1 of 19 SPECIAL BULLETIN No. 02/05 Guidance on the implementation of British Standards Institution Draft for Development DD 243: 2004 for Installation and configuration of intruder alarm systems designed to generate confirmed alarm conditions – Code of practice (Supersedes DD 243: 2002) DD 243: 2004 bears a publication date of 16 th December 2004 and is available through licensed outlets including NSI who can supply copies at a discounted rate. Compliance with the recommendations given in DD 243: 2004 is mandatory for NSI approved installers of security systems and NSI approved alarm receiving centres. With immediate effect, applicant companies will be assessed against the 2004 edition and any Non- Compliances recorded against clauses of the Standard will have to be satisfactorily addressed before approval can be granted. Existing NSI approved companies will however be given until 1 st June 2005 to fully comply with the amended recommendations. In the interim, observation reports will be issued for any of the newly introduced recommendations that are not satisfied. PURPOSE OF THIS SPECIAL BULLETIN The primary purpose of this Special Bulletin is to draw attention to the main changes introduced by DD 243: 2004 as compared with the 2002 edition. Possession of this Special Bulletin is not a substitute for holding a copy of DD 243: 2004. Other purposes are to provide additional clarification and guidance on the implementation of DD 243: 2004 and to document the transitional period (see above) for NSI approved companies to demonstrate compliance. The content of this Special Bulletin does not modify the recommendations given in DD 243: 2004. Additional guidance, where given, is intended to be helpful. It is not the intention of NSI to impose its own recommended methods of complying with the recommendations of the DD. Where the actual wording of DD 243: 2004 is quoted, it is reproduced in bold text. Where additional guidance is provided, it is reproduced in italic text. Installers are advised to use this Special Bulletin as a resource when seeking the answers to particular issues arising from the application of DD 243: 2004. 2 of 19 SUMMARY OF MAIN CHANGES (Highlighted under the Clauses of the new Standard) GENERAL COMMENT DD 243: 2004 has been written so as to align with British Standards Institution (BSI) Published Document PD 6662: 2004 and the standards called-up under PD 6662: 2004 (such as prEN 50131-1: 2004). This does not prevent security system companies installing to BS 4737, BS 6799 etc during the transition period up until 1 st October 2005, which is permitted “by industry agreement”. FOREWORD Notwithstanding the fact that the Foreword of DD 243: 2004 states that the DD is to be applied on a provisional basis so that information and experience of its practical application may be obtained, the recommendations of DD 243: 2004 are now mandatory as published for NSI approved installers until such time as DD 243: 2004 is amended or superseded by another standard. This is because the UK security industry has adopted the DD and therefore the customers, including the police service, insurers and others, rely on NSI approved companies to deliver compliant systems. 1. SCOPE The scope clause has been amended to show that DD 243: 2004 applies where signalling systems (signalling to an alarm receiving centre (ARC)) require a police response. If a remote-signalling alarm system that does not require a police response incorporates (for whatever reason) alarm confirmation technology, that alarm system should comply with DD 243: 2004 unless otherwise stated in the system design proposal and the as-fitted document. This is for the avoidance of misunderstanding between the security system company and the customer, who might otherwise be expecting compliance. As in the case of DD 243: 2002, hold-up alarms (personal attack alarms) are outside the scope of DD 243: 2004. This does not mean that hold-up devices (deliberately-operated devices) cannot be included as a part of an Intruder Alarm System (IAS) incorporating alarm confirmation technology. NOTE 2 of the Scope Clause draws attention to the fact that the Association of Chief Police Officers of Scotland (ACPOS) intends adopting DD 243 in Scotland. 3. TERMS, DEFINITIONS AND ABBREVIATIONS 3.1 Terms and definitions A definition for ‘as – fitted document’ is included (see 3.1.6 of DD 243: 2004) in place of the term ‘system record’ as previously defined in 3.1.35 of the 2002 edition of DD 243. The ‘system record’ for alarms installed to BS 4737 etc should include all the information that DD 243: 2004 recommends for inclusion – see F.1 of Annex F of DD 243: 2004 for a summary of the information that needs to be included. A definition for ‘ system design proposal ’ is included (see 3.1.33 of DD 243: 2004) in place of the ter m ‘system design specification’ as previously defined in 3.1.34 of the 2002 edition of DD 243. The ‘system design specification’ for alarms installed to BS 4737 etc should include all the information that DD 243: 2004 recommends for inclusion – see F.1 of Annex F of DD 243: 2004 for a summary of the information that needs to be included. 3 of 19 3.2 Abbreviations For ease of reference, the following abbreviations apply in DD 243: 2004 and in this Special Bulletin: ACE Ancillary Control Equipment ALD Audio Listening Device AMD Audio Monitoring Device ARC Alarm Receiving Centre CIE Control and Indicating Equipment HAS Hold-up Alarm System I&HAS Intrusion and Hold-up Alarm System IAS Intruder Alarm System PACE Portable Ancillary Control Equipment VMD Video Monitoring Device WD Warning Device 4 PRIMARY DESIGN AND CONFIGURATION CONSIDERATIONS 4.1 Design Objectives The primary design objectives remain the same as in the 2002 edition. Intruder Alarm Systems (IASs) should be designed, installed and configured: a) to provide effective confirmation facility; b) to minimize the likelihood of false alarms. 