How Do You Feel About NFPA 730 & 731 Impacting Security Requirements?

For those that do not know, these are currently recommendations by the NFPA on security minimums. They are actually quite inclusive and a good start. I have a hand in these recommendations and I am a advocate. There are many that push back and do not want them.

This morning I scanned the discussions topics and some of the remarks. There are many here that practice excellent installation methods and techniques. I am just in a state of confusion as to why this nearly 10 year old "recommendation" meets with so much industry resistance.

Would anyone who opposes it care to shed some light?


Mark, I have never heard of those reports. How does one even read it? Does each person need to buy it for $46.50 or?

Yes Jon, they are NFPA documents, thus they are a profit center. They were written a couple of years after 911 and essentially are an attempt to "standardized" security in much the same manner as fire alarms. 730 is a "3 or 4 page "here is what you should do" and 731 is a much longer "here is how you do it" for security. Just one of the things for instance is that every new construction facility should have a security assessment by a qualified individual. The plans would have to have a CPP or PPP stamp just like an electrical engineer.

I read about the security mandate and how AXIS felt about it. It jogged my memory of this code fight here.

Many (or most) in our industry are dead set against these recommendations becomming code. It was debated again last year and defeated. I think these folks are just flat wrong in their thinking. What could be better for sales than code mandated security? I would liken it to the ADA in some ways. It spawned a lot of sales for a lot of companies.

I was just looking for feedback from members.

you should be able to find a small number of references on google. I bought them when they were first released, years ago.

I'm hearing good reviews about it. Most people I talk to think this will be here in 2015.

Liability from installations, before the code takes effect, is probably the main concern.

"Liability is a big concern, according to Gittens. The revised NFPA 730 would include a sample ordinance, and “once you have a sample ordinance it’s very easy for a municipality to put it into effect, and if something goes wrong in a premises that was installed before this, security companies, security installers and designers may still be liable for not being up to code.”"

What does bother me about Standards and Codes are the parties that create them and what their true intentions are in creating them. Is it financial business reasons or are they truly saftey & security reasons? Here is an example of a few who where originally behind the creation of the standard. PDF is from 2005. Conflict of interest? Would a panel of non-industry people be more ethical and ballanced or just as influenced from lobbying?

Is this for fire, burg, video, access, all of the above?

I am trying to understand whom this would apply to.

Here is the NFPA 730: Premises Security Code Proposed 2014 Edition (First Draft Report).

Kind of funny...if you look towards the end at the Final Action part, you will see crossed out words and replaced words. Just like in your blog post "Stop Careless Mistakes"

NFPA 731

Here is the Balloting Version: First Draft Proposed 2014 Edition NFPA 731 :

In the Current 731 Draft (Bottom Page 8)

4.4 Personnel Qualifications.
4.4.1 System Design.
4.4.1.1* Persons who develop plans and specifications in accordance with this standard shall be experienced in the design, application, installation, and testing of electronic premises security
systems shall develop plans and specifications in accordance with this standard as required by the
AHJ Persons who are experienced in the design, application, installation, and testing of electronic
premises security systems shall develop plans and specifications in accordance with this standard as
required by the AHJ.
4.4.1.2 The system designer shall be identified on the system plans and specifications. design
documents.
4.4.1.3 Evidence of qualifications shall be provided when requested by the AHJ.
4.4.1.4 Qualified personnel shall include, but not be limited to, one or more of the following:
(1) Personnel trained and certified by the equipment manufacturer
(2) Personnel licensed and certified by state or local authority
(3) Personnel certified by an accreditation program or industry-recognized program acceptable to the
AHJ
(4) Personnel having completed a formal technical training program arranged by the security system
provider and acceptable to the AHJ

Despite the business that these codes could generate for consultants, many in the consulting community feel that they are broad and overreaching. While an argument can be made for legislating things that can have an impact on life safety, telling people how they should protect their property is a pretty big step.

