific written authorisation to do so. Equally, no inspectorate is in any position to question the efficacy of that given that they are in no position to act as risk assessors having no qualifications equivalent to those usually applied by the insurance industry. Installers and inspectorates are clearly not insurers.
Note: A TS is a Technical Specification document published by ISO, IEC, CEN or CENELEC for which there is the future possibility of agreement on a European Standard, but for which at present the required support for approval as a European Standard cannot be obtained, there is doubt on whether consensus has been achieved, the subject matter is still under technical development, or there is another reason precluding immediate publication as a European Standard; usually implemented by BSI as a draft for development (DD)
Summary
In 1979 CENELEC (European Committee for Electrotechnical Standardization) Technical Committee for Alarm Systems, determined that work on new standards for security systems would wait for those being developed by the IEC (International Electrotechnical Commission). In the meantime the national standards committees of the EC and EFTA countries decided there would be a ’standstill by on new standards for security systems other than the completion of those already in preparation. Nine years later in 1988 CENELEC decided the IEC documents were unsuitable and in 1989 work commenced on a new series of European Standards for security systems. In the meantime, the BSI published the last of the BS 4737 series in 1988, and against the advice of many decided to make the major documents in the series obsolete in anticipation of a further revision of BS EN50131-1: 1997. Ten years on from BS EN50131-1: 1997 compliance with BS EN50131-1: 2006 is being deferred. This raises questions regarding PD6662: 2004, which we have been led to believe was able to rely on prEN50131-1: 2004 as a replacement for the withdrawn parts of BS4737. However, the publication of BS EN50131-1: 2006 must surely make prEN50131-1: 2004 obsolete, in which case PD6662: 2004 provides no basis for compliance as it is clearly, under such circumstances, a national standard that has no recognition or agreed derogation by CENELEC/CEN.
Advisors, consultants, and security managers, appear to be in a very awkward situation. As someone once said, no one ever got sacked for buying IBM. The problem is that the security industry ‘IBM’ of BS 4737 or BS EN is not actually there anymore because certain parties have kicked them into touch and said so publicly.
The BSI, the recognised UK standards body, has signed up to a mandate from the European Commission (EC). GW/1 and GW/1/2 carry the ball for that mandate, which clearly requires that an EN must be replaced by a subsequent EN. Thus PD6662: 2004 has a questionable validity and may not be a reliable source of proven conformity if it has no legitimacy. We are entitled to ask " if prEN50131-1: 2004 was acceptable for inclusion in PD6662: 2004, why is BS EN50131-1: 2006 unacceptable to those who drafted the ’industry statement? And why have they gone outside of the BSI committee, given they share responsibility for publishing the document they now want to walk away from?
The train of events does raise questions regarding the management by CENELEC and BSI regarding the transition from national standards to functioning BS ENs, because at every stage it appears that time-scales, advice, process and production have always been out of sync. Confidence in the whole system is in serious disarray. What we appear to be left with is an entirely risky basis for advice. The risk is no longer so simple as to say BS this or BS that. Neither can we have confidence that any ‘limitation of liability’ can be relied on in such circumstances when set against a duty of care.
In the situation described, what advice can be given to any client who requires a ‘fully compliant’ security system, when there is no substantive proof that any recommendation made in relation to the documents referred to can evidently be relied on. And in the event of a really substantial loss where does the bouncing ball stop – at the consultant, the security manager, the client, and/or any in-house advisor. Of one thing I am sure, the BS 4737 series should never have been accepted for a DOW until all of the ENs had been published. One solution would be deferring PD6662: 2004 followed by application to CENELEC for derogation for BS4737 until the whole series of ENs are published as BS ENs. What seems perfectly obvious is the original aim of the Harmonised Standards " Directives are mandatory, BS ENs are voluntary – but in either case they should at the very least be operable.