4.2 Alarm Confirmation Technology There are three forms of alarm confirmation technology for use with IAS installed in buildings: Audio confirmation technology Visual confirmation technology Sequential confirmation technology However, there is a new requirement: ALL IASs PROVIDING ALARM CONFIRMATION MUST INCORPORATE SEQUENTIAL CONFIRMATION TECHNOLOGY. 4.3 Transmission Fault Signals There is no change to the basic position regarding transmission fault signals. Police may be called if (a) there is a transmission fault followed by an alarm signal (or vice versa) or if (b) there are two transmission faults, each from paths of different technologies (e.g. cable and radio). However, there is now a time limit of 96 hours during a single set period for these events to occur. Also the limitation inherent in relying on a single transmission path is recognised, such that if an installer proposes to connect an IAS to a single transmission path, the installer must include a written warning in the system design proposal (or system design specification) and the as-fitted document (or system record) in bold type as follows: 4 of 19 IMPORTANT Your attention is drawn to the fact that failure or compromise of single path signalling cannot be passed to the police. While the failure persists, subsequent alarms cannot be signalled to the alarm receiving centre and passed to the police. 5 DESIGN, INSTALLATION AND CONFIGURATION OF IASs INCORPORATING ALARM CONFIRMATION TECHNOLOGY 5.2 Design and Configuration of Audio Confirmation IASs 5.2.1 General Normally, audible Warning Devices (WDs) should not activate after an alarm condition, or after an AMD activation, if sounds produced by these WDs may affect the performance of audio confirmation technology, including the ability of the ARC to interpret audio information. There is a new recommendation in sub-clause 5.2.1 of DD 243: 2004 as follows: IASs equipped with audio confirmation of intruder detection should also be configured to generate sequentially confirmed alarms. The detectors installed as part of an IAS equipped with audio confirmation of intruder detection (see 5.2.2) also need to be configured to generate sequentially confirmed alarms (i.e. as a back-up to audio confirmation) in accordance with 5.4 of DD 243: 2004. It is of course permitted to install additional detectors (over and above those needed in relation to audio confirmation) for the purpose of generating sequentially confirmed alarms, as determined by the design objectives. 5.2.2 Audio confirmation of intruder detection A brief description of this technology is that, when a detector is activated, an unconfirmed alarm condition is notified to the ARC and also audio is transmitted from the supervised premises to the ARC for interpretation. Depending on the nature of the audio information, this might or might not lead the ARC to designate the alarm condition as audibly confirmed. The existence of sequential confirmation technology means that the activation of the first detector causes the confirmation time to start so that if a second, independent detector activates within the confirmation time an unambiguous sequentially confirmed alarm is notified to the ARC. See 7.1 of DD 243: 2004 for details of how ARCs handle alarm information from IASs capable of providing audio and sequential confirmation. 5.2.3 Audio confirmation of AMD activation A brief description of this technology is that, when sounds trigger an AMD, audio is transmitted from the supervised premises to the ARC for interpretation. Depending on the nature of the audio information, this might or might not lead the ARC to designate the AMD activation as audibly confirmed. 5 of 19 IASs equipped with audio confirmation of AMD activation must also be equipped with sequential confirmation technology, the design and configuration of which must of course be in accordance with DD 243: 2004. AMDs cannot be used to provide sequential confirmation (see 5.4.4 of DD 243: 2004). Therefore, the sequential confirmation facility needs to be designed separately using additional detectors. 5.3 Design and Configuration of Visual Confirmation IASs 5.3.1 General There is a new recommendation in sub-clause 5.3.1 of DD 243: 2004 as follows: IASs equipped with visual confirmation of intruder detection should also be configured to generate sequentially confirmed alarms. The detectors installed as part of an IAS equipped with visual confirmation of intruder detection (see 5.3.2) also need to be configured to generate sequentially confirmed alarms (i.e. as a back-up to visual confirmation) in accordance with 5.4 of DD 243: 2004. It is of course permitted to install additional detectors (over and above those needed in relation to visual confirmation) for the purpose of generating sequentially confirmed alarms, as determined by the design objectives. 5.3.2 Visual confirmation of intruder detection A brief description of this technology is that, when a detector is activated, an unconfirmed alarm is notified to the ARC and also images are transmitted from the supervised premises to the ARC for interpretation. Depending on the nature of the visual information, this might or might not lead the ARC to designate the alarm condition as visibly confirmed. The existence of sequential confirmation technology means that the activation of the first detector causes the confirmation time to start so that if a second, independent detector activates within the confirmation time an unambiguous sequentially confirmed alarm is notified to the ARC. See 7.2 of DD 243: 2004 for details of how ARCs handle alarm information from IASs capable of providing visual and sequential confirmation. 