There are many approaches to risk management, and doing little or nothing in terms of security is a legitimate choice provided the property owner is willing to live with the consequences. Having a code that tells you how to provide security and requiring that an "AHJ" sign-off on your security plan is a bit too much for many people, including security professionals.

As mentioned above, once codes like these become enacted anywhere, they can become a defacto "standard of care" that property owners everywhere may be judged against.

There is also a question as to whether the National Fire Protective Association (NFPA) should be the one developing security codes in the first place. Many feel that this goes far beyond their purview and that codes like these, if needed, should be developed by other organizations (such as UL or ASIS.)

John....here is the part you would probably be interested in.

Annex B Camera Specifications (Starting in the Middle of Page 73
This annex is not a part of the requirements of this NFPA document but is included for informational
purposes only.
B.1 For cameras placed to record images at a point of customer transactions, such as a teller
window, the area of interest (face, license plate, etc.) should cover a minimum of 15 percent of the
camera's field of view under normal resolution of 300 horizontal lines (HL) or more. Action within the
scene requires that at least 20 percent or more of the overall width of the scene be used. For an
average human head that is 15.24 cm (6 in.) wide, a 0.914 m (3 ft) wide field of view meets this
guideline. For a license plate width of approximately 304.8 mm (12 in.), a 1.83 m (6 ft) field of view is
sufficient.
The focal length necessary to achieve an approximately 0.914 m (3 ft) wide field of view for a given
detector size and camera-to-subject distance is provided in Table B.1(a) (SI Units) and Table B.1(b)
(U.S. equivalent units). The camera has to be in focus at the position of this subject.
Table B.1(a) and Table B.1(b) are based on the following calculations using either the scene width
formula or the scene height formula.

This is the 2014 edition right? Not 1996?

What jurisdiction does the NFPA have on video surveillance? I genuinely am confused. Can someone clarify this?

Surely, the NFPA can issue guidelines, recommendations, standards, etc. on anything but what force would they have on video surveillance? Is the AHJ going to review surveillance systems?

None right now. That's the thing. They're standards, not codes.

A code is only a code when it's adopted by a jurisdiction.

And inspectors aren't qualified to review security plans outside of their impact on life safety. That's one of the main reasons this is never going to be code, I think.

What is the process of a jurisdiction adopting a standard as a code? It's a law based by legislation or?

A government entity such as a city or county adopts a code through its normal legislative process. Typically, in a city government, a member of the city council would introduce an ordinance to adopt a published document such as NFPA 730, often at the urging of a constituent. The ordinance might adopt all of the document, or might delete or modify some provisions of the document. The ordinance would be voted on by the full council, and if passed, would be sent along to the mayor for his or her signature. Once signed, it has the full force of law until amended or repealed.

Most government agencies would probably also have some sort of public review and comment process during the period while the ordinance was being contemplated.

Often, well-meaning legislators will approve something like this without really understanding all of its ramifications. Unless someone knowledgeable of the subject notices that legislation is being proposed and steps up to take action, a law can be passed relatively unnoticed until enforcement action starts to take place.

Here's an anecdote of what Michael Silva is talking about, right from my own hometown. Incidentally, we talk at length about the 'politics of rulemaking' in our Access Control Fundamentals class session on codes:

Last year, my hometown rejected adoption of (ICC's) International Building Code that is the basis of most modern codes and is frequently cited by many laws.

Adopting IBC is routine and pretty apolitical in the vast majority of cases. However, in the case of my hometown, a strong 'anti-big government' and Libertarian contingent protested loudly. End result: elected councilmen rejected IBC in entirety.

PS: It is still rejected. I have no idea how local building inspectors or AHJs would respond to being challenged on something.

If it were to become part of the national code, it would filter down and (for instance) beocme part of the Southern Building code, which southern states generally adopt without change. For instance, NC adopts the Southern Building code, which is the NFPA. They sometimes do change a few things, becoming more restrictive than the original code. Florida has a far more restrictive fire code than the NFPA and there are jurisdictions within Florida that are more restrictive than the State code.

