5 Regulations Driving Business for Systems Integrators

In a previous issue of TSI eNews, we looked at regulations that can cut into integrators’ profits. While varying regulations implemented by local authorities can be counter-intuitive and cumbersome to keep up with as well as result in fines and extra expenses for integrators, more widespread regulations can also drive business for systems integrators.

As part of the PSA-TEC sponsored and organized education track at ISC West this year, a panel discussed legislation, standards and regulations that are driving business for integrators in the security industry. The session, titled, “Market Drivers – Regulations that are Driving Business to the Security Marketplace” explored various new regulations; among them, five regulation initiatives stood out as significant opportunity creators.

The session began by highlighting how standards such as the CP-01 intrusion control panel standard have driven sales as municipalities specify compliance requirements. The standard was developed by the American National Standard Institute (ANSI) in order to reduce false alarms in protected premises — whether that be a commercial or residential building. “This is a standard that has driven business in terms of municipalities requiring products that meet CP-01,” said Joe Gittens, manager of standards at The Security Industry Association (SIA). “What happens is if buttons are too close together, or if you need more than three fingers to arm or disarm, things like that have caused many false alarms and false duress signals.

“Many municipalities were reacting by not responding,” Gittens continued. “In order to stop that, panels became CP-01 compliant. As we move forward, there are things we can look at in terms of how standards like this can help drive business when it comes to audio verification, and video verification of alarms as well as PERS. This is where we’re looking to drive business and create the standard to stop non-response.”

Video Verification

Municipality ordinances and police department policies that deal with non-response have garnered a fair amount of attention in the past year. There are certainly advantages and disadvantages to these changes but to integrators who have embraced verification technology, there is also opportunity.

An integrator based in Boston spoke up about how a priority response ordinance has helped his company sell video verification systems. “The city of Boston last year re-wrote its rules for alarm response. If you have a video verification alarm system, the city of Boston now responds quicker than they do if you have a regular alarm system. So when we’re selling systems in Boston, we let clients know that if they’re not looking at video verification, they’re literally telling us they want a system that’s going to get them slower response. And that has obviously helped to drive business.”

Verification requirements for police response vary widely across the country and even from one city to the next. Integrators can become involved with the different state associations to stay up to date on new and existing ordinances and policies.

Family Educational Rights and Privacy Act (FERPA)

John Hunepohl, director of education for ASSA ABLOY Door Security Solutions, explained that due to ASSA ABLOY’s heavy participation in the education market, it has come up against the Family Educational and Privacy Act on various occasions.

Hunepohl explained that at its most basic, FERPA dictates that “If you’re storing information on students, you have to secure that data. And it sort of intertwines with HIPAA and a few other regulations. Recently, Blue Cross Blue Shield was fined with $1.5 million for loss of information because someone came in and stole the computers. A lot of the time when you think of cybersecurity, you think of people hacking things. But the issue is they can come and steal your computers.”

FERPA governs what information can be shared about students, how it must be protected, who can access it, and the rights to disclose the information. To learn more, visit www.ed.gov.

“If you’re selling access control and you have student data in that university or school system, then you have to protect that data and also the computer that contains that data,” Hunepohl continued. “A lot of times we deploy systems and there is a main server and a number of work stations, and the server is not being guarded. We as an industry need to take a step back and look at that because we don’t want to be fined $1.5 million because somebody stole a computer.”

In addition to protecting the data stored within a school or other education facility, access control systems are also affected by FERPA. Hunepohl commented, “The other thing that applies to the systems integrator is that if you’re creating an ID card, you need to understand this act because it tells you what kind of data you can put on that ID card. If there is anything in that ID card that can be used to gain access to those student records, such as a social security number, then you have to redesign that card.”

Both Hunepohl and Tim Brooks, eastern regional manager at PSA Security Network, noted that there is opportunity when it comes to onerous regulations that can become very costly for systems integrators to become subject-matter experts and trusted advisors to their clients. “If they can count on you to bring them solutions and knowledge, that’s value and it’s power so that you can set yourself apart from the competition,” Brooks added.

Mass Notification & Emergency Communications

Chris Peckham, vice president of Technology Initiatives and Special Projects, Kratos/HBE, noted that regulations requiring evacuation procedures, provide another opportunity for integrators to become a source of needed expertise. “In New York specifically, there’s a local law that says certain high-rises have to have an emergency evacuation plan. They have to drill on it and it must be documented. So there is a compliance need for this type of system.” If there is a notification of something — whether it be a fire alarm, chemical, or other hazard — there’s a specific notification and evacuation process that’s driven from that alarm event, Peckham said.

Another integrator in the audience expressed that there are considerable differences between what a security company would deem an effective mass notification system and a system that will limit liability for the client. “We had a large, multi-national corporation we were doing a mass notification project for. After months of working on it, it went through their final legal review and the lawyers said, ‘Absolutely not. Because if we tell the people to leave the building and a shooter is outside, then we’re liable. If we tell them to stay inside the building and the shooter comes inside, we’re liable. But if we only tell them there’s a threat and you’re on your own, then we can defend that in court.’ Can you imagine that?”

Gittens added that opportunity for integrators is in exploring the various communications channels available. For example, in a college campus, students may have access to e-mail, text messaging or social media such as Twitter and Facebook, and integrators should account for all of these possibilities as well as reasons why each might fail in an emergency. “A lot of times when emergencies happen, it’s the way the message is relayed that makes a difference,” Gittens said.

For information, visit www.mnec.org and www.securityoncampus.org.

Food Quality Protection Act

Hunepohl explained that the Act was originally passed in 1996 and originally covered only pesticides and the agricultural market. More recently, terrorist threats were brought to the forefront and legislators repurposed and extended the Act to take steps in securing the food chain. Hunepohl added that regulations are currently in flux and this is the time for integrators to become involved and educated in order to be able to bring solutions to the food industry that will help clients secure their operations.

An integrator from the audience commented that association in the food industry are already enforcing requirements. “The American Institute of Bakers and the Food Defense Initiative are very prolific and it is a gold mine for integrators,” he said. “They’re passing these requirements down to even packaging and processing facilites… They’re doing a lot of work to secure the processes and the raw materials.”

For information, visit www.epa.gov.

Chemical Facility Anti-Terrorism Standards (CFATS)

“We did a lot of work with CFATS, especially initially. It was booming at the beginning because the standards were very exacting and there were a lot of opportunities for integrators to play into that because technology was one of the drivers,” an integrator explained. “You had to have things like dedicated real time monitoring so alarm-type events weren’t acceptable. There had to be someone actively interacting with the event.” Activity stemming from this regulation has tapered off, however, and a large part of down comes down to government funding to enforce the standards as well as agreement on the technology pieces, Peckham said. “The demand generator that everyone thought it would be, just didn’t play as expected. That being said, the root of what it was trying to do in securing the chemicals and materials is an excellent idea.”

The same integrator added, “It’s not really dead yet. It’s just bogged down in Congress with no funding… This is something I personally believe will come back. It’s a cyclic issue and it’s at the bottom of one of those cycles. But there is still a lot of opportunity and integrators will play a huge part in the successful application and approval of CFATS plans.”