5.3.3 Visual confirmation of VMD activation A brief description of this technology is that, when disturbances trigger a VMD, images are transmitted from the supervised premises to the ARC for interpretation. Depending on the nature of the visual information, this might or might not lead the ARC to designate the VMD activation as visibly confirmed. IASs equipped with visual confirmation of VMD activation must also be equipped with sequential confirmation technology, the design and configuration of which must of course be in accordance with DD 243: 2004. VMDs cannot be used to provide sequential confirmation (see 5.4.4 of DD 243: 2004). Therefore, the sequential confirmation facility needs to be designed separately using additional detectors. 6 of 19 5.4 Design and Configuration of Sequential Confirmation IASs 5.4.1 Criteria for sequentially confirmed alarm conditions For an alarm condition to be regarded as sequentially confirmed, the IAS needs to be configured so that at least two separate alarm conditions are reported, each originating from an independent detector within the confirmation time. An additional recommendation has been included to clarify the meaning of the term “independent detector”. The text now reads: To be regarded as independent, each detector should report alarm conditions separately to the CIE. In addition, the input signal of one detector should not influence the output of another detector. 5.4.2 Configurations of movement detectors with overlapping areas of coverage that may offer a sequentially confirmed alarm condition Sub-clause 5.4.2 of DD 243: 2002 has been sub-divided into two sub-clauses, 5.4.2 and 5.4.3 of DD 243: 2004, and the substance of these sub-clauses has been changed. Sub-clause 5.4.2 of the 2004 edition deals with configurations of movement detectors with overlapping areas of coverage. Two independent dual technology movement detectors incorporating the same two technologies are still permitted to have overlapping areas of coverage and to be configured to cause a sequentially confirmed alarm. The old (2002) text that detectors should be ‘some distance apart’ is now confined to those movement dete ctors having overlapping areas of coverage. Also, the words ‘far enough apart’ (which appeared in the 2002 edition of DD 243) are absent from the 2004 edition. A separation (between movement detector housings) of 2.5 metres is stated in sub-clause 5.4.2 of DD 243: 2004, but this is specifically in the context of movement detectors with overlapping areas of coverage. The revised text is: Therefore, movement detectors should be located some distance apart, generally with a minimum distance between detector housings of 2.5 m. Where two movement detectors (with overlapping areas of coverage) are located less than 2.5 m apart, and they are configured to generate sequentially confirmed alarm conditions, the installer should: a) Be able to demonstrate that the documented design objective(s) cannot be achieved if the detectors are located a greater distance apart; and b) Monitor false alarms and, in the event of one false alarm occurring due to both detectors reporting alarm conditions to the CIE, take effective action to remove the cause of the false alarm. Where two movement detectors are located more than 2.5 m apart, but with substantially the same areas of coverage, and they are configured to generate sequentially confirmed alarm conditions, the installer should monitor false alarms and, in the event of a false alarm occurring due to both detectors reporting alarm conditions to the CIE, take effective action to remove the cause of the false alarm. 7 of 19 5.4.3 Configurations of movement detectors with no overlapping area of coverage that may offer a sequentially confirmed alarm condition Sub-clause 5.4.3 of the 2004 edition deals with configurations of movement detectors with no overlapping area of coverage. The full text of sub-clause 5.4.3 of DD 243: 2004 is as follows: Where there is no overlapping area of coverage, care should be taken to locate movement detectors so as to minimize the possibility of sequentially confirmed alarms being false alarms, for example due to an environmental effect near to the movement detectors (further information is given in DD/CLC/TS 50131-7: 2003, Annex C). In the absence of a recognized test schedule to evaluate new concepts, the use of two movement detectors of the same technology in a single housing as the confirming element within an alarm system may only be permitted if this is declared at installation and also on the application form for a URN. NOTE Where movement detectors are configured for the purpose of providing alarms that could be signalled as sequentially confirmed, regular walk testing is important. An “NSI Information and Guidance Note on the Use of TMDs” (Form NSF 611), issued by NSI on 29 th December 2004, gives further information and guidance on the rules that apply to TMDs (devices containing Two Movement Detectors in a single housing) – see Annex. 5.4.5 System design proposal and as-fitted document (Previously sub-clause 5.4.4 of DD 243: 2002) There are no significant changes apart from replacing the terms “system design specification” and “system record” with “system design proposal” and “as – fitted document” respectively, as throughout the rest of DD 243: 2004. Installers should state clearly in the system design proposal (or system design specification) and the as-fitted document (or system record) whether the confirmation time will re-start if the first detector to report an alarm condition reports to the CIE again within the confirmation time. The confirmation time does not need to re-start if the same detector reports an alarm condition, but it may re-start if the IAS is designed that way. 6 OTHER MEANS OF MINIMIZING FALSE ALARMS 6.3 Means of Completion of Setting The list of permitted means for completing the full setting procedure is as follows: a) shunt lock fitted to the final exit door; b) push button switch mounted outside the supervised premises; c) protective switch (i.e. door contact) fitted to the final exit door of the alarmed premises or area; d) PACE (see A.1); e) in conjunction with an ARC. The installer is free to use any of the permitted completion of setting means listed in 6.3 a) to 6.3 e) above with any of the permitted means of unsetting (see 6.4 below) provided they are compatible with each other from a system design point of view and provided the likelihood of false alarms is minimized. 