There are generally speaking, tweaks and turns on the code when the new code comes out every two years. They fix things, change things and make most things better. MOST. Sometimes we don't like the changes. Sometimes we do. The thing to remember is that this is not what the code will look like next year or 10 years from now. Input from professionals will make sure of that. Code officals and insurance companies have more input on the Fire rules than anyone else.

Zero...however if AHJ's adopt this code on a local level, then inspections would probably happen. Just like Fire Systems.

These NFPA 'specifications' really don't take a hard stance on anything. They perpetually yield to the AHJs judgement anyway, which is essentially the way things work now.

Also, parts of the language are just bad. Here's an example relating to video design:

7.2.6 Backlighting.
7.2.6.1* The camera field of view shall not have bright illumination behind the main subject.
7.2.6.2* When the backlighting conditions in 7.2.6.1 cannot be met or the scenes have extreme contrast, cameras and accessories having electronic compensation such as high dynamic range or backlight compensation shall be used.

6.1 has an (absolute) 'shall not' for a very common scenario in there, but 6.2 immediately sandbags it. Then they equate WDR with BLC, which are NOT the same, and use imprecise terms that may not solve anything. Miserable: Specs that don't do anything!

730/731 might have good intentions, but they are NFPA trying to creep scope into security. This is like SIA or even ASIS trying to tell fire alarm guys and A&Es they know the 'right way' to specify fire protection.

I am guessing these specs always stay on the fringes.

According to this document, ASIS was a part of it, at least in 2005.

AHJ have a hard enough time staying up to date with existing codes, adding more code for something that is none of the governments business is too much. I don’t care if it will drive sales my way, I have no interest in telling someone they have to do something because the government says so. Our economy is struggling, adding more regulation wont help our situation.

Dealing with AHJ on NFPA 72 is annoying enough as it is. Just let me do my job and let the private industry regulate itself. Most of the AHJ we deal with are part-time fire fighters, no offense but they have no business regulating the security industry.

"I have no interest in telling someone they have to do something because the government says so"

Guess you won't be moving to Dubai anytime soon...

p.s. good comment!

Note: I'm not a U.S. citizen

"Just let me do my job and let the private industry regulate itself"

How can a industry regulate it self? This is very strange for me as I see that most industries are not capable of self regulation. My opinion is that the industy has a narrow view on short term profit to be able to regulate it self.

I totally see that sometimes there are to many regulations on insignificant parameters, but total selfregualtion by the industry.... That is like putting a wolf as a shepard for sheeps.

First, our industry has been doing fine for years without significant federal or local intervention. Many states and local municipalities already require security installers to have low voltage contractors licenses and require permit approvals and final inspections, this is sufficient to ensure wiring is run properly. Consumers/business security decisions should be left to them and their security provider and no one else. We take the security of our customers very seriously and compartmentalize all of our work, including the work for the smallest residential customers. I do not feel comfortable involving 3rd parties in the design and implementation of our systems.
Second, consumers/business are growing more aware of what companies preform well and what companies do not. If a company under preforms consistently without improving they will go out of business (sometimes all it takes is one lawsuit). 30 years ago my father got into the business, at the time there were hundreds of security providers in our state, now only a few of those remain. They went out of business because they did not meet the customers expectations, free market breeds quality products and promotes competition.
Third, this would provide companies like IPVM and manufactures the opportunity to build business centered around industry self regulation. Companies like BBB, Angies List, Yelp and others have been created in the past. Why not for our industry?

A couple of words in defense of NFPA sticking its nose into security.

