A member has asked us what is the best way to prevent a user getting stuck with a closed or proprietary system when issuing an RFP. It's a good question because typically RFPs just require a system to be 'open architecture' without any further qualification, while most systems are sufficiently complex that they can claim to be 'open' even if they are mostly closed.
To properly specify openness, I believe one needs to (1) carefully define what elements need to be and (2) how they are opened.
What Elements Need to Be Opened
A VMS, for instance, can (hypothetically) be integrated with lots of third party devices (from cameras to recorders to analytics to PoS to PSIM to access control, etc.). First, and foremost, any and all systems one would like to have the option to integrate with 'openly' should be defined in the RFP (e.g., "The VMS must have an open architecture facilitating integration with A, B, C, D, etc.").
How They Are Opened
The typical way vendors confirm they are open is by waving their API / SDK, saying that with it, one can integrate anything. You should be more specific, require that a specific set of APIs be available to integrate with what whatever other systems you desire (e.g., cameras, recorders, analytics, PoS, etc.).
Also, beware and specify the availability of the API / SDK, for instance that the API will be available at no additional charge to whatever third party device you request it to be provided to (Note: this is critical for the end user but something the manufacturer may fight over as they often want to control who has access to their API)
Alternatively, you might specify openness via a 'standard' like ONVIF. While including ONVIF specifically is better than a generic 'open architecture' requirement, you should even be more specific:
- Weak: Must support ONVIF
- Better: Must support ONVIF Profile S
- Best: Must demonstrate ONVIF Profile S support on the ONVIF official conformance list
As you define it in more detail, you close loopholes (like older versions of ONVIF, claims of ONVIF support, etc.).
Finally, the true test of open architecture is what third party devices a product already supports. Do not be fooled by 'sure we can integrate with other stuff in a few weeks'. To that end, require a list of (5) or (10) third party offerings that the product currently integrates with in production for each category you care about (list 10 IP camera manufacturers or 5 access control platforms, etc.).
What Do You Think?
Agree/disagree. Add more?