8 of 19 “Timed Set” “Timed set” (an exit procedure whereby following initiation of the setting procedure the user has to leave the supervised premises within a set time) is not permitted, as was the case under the 2002 edition of DD 243 and, before that, NACP 14. Protective Switch Fitted to the Final Exit Door It is now mandatory under 6.3 c) of DD 243: 2004 (see above) to incorporate a short delay feature so that “bouncing” of the door contact upon closure of the final exit door does not give rise to a false alarm. Setting in Conjunction with an ARC The procedures for setting in conjunction with an ARC (see 6.3 e) above) need to ensure that a confirmed alarm is not generated, and/or that the ARC does not designate an alarm as confirmed, unless there is high probability of genuine intrusion or genuine attempted intrusion. This means that the ARC must always ask the user to confirm that a full check of the supervised premises has been carried out to verify that (i) the perimeter is secure and (ii) there is nobody left inside the supervised premises. The ARC should not set the IAS until the user has confirmed that the full check of the premises has been carried out. Example: The user contacts the ARC to request that the IAS should be set. There is an agreed exchange of security passwords or codes to verify the identity of the user. When the ARC is satisfied that the IAS can be set (i.e. after full check of the premises), the ARC sets the IAS and there is an indication to the user that the IAS is set. If the IAS does not set, the user needs to investigate the reason(s) why. Setting whereby the user sets the IAS and the IAS transmits a set signal to the ARC is NOT setting “in conjunction with an ARC” because the ARC does not have an active involvement in the setting procedure. Internal Audible Indications Prior to Setting The following recommendation is very similar to the one that appeared in the 2002 edition: Consideration should be given to providing extra internal audible indications prior to setting (so that persons within a building are informed that the IAS is due to be set) and to providing additional ACE (so that if the IAS is set there are means available locally within the supervised premises to unset the IAS). The need to give consideration to providing extra internal audible indications is a clear sign that there needs to be at least one internal audible indication prior to setting (i.e. during the setting procedure) as an aid to minimizing false alarms. Part Setting The text of 6.3 of DD 243: 2004 makes it clear that the means listed in 6.3 a) to 6.3 e) are to be used for completing the FULL setting procedure. It is recommended that wherever possible these means should also be used to complete the PART setting of an IAS, particularly if in doing so the user is leaving the supervised premises via the 9 of 19 usual final exit door having deliberately left part of the supervised premises in an unset condition. However, other means of completing the PART setting procedure may be used, provided the likelihood of false alarms is minimized. 6.4 Means of Unsetting 6.4.1 General As before, under the 2002 edition of DD 243, there are FIVE permitted methods of unsetting and these are described in sub-clauses 6.4.2, 6.4.3, 6.4.4, 6.4.5 and 6.4.6 respectively. For a given installation, the alarm company must select ONE of the FIVE unsetting options and comply with that option. From the point of view of minimizing false alarms, sub-clause 6.4.1 of DD 243: 2004 states that the preferred method is to ensure that confirmed alarms cannot occur at any time after the initial entry door has been unlocked (see 6.4.2 and 6.4.3) or opened (see 6.4.4). In other words, the methods described in 6.4.2, 6.4.3 and 6.4.4 are preferred from the point of view of minimizing false alarms. A new recommendation is included in sub-clause 6.4.1 of DD 243: 2004 as follows: The unsetting option selected for an IAS should be stated clearly in the system design proposal and as-fitted document provided by the alarm company to the customer, and the description should include reference to the appropriate sub-clause (i.e. 6.4.2 to 6.4.6). The alarm company must state the sub-clause number (6.4.2 or 6.4.3 or 6.4.4 or 6.4.5 or 6.4.6) of the relevant unsetting option in the system design proposal (or system design specification) and the as-fitted document (or system record), as part of the description of the option selected. Time Limited Indication of Unset The requirement that there must be a time limited indication to the user that the IAS is unset at the time the IAS is unset still remains and is required for all five methods of unsetting. However, the indication that the IAS is unset must now be an audible or visual indication . Voice Communication with the ARC There is a new recommendation, which is that: Consideration should be given to providing within the entry route a means of voice communication with the ARC . Authorisation Codes As before under the 2002 edition of DD 243, all means of unsetting must comply with the authorisation code requirements of the appropriate standard (e.g. BS 4737 or prEN 50131-1). This includes the case where a lock is fitted to the initial entry door for the purpose of unsetting the IAS. 10 of 19 Table 3 of prEN 50131-1: 2004 is reproduced below for ease of reference: Access lev els 2, 3, 4 Grade 1 Differs Grade 2 Differs Grade 3 Differs Grade 4 Differs Logical key 1,000 10,000 100,000 1,000,000 Physical key 300 15,000 30,000 100,000 Keys Used to Operate Locks In relation to the unsetting options described in 6.4.2 and 6.4.3 of DD 243: 2004, the following are examples of PHYSICAL KEYS used to operate