  1. I don’t think anyone on this form will disagree that there are some pretty poor installations that are underserving their owners or even in some cases exposing them to security risks.
  2. Where is ASIS in standards writing? They have standards for things like Organizational Resilience, the Maturity Model, or Supply Chain Risk – all good, but no good foundational standard on how to install and maintain a security system. So NFPA has stepped up to fill the void - that in my estimation should have been filled by the security professionals at ASIS.
  3. In Telecommunications we have BICSI and TIA with detailed standards on everything from wiring practices to rules on grounding. They even have standards for security systems. Telecom is thriving today and better off with good best practices to follow.
  4. If people follow industry standards, they have a good defense in case of litigation, or owner pushback on why it is so expensive to install a system the right way.
  5. Many decades ago, I was a fire alarm tech. my training was on the job, and after two days I was on my own. Some of the things I and my fellow techs did out of ignorance would not be tolerated today. What cleaned the fire alarm industry up was the drive to professionalize – State licensing, code/insurance requirements, and NICET certification has made a huge difference. The industry did this because life-safety was too important to leave in the hands of the untrained techs and slipshod companies. Does this ring any bells with anyone about the security industry?
  6. We are involved in life-safety too; I cringe at some of the maglock installations I have run across. My biggest nightmare is a security project that I am involved in would prevent or slow people in a fire evacuation! The thought of charred bodies piled up at a fire exit, should give all of us pause.
  7. I am not sure who the AHJ will be for a security system would be, we already deal with the fire marshal for egress issues, but for the rest of security, it may be the electrical building inspector. Or it might just be contract language – “the security contractor shall have an IPVM certified installer supervising the installation”
  8. If 730/731 are adopted, NFPA will bring the codes up to date, so we won’t have to install analog cameras and tape decks to comply.
  9. As far as being a Qualified Professional, there are plenty of training and certification opportunities that we all should be taking advantage of anyway, starting with IPVM certifications!
  10. If NFPA is successful in having their standards adopted into code, (which in my mind is a huge if) we will all be fine. When I was involved in fire alarms, we complained bitterly when we had to get our NICET certifications, but we are better for it, and our customers are safer today than they were when I was a fire alarm tech!

This is the overall point. It may be painful in the beginning, but the industry will adapt, they will learn, they will get more educated. This is a win/win IMO.

“the security contractor shall have an IPVM certified installer supervising the installation”

will the IPVM PR machine dare to praise mandatory IPVMU supervision? :-)

Mark,

It's actually quite simple. The electronic security market has grown from a burglar alarm business into what some estimate to be a $12 billion industry, all while being mostly unregulated. Although we've recognized for safety our components should have testing verified by UL or FM, our country has mostly held this is an industry based on art, not science. Just because you, in your expert opinion, believe an access control or CCTV system should be installed in a particular manner does not mean I, in my expert opinion, will agree with your method.

There is a broad spectrum of correct methods to design an electronic security system. Just as not every bridge designed by civil engineers will look the same, not every electronic security system will be engineered the same, nor should they. Innovators in our industry have come up with creative ways to employ technology. Regulation serves only a potential impediment to their creativity. For NFPA, BICSI, or any other organization (which create income through code or standard creation) to tighten the constraints on industry only serves those organizations.

In the United States, most jurisdictions operate under the International Codes, as amended and adopted by the several states. These codes either direct methods, or leave non-directed portions of an installation up to the freedom of the designer or engineer. The basis of our country's foundation is freedom. Let's keep it that way.

John, thank you for your response. I always tell my customers that every system is uniquely designed to meet their needs and address their specific concerns.

I have some customers who want to watch the parking lot or cash registers and others who watch employees assemble furniture for quality assurance and training. There is no code IMO that could possibly cover every concern that exists in the market.

I also don’t think it’s appropriate to involve a 3rd party with something so sensitive as security in a private business. Many of our customers come to us because of our ability to remain confidential. (This is one of many reasons I often dont disclose my name in these forums.)

