Developing and advocating security industry standards have always been a big part of what the Security Industry Association (SIA) is all about. But we realize that we are not alone in these efforts, and many other organizations are working on helpful industry standards that may parallel or even contradict our efforts. This needs to change.
In the past, working with other standards organizations has meant that we at SIA have used our ANSI accreditation to help move the standards process along or give it more credibility. But we realize that this is no longer enough. There needs to be true harmonization of our efforts with the other standards-making bodies to avoid duplication of our efforts and confusing dual or even triple standards. The only thing worse than having no standard at all for something is having three standards for the same thing.
To that end, SIA recently approached two of our fellow standards-making organizations, ONVIF and PSIA, to ask them to join us in harmonizing our standards efforts. In order to clarify what this would mean, Steve Van Till, chairman of the SIA Standards Committee, wrote a white paper, “Harmonizing Standards within the Security Industry.” It is our hope that this paper will be the beginning of a true standards consolidation within the industry — not just for our three organizations, but for any organization that is developing standards or specs for the security industry.
The white paper, which can be viewed on the SIA website (www.siaonline.org), outlines four main principles that we believe are the cornerstones to true harmonization:
Complementarity means making sure we are on the same page with other standards development consortiums so we are not all working on an identity management standard, for example, at the same time. SIA would like to take the lead in trying to map out areas where standards-developing bodies can create single standards for the industry.
Shared reference architecture is one of the key steps to achieving true harmonization. Similar to Windows on a computer, the architecture is the different families of action that the standard is being written for. When you install new software on your computer, you know where to go in Windows to perform similar tasks because the architecture is consistent. In physical security standards, we have our standards and others have different standards, but in order for someone to use these standards they need to know where to find things based on the type. With a consistent, shared reference architecture this will become intuitive no matter what organization the standard is issued from.
Common data definitions are another important step, and one that will need to be approached separately from the reference architecture. SIA’s vision for this is a series of common “data models,” or a collection of data elements that would be used as building blocks to create a standard where all of the language means the same thing across the board.
Use cases are defined events that are common for a particular security application. For example, in access control, if an authorized person wants to enter a facility with a visitor, what is the process within the system? Properly defining these across organizations is one of the most important steps in the standards process.
If these harmonization efforts can become a priority — not just for SIA but for all the security standards organizations — we feel the industry will benefit greatly. For example, the Federal Identity, Credential and Access Management (FICAM)Roadmap and Implementation Guidance is a recent government document that affects the way companies will do business with the federal government in the future. The physical security applications requirements established in this publication are driving the next generation of physical access control systems and how they interact with the rest of the enterprise. And since FICAM specifically references SIA/ANSI OSIPS standards in the recommendations for new federal security systems, it can only help if the related standards in our industry continue to be harmonized with this core set of requirements.