locks. A traditional hand-held key is an example of a PHYSICAL KEY. A single action device (e.g. “swipe card”, “keyfob”, “proximity tag” etc) carrying a security code is an example of a PHYSICAL KEY when used to operate a lock. NOTE: Although the device may look and behave just like “PACE”, the “PACE method of unsetting” is the option described in 6.4.5 of DD 243: 2004 (which does not require the use of a lock with an electrical connection to the IAS). Location of ACE Additional recommendations included in sub-clause 6.4.1 of DD 243: 2004 are: Location of ACE should be consistent with ease of operation. Under normal operation, unauthorised persons should be prevented from observing the unsetting code. Externally mounted ACE should be fitted with tamper detection. The application of physical force to an externally mounted ACE should not be capable of initiating a change of state of the IAS. Additional Locks A further additional recommendation included in sub-clause 6.4.1 of DD 243: 2004 is: For security reasons, the alarm company should advise the customer in writing to consider having additional locks for the initial entry door, independent of the IAS. These additional locks are not intended to have any electrical connection to the IAS. They are intended to be independent of the IAS and it is the user’s responsibility to operate them accordingly. Unsetting from a Part-Set Condition Via the Initial Entry Door: The five means of unsetting described in 6.4.2 to 6.4.6 inclusive of DD 243: 2004 are not limited to unsetting when the IAS is full set. If, when the IAS is part set, entry to the supervised premises is via the initial entry door, then the IAS should be unset by the same method used when the IAS is full set. An example of the above scenario would be where people are asleep upstairs in a dwelling and others come home later at night and enter the supervised premises normally via the 11 of 19 initial entry door. Using the same means of unsetting in part set and full set situations should help towards minimizing false alarms. Via a Route Within the Supervised Premises: If the route to the CIE or ACE is not via the initial entry door (e.g. people in a dwelling come downstairs to unset the IAS), the means of unsetting may need to be different from the means used when entering via the initial entry door. The installer must aim to minimize false alarms, since this is one of the two main design objectives (see 4.1 of DD 243: 2004). One way of minimizing false alarms is to configure the IAS in local audible-only mode when it is PART set. Another way of minimizing false alarms is not to notify confirmed alarms to the ARC when the IAS is PART set. If neither of these ways is acceptable to the customer, the installer should aim to minimize false alarms by using means to unset from a PART set condition that are consistent with the means described in 6.4.2 to 6.4.6 of DD 243: 2004. Example If a security code number is to be entered at CIE or ACE to unset the IAS when PART set, then a detector (such as a movement detector) located on the user’s route within the supervised premises to the CIE or ACE should be positioned so as to disable all means of confirmation when it is activated (see 6.4.4 of DD 243: 2004). 6.4.2 Prevention of Entry to the Supervised Premises Before the IAS is Unset Users must be prevented from gaining entry to the supervised premises before the IAS has been unset. This means that (in the case of this unsetting option) a lock with an electrical connection to the IAS must be used. The scope of the unsetting option described in 6.4.2 of DD 243 has been expanded (compared to the 2002 edition) so as to permit the following: a) A user unlocking the initial entry door causes the IAS to be unset (same as before, under the 2002 edition); OR b) A user unsetting the IAS before entering the supervised premises: Causes the initial entry door to be unlocked (via the electrical connection); or Permits the initial entry door to be unlocked (by the user). The concept that option 6.4.2 can be applied on an area-by-area basis through the supervised premises is not explicitly stated. However, there is a new NOTE that states: NOTE These recommendations also apply when an IAS is divided into separate areas each capable of being independently set. Division into Separate Areas If an IAS is divided into separate areas, each capable of being independently set, the installer should have due regard to the recommendations given in sub-clause 6.4.2 of DD 243: 2002, which were: 1) entry to areas that are set is prevented by locked doors; and 12 of 19 2) unlocking these doors unsets corresponding parts of the IAS; and 3) the status of doors is monitored by the IAS so that the IAS should not set until all relevant doors have been locked. The above applies if 6.4.2 a) is used. Alternatively, if 6.4.2 b) is used (i.e. unsetting the IAS causes or permits the initial entry door to be unlocked), the alarm company should apply equivalent means for ensuring that false alarms on entry are minimized. New recommendations are included in sub-clause 6.4.2 (and also in sub-clause 6.4.3) of the 2004 edition of DD 243 as follows: Forcing open an initial entry door should not: 1) unset the IAS; 2) generate a confirmed alarm signal; 3) cause confirmation technology to be disabled. Means should be provided to detect the forced opening of the initial entry door. This should generate an unconfirmed alarm condition but not generate a confirmed alarm condition. Following the detection of a forced opening of the initial entry door, the activation of a further detection device should then generate a confirmed alarm signal. New recommendations are included in relation to powered locks (see 6.4.2 and also 6.4.3 of DD 243: 2004). A powered lock should remain secure (i.e. no false release) for a minimum of 4 hours in the event of failure of the prime power source. There should be a manual means located inside the