With the cost of security decreasing, people are coming up with creative ways to use their systems. Security systems aren’t just about security anymore. Heck, I have one customer who has cameras on animals at the animal hospital, so the nurses don’t have to come in and check on the animals every hour at night.

I do not fundamentally disagree with anything you have written, I truely do not. Our corporate approach is much the same as is nearly everyone else's. Each system is uniquely designed to fit the customers needs. This proposal does not change that at all. Your customers can still have systems that are uniquely customized to fit their needs; the difference being all business should have basic minimums. My customers find unique uses for video and access control as well.

What the standards/codes are recommending are basic minimums, not maximums. Every one of us has seen buildings and businesses built without any security at all. This is a well meant effort (post 911) to try and ensure two things. 1st, basic minimums that all visitors and consumers can rely on and 2nd, that the equipment is maintained in good working order. Yes, customers would have to maintain their equipment in good working order, not just let necessary repair go until bad events happen to them. Security is all to often event driven.

It is worth mentioning that this is not a government sponsored effort. This is being led by the NFPA and its contributors (AHJ's) and particularly the insurance companies of our customers (very much like the fire industry). They have to write the checks when things go wrong. If they write the checks, they should have a voice. I know if I had to write the check, I too would want a say in the matter. The NFPA is involved because the path from standard to code has aleady been established. ASIS has no such establised path that exist that I am aware of, but I am equally as sure there were security professionals involved in writing the standards. In the limited number of times I have run into efforts like this that already exist, it has been retired law enforcement in charge, not fire officials.

Another benefit is that if the consumer were to have his plans evaluated by a certified professional for a minimum level of basic security, that would help serious professionals rid ourselves, (not entirely) of the trunk slammers that we all talk about. The customer can still have his needs met, the insurance company's needs are addressed to some degree, and the junky equipment as well as the people that sell it that we all see every day can begin to be filtered out of our industry. Self-policing alone has made some strides, but not nearly enough.

While not citing these NFPA drafts.....From this article it looks like the city of Gary, IN has an ordinance; has defined the general specs/placement of the cameras; and has named the AHJ as their local police department.

Similar things are happening around Wisconsin right now.

"The ordinance, which has been requested by the city’s Police Department, also would require that bar owners turn over any footage to authorities without them first having to obtain a warrant or subpoena." (Article Link is the last paragraph below)

"If bars owners don’t install cameras, they risk losing their licenses under the controversial proposal."

"The ordinance calls for bars to have high-definition cameras monitoring in all sections open to the public, including entrances, exits and cash registers. The recordings must produce clear images that can identify suspects in an investigation."

Far be it for me to advocate for more government control of our over regulated lives. But I do think industry standards level the playing field, so that quality companies are competing against other companies that have to meet a minimum quality standard.

An organization, like NICET provides serious testing of a person’s knowledge of the best practices, and organizations like IPVM provide the high quality training. Now provide good security standards (written by security professionals), and I think testing and training companies will rise to fill the installer training gap.

A common theme in this thread is that private industry can regulate itself and the market will weed out the bad apples. To a degree that is true. But I have been on plenty of projects done by quality companies that have put poorly trained people on site. I run across installers that do not understand the basics, like why proper grounding is important, or why you can’t treat CAT 6A cable like 18/2 cable, or the proper way to control a maglock. The results of poor installation practices like these don’t show up when the Owner accepts the project, they show up down the road when they upgrade their 720P camera to a 4K camera and find that the bandwidth is not there, or God forbid, a fire and the maglock won’t open because of a malfunctioning field panel.

So let me clarify my position, yes I support industry standards as a guide to best practices and proper training. But I am not an advocate of the fire industry model, with an AHJ overseeing a process, that they all too often, don’t understand themselves. My preference is to have installer competency requirements, and best practices to follow. I think these alone will help the industry, and the Owners, through the contracting process, upgrade employee training and weed out companies that reflect poorly on the rest of us. This is the model that the Telecom industry has followed, and I think served them pretty well.