supervised premises whereby the lock can be overridden so that persons can exit the supervised premises in an emergency (for example, break glass device or egress switch). The emergency exit device should not be visible or accessible from outside the supervised premises. To provide security in case the lock fails insecure (for example, due to failure of the CIE or an extended period of prime power source failure), the alarm company should agree with the customer the arrangements by which the supervised premises remain physically secure when the IAS is set and include details of these arrangements in the written system design proposal supplied to the customer. A powered lock is sometimes referred to as a “door release”(e.g. a “mag – lock”). Locks such as these rely on a source of power to keep them fully operational. If power fails, the lock can fail secure or insecure depending on the security and/or safety requirements of the customer and the impact of legislation. 6.4.3 Prevention of Entry to the Supervised Premises Before All Means of Confirmation have been Disabled. Users must be prevented from gaining entry to the supervised premises before all means of confirmation have been disabled. This means that (in the case of this unsetting option) a lock with an electrical connection to the IAS must be used. 13 of 19 The scope of this unsetting option (6.4.3) has been expanded (similar to 6.4.2 above) so as to permit the following: a) A user unlocking the initial entry door causes all means of confirmation to be disabled (same as before, under the 2002 edition); OR b) A user disabling all means of confirmation before entering the supervised premises: Causes the initial entry door to be unlocked (via the electrical connection); or Permits the initial entry door to be unlocked (by the user). Division into Separate Areas The concept that option 6.4.3 can be applied on an area-by-area basis through the supervised premises is mentioned by a new NOTE that states: NOTE These recommendations also apply when an IAS is divided into separate areas each capable of being independently set, however confirmation need only be disabled as each area is unset. 6.4.4 Opening the Initial Entry Door Disables All Means of Confirmation In the case of this unsetting option, opening the initial entry door must disable all means of confirmation throughout the supervised premises so that there is no possibility of an audibly, visually or sequentially confirmed alarm at any time after the initial entry door has been opened. Under the 2002 edition, the alarm company needed to advise the customer in writing that all means of confirmation are disabled when the initial entry door is opened and the alarm company needed to obtain written acceptance from the customer of the disabling. This is now changed under the 2004 edition, which calls for the alarm company to reproduce a warning message in the system design proposal (or system design specification) and the as-fitted document (or system record) in bold type immediately after the description of the unsetting method. The warning message to be reproduced is as follows: IMPORTANT Your attention is drawn to the fact that by allowing this method of unsetting, if an intruder succeeds in forcing the initial entry door, the police will not be called, regardless of the intruder’s further progress through the supervised premises. This method of unsetting the intruder alarm might be unacceptable to your insurers. 6.4.5 Completion of Unsetting is Achieved Using PACE There is a new statement at the beginning of the sub-clause as follows: Completion of unsetting using PACE (see also A.1) is an option that should be chosen with care because confirmed alarms are possible if detectors located off the entry route are activated after the entry time expires. In the case of this unsetting option there must be a PACE reader located within the supervised premises . It is permissible to have another PACE reader located outside the supervised premises if all parties are in agreement. 14 of 19 A timed entry procedure must start if the initial entry door is opened before the IAS has been unset. During the entry time it must only be possible to unset the IAS using PACE. There is a new recommendation as follows: If the entry time expires, the IAS may be unset after expiry of the entry time by means of a security code or number at the CIE or ACE located within the supervised premises. However, this should occur only in exceptional circumstances, for example if PACE fails to operate. Unsetting by means of a security code or number after expiry of the entry time is an abnormal way of unsetting the IAS (in the case of option 6.4.5) and is for exceptional circumstances only (e.g. if PACE fails to operate). This is a user responsibility, but installers and ARCs can help by reviewing the method of unsetting with the customer if it is discovered that users are mis-using the facility. There is another new recommendation as follows: If a false (i.e. confirmed) alarm occurs as a result of user entry to the supervised premises, the alarm company should take appropriate steps to minimize the chances of more false alarms, for example by offering user training and/or offering to change to one of the other means of unsetting. The alarm company should keep records of having taken such steps in all cases. 6.4.6 Unsetting is Carried Out in Conjunction with an ARC Example A user contacts the ARC to request that the IAS should be unset. There is an agreed exchange of security passwords or codes to verify the identity of the user. When the ARC is satisfied that the IAS can be unset, the ARC unsets the IAS and there is an indication to the user that the IAS is unset so that the user knows it is possible to enter the supervised premises without causing an alarm. Unsetting whereby the user unsets the IAS and the IAS transmits an unset signal to the ARC is NOT unsetting “in conjunction with an ARC” because the ARC does not have an active involvement in the unsetting procedure. 7. HANDLING OF ALARM INFORMATION BY ARCs 7.1 Designation of Alarm Signals from IASs Capable of Providing Audio Confirmation An additional recommendation has been included at sub-clause 7.1.2 (audibly confirmed alarm signals): If sounds are inconclusive with regard to intrusion or attempted intrusion into the supervised premises, the alarm signal should not be designated as being an audibly confirmed alarm signal and the ARC should wait to see if a sequentially confirmed alarm occurs. Similarly, an additional recommendation has been included at sub-clause 7.1.3 (audibly confirmed AMD activations): 15 of 19 If sounds are inconclusive with regard to intrusion or attempted intrusion into the supervised premises, the AMD activation should not be treated as an audibly confirmed alarm signal and the ARC should wait to see if a sequentially confirmed alarm occurs. 7.2 Designation of Alarm Signals from IASs Capable of Providing Visual Confirmation A new recommendation has been included at sub-clause 7.2.2 (visually confirmed alarm signals): If images are inconclusive with regard to intrusion or attempted intrusion into the supervised premises, the alarm signal should not be designated as being a visually confirmed alarm signal and the ARC should wait to see if a sequentially confirmed alarm occurs. Similarly, an additional recommendation has been included at sub-clause 7.2.3 (visually confirmed VMD activations): If images are inconclusive with regard to intrusion or attempted intrusion into the supervised premises, the VMD activation should not be treated as a visually confirmed alarm signal and the ARC should wait to see if a sequentially confirmed alarm occurs. 7.3 Designation of Alarm Signals from IASs Capable of Providing Sequential Confirmation An additional explanatory NOTE has been included: NOTE The presentation of an unambiguous sequentially confirmed alarm signal to the ARC operator means that the signal processing is done either by the CIE or by equipment at the ARC, not by the ARC operator. 7.4 Alarm Filtering 7.4.1 Application of Alarm Filtering Changes have been made to reflect those already given earlier in sub-clause 4.3 regarding alarm transmission faults. Therefore: Alarm filtering of an unconfirmed alarm need not continue if the ARC receives a transmission fault signal from the same supervised premises during the same set period up to a maximum of 96 hours after the alarm has been received. 7.4.2 Method of Alarm Filtering NOTE 2 of sub-clause 7.4.3 of DD 243: 2002 has been raised to a full recommendation in DD 243: 2004 as follows: Where an ARC carries out monitoring of setting and unsetting of an IAS, the police should not be called to respond in relation to user deviation from the agreed time schedules for setting an unsetting. The ARC should contact the customer and/or other users/keyholders as agreed with the customer. Also the wording of the fourth paragraph of DD 243: 2002 has been strengthened so that in DD 243: 2004 (fifth paragraph) it reads as follows: The alarm company should advise customers in writing that if a mis-operation signal or an unset signal is received by the ARC, within the specified alarm filtering delay, then the ARC will cancel the alarm and regard the alarm as a false alert. 16 of 19 ANNEX A (NORMATIVE) – OF DD 243: 2004 FURTHER RECOMMENDATIONS FOR DESIGN, INSTALLATION AND CONFIGURATION OF IASs INCORPORATING ALARM CONFIRMATION TECHNOLOGY A.1 Portable ACE Used for Setting and Unsetting A.1.1 General The recommendations in DD 243: 2004 for Portable ACE (PACE) are substantially the same as those in DD 243: 2002. However, there are some editorial changes and some technical changes. The following paragraphs identify some of the changes. DD 243: 2002 recommended “ suitable feedback to provide acknowledgement that the setting or unsetting operation has been successfully completed.” The word “feedback” has been changed to “indication”. This means that the user must be provided with a suitable indication (e.g. audible or visual) that the setting or unsetting operation has been successfully completed. DD 243: 2002 recommended “Self -powered portable ACE should report a low battery condition to the CIE (via ACE where applicable), no less than 25 times before the battery fails, each time the portable ACE is used for unsetting.” The corresponding recommendation in the 2004 edition is: If a low battery condition occurs, self-powered PACE should report the condition to the CIE (via ACE where applicable), each time the PACE is used for unsetting. While low battery condition exists, this report should be made on each unsetting event for a minimum of 25 such events, over a period not exceeding 1 month. In circumstances where a user can complete the unsetting procedure from a location more than 1 metre away from the receiver, PACE must still employ a rolling code. The precise requirements for rolling code are not specified in DD 243: 2004. However, it is suggested that there should be at least 1,000 differs, which is the minimum value for logical keys given in Table 3 of prEN 50131-1: 2004 for IASs installed to Grade 1. A.1.2 Portable radio ACE (Radio PACE) The NOTE in the 2002 edition drawing attention to the regulations for products employing radio frequency transmission has not been retained in the 2004 edition. This does not mean that manufacturers can ignore the applicable regulations or that installers can use radio equipment that does not comply with the regulations. Ofcom, the Office of Communications, assumed the duties of the former Radiocommunications Agency on 29 December 2003. Further information is available at www.ofcom.org.uk . A.3 Reinstatement of the IAS The following recommendation appears in A.3.1 of Annex A: If a second independent detector does not activate within the confirmation time and the confirmation time expires (i.e. during the set period), the IAS should be reinstated so that again if one detector activates, an unconfirmed alarm occurs and the confirmation time starts. 17 of 19 Confirmation time and reinstatement are features of sequential confirmation technology and they now apply to all IAS under DD 243: 2004, not just to IAS equipped with sequential confirmation technology only. The IAS reinstates automatically during the set period if a sequentially confirmed alarm does not occur within the confirmation time. If the IAS is unset before expiry of the confirmation time, then reinstatement does not need to occur. A.3.1 IAS Incorporating Sequential Confirmation Technology Only DD 243: 2002 recommended “After the IAS has been set, if one detector (not on the entry route) activates, an unconfirmed alarm should occur and the confirmation time should start”. The corresponding recommendation in the 2004 edition is: After an IAS incorporating sequential confirmation technology has been set, if one detector activates an unconfirmed alarm should occur and the confirmation time should start. A reason for removing the words “not on the entry route” is because if someone breaks into the entry route of the supervised premises via an abnormal route of entry, then a detector on the entry route should activate and an unconfirmed alarm should occur and the confirmation time should start. The recommendation in DD 243: 2002 that “relevant detector(s) should be isolated” has been changed to detector(s) remaining in alarm condition at the expiry of the confirmation time should be inhibited. The change to “inhibited” is consistent with the definition of “inhibit” given in 3.1.32 of prEN 50131- 1: 2004, which is “status of a part of an I&HAS in which an alarm condition cannot be notified, such status remaining until the I&HAS or part thereof is unset”. DD 243: 2002 recommended that the actions to be taken by the ARC upon receipt of a signal indicating that a detector has been isolated should be agreed with the customer and the ARC. The corresponding recommendation in the 2004 edition is: The ARC should inform a keyholder that detector(s) in the IAS are inhibited. A new recommendation is included in the 2004 edition as follows: The number of events recorded from any single source should be limited to three during any confirmation period, therefore the number of events recorded from any single source may exceed three in any set period. Attention is drawn to the fifth paragraph of sub-clause 8.10 of prEN 50131-1: 2004, which states “The number of events recorded from any single source shall be limited to three during any set period”. The recommendation now included in DD 243 : 2004 about the number of events is not intended to modify or alter the provisions of prEN 50131-1. 18 of 19 A.3.2 IAS Incorporating Sequential Confirmation Technology and either Audio and/or Visual Confirmation Technology Sub-sections A.3.2 and A.3.3 of Annex A of DD 243: 2002 have been amalgamated together and revised because the old A.3.2, which dealt with IAS incorporating audio and/or visual confirmation technology, is not longer relevant on its own because all IAS now have to include sequential confirmation technology. New recommendations have been included in A.3.2 of the 2004 edition as follows: If the ARC does not designate the unconfirmed alarm as audibly confirmed or visually confirmed, the ARC should normally wait to see if a sequentially confirmed alarm is presented within the confirmation time. The ARC operator may however reinstate the IAS before expiry of the confirmation time provided the technology permits and there is written agreement from the customer. A similar recommendation is in place regarding the treatment of AMD activations and VMD activations. The ARC may isolate detectors giving rise to repetitive alarms, for example due to a fault, if there is written agreement for this from the customer. The ARC should communicate each case of detector isolation to the keyholder as soon as possible. A similar recommendation is in place regarding the isolation of AMDs and VMDs giving rise to repetitive alarms. A.4 Restoring Following an Alarm Condition Section A.4 of Annex A of DD 243: 2004 has been divided into two sub-sections A.4.1 and A.4.2. A.4.1 General Sub-section A.4.1 (General) deals with the situation where I&HAS have been installed to European Standards (prEN 50131-1: 2004 etc) under the scheme described in PD 6662: 2004. It si mply states that the IAS should be “restored” after an alarm condition has occurred. The term “restore” is defined in 3.1.56 of prEN 50131 -1: 2004 and is repeated in 3.1.27 of DD 243: 2004. The definition is: restore procedure of cancelling an alarm, tamper, fault or other condition and returning the I&HAS to a previous condition NOTE This was previously known as “reset”. The requirements for restoring I&HAS (e.g. at the appropriate user Access Level) are given in prEN 50131-1: 2004. Further details about the Access Levels at which I&HAS may be restored are given in Table E.2 of Annex E of PD 6662: 2004 (which modifies Table 6 of prEN 50131-1: 2004). 19 of 19 A.4.2 Resetting of IAS Maintained in Accordance with BS 4737-4.2 Sub-section A.4.2 of deals with the resetting of IAS maintained to BS 4737. There are no significant changes compared with A.4.1 of DD 243: 2002. In the case of IASs installed to comply with DD 243 and BS 4737, “customer reset” is permitted in the following circumstances: a) After any alarm condition (unconfirmed or confirmed) when the chosen means of unsetting the IAS is in accordance with 6.2.4 or 6.4.3 or 6.4.6 of DD 243: 2004. b) Only after an unconfirmed alarm when the chosen means of unsetting the IAS is in accordance with 6.4.4 or 6.4.5 of DD 243: 2004. In other circumstances, “reset” must be by means not normally available to the customer. ************ 20 of 19 ANNEX TO NSI SPECIAL BULLETIN 02/05 – NSF 611 AN NSI INFORMATION AND GUIDANCE NOTE ON THE USE OF TMDs