NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 1 of 13 Dated: 27 December 2007 To: All NSI ARC Gold Approved Companies and all Applicants for ARC Gold Approval TECHNICAL BULLETIN No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security British Standards Institution (BSI) has published BS 5979:2007 (Incorporating Corrigendum No. 1) “Remote centres receiving signals from fire and security systems – Code of practice”. Attention is drawn to NSI Technical Bulletin No. 0006, which gives guidance on the implementation on BS 5979:2007 as a whole. The purpose of this document is to give guidance on the application of the last paragraph of sub- clause 5.1.1.3 of BS 5979:2007, which states: An ARC that became operational prior to 30 June 2008, and which relied on layered security to achieve compliance with the year 2000 edition of this standard, can continue to use layered security, provided an equivalent standard of protection is achieved compared with the physical means set out in this clause. The year 2000 edition (and also the 1993 edition) of BS 5979 permitted other methods such as layered security to be used in accordance with a NOTE at the end of sub-clause 5.1.1.3, which read as follows: NOTE: The physical protection described above has traditionally been accepted as the means for ensuring that an alarm receiving centre is resistant to attack. However, an equivalent standard of protection may be achieved by other methods, such as layered security. Guidelines on the application of the above-mentioned NOTE at the end of sub-clause 5.1.1.3 of BS 979:2000 were originally developed by NACOSS following the publication of BS 5979:1993 and were contained within a document called NACOSS Technical Memorandum NATM.4. This Technical Bulletin (No. 0007) supersedes NATM.4 (Issue 3), which is withdrawn. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 2 of 13 This Technical Bulletin provides guidance for NSI Inspectors where there is a request from a company whose ARC became operational prior to 30 June 2008 to invoke the option of using layered security in the context of an application for NSI ARC Gold approval against BS 5979:2007. Note 1: This Technical Bulletin differs slightly from the text of NATM.4 (Issue 3) issued on 16 March 2001. Apart from minor editorial changes, a sideline in the margin indicates the amended text. Note 2: The content of this Technical Bulletin may be reviewed in the light of field experience of the use of these guidelines. 1 INSPECTION METHOD Where a company wishes to invoke the Note which appeared at the end of 5.1.1.3 of BS 979:2000, the company must demonstrate to the satisfaction of NSI that the Alarm Receiving Centre (ARC) became operational before 30 June 2008 and that plans to develop the ARC were drawn up based on the content of BS 5979: 2000 (i.e. prior to BS 5979:2007 being published). TWO INSPECTION VISITS are normally carried-out as part of the application process, generally following the sequence set out below, the two visits being separated in time. Step 1 (FIRST INSPECTION) The Inspector should first assess the ARC against the physical protection criteria set out in the main body of 5.1.1 (walls, floors, ceilings of shell), and in 5.1.2 (lobby, entrances and exits), 5.1.3 (key transfer hatches), 5.1.4 (glazing), 5.1.5 (ventilation), 5.1.6 (breaches due to service cables or pipes), 5.1.7 (surveillance of approaches and identification of visitors), and against the physical security and protection criteria for stand-by power plant and cables set out in 5.1.10. Step 2 (REPORT AT CLOSE OF FIRST INSPECTION VISIT) The Inspector should identify and note any improvement needs against the above criteria. Step 3 (COMPANY PREPARES DOSSIER DESCRIBING ITS LAYERED SECURITY) Where a company considers that (notwithstanding a particular improvement need which has been identified) “an equivalent standard of protection” has been achieved by other means, the company should specify to the Inspector the means by which (in the opinion of the company) such protection is afforded, and should provide a dossier setting out what these means are, and describing them in detail. The dossier should include suitable verbal descriptions and/or sketches showing the boundaries of the areas of protection afforded by any layered security or similar arrangements, as well as describing the arrangements themselves. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 3 of 13 Step 4 (SECOND INSPECTION) The Inspector should then extend his enquiries by assessing and reporting upon the provisions that the company has identified to him. The Inspector should pay particular attention to establishing and reporting the facts relating to any provisions or facilities that are identified to him. Step 5 (APPRAISAL BY NSI OF COMPANY’S DOSSIER AND NSI INSPECTOR’S REPORT) Judgement as to whether “an equivalent standard of protection” has been achieved will be made at Sentinel House, having regard to the general guidelines identified below and the Inspector’s recommendation and report. Note: Normally, the ‘official’ part of the first visit ends after Step 2, to give the company opportunity of considering the improvement needs that have been identified and deciding whether to overcome them by traditional means, or to rely on “other methods, such as layered security”. [The Inspector may usefully continue informally to discuss possible options and to make a provisional inspection of any layered security or similar arrangements that are already in place]. Where the company seeks to rely on “other methods, such as layered security”, its personnel should then prepare the dossier referred to in Step 3 above and submit a copy of it to the NSI office. Step 4 would then follow as a second visit. It may sometimes be possible to complete the task through to Step 4 at one visit, where the company has previously been aware of improvement needs against the traditional criteria, and has addressed them by having already prepared a dossier (as in Step 3 above) describing its layered security (or other) arrangements and how in its opinion these arrangements provide an equivalent standard of protection. 2 PRINCIPLES APPLIED BY NSI IN ASSESSING WHETHER AN EQUIVALENT STANDARD OF PROTECTION HAS BEEN ACHIEVED BY OTHER METHODS SUCH AS LAYERED SECURITY In considering the adequacy and effectiveness of any “layered security” arrangements (or the adequacy and effectiveness of “other methods” of providing an equivalent standard of protection), NSI will have regard primarily to the ability of the arrangements (or “other methods”) to RESIST or DELAY a criminal attack aimed at disabling the operating room of the ARC and/or aimed at disabling the essential services to that monitoring room. The TEST is whether the arrangements employed can be more readily or more quickly overcome or compromised than can a “traditional” robustly constructed ARC. It should be noted that a “traditional” BS 5979 ARC incorporates perimeter protection (i.e., protection against entry to the interior of its shell) of the following three types: (i) Physical security (i.e., resists or delays successful attack) NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 4 of 13 Among the “traditional” provisions for resisting or delaying successful attack [item (i) above refers] are: robust shell, robust doors, entrance lobby, no windows or minimal windows with special glass, protected ventilation system, protected electricity cables, protected telecommunications cables, standby batteries located within shell. (ii) Access control (i.e., means for distinguishing between authorised and un- authorised applicants for entry, and for ensuring only authorised applicants are permitted entry) Among the “traditional” provisions for access control are: cameras monitoring outside walls/approaches, emergency exits, etc., provision of a “holding” lobby with provision to view the inside of the lobby, procedures for authorising/accompanying persons applying to enter. (iii) Intruder detection (i.e., draws attention to an attempt by un-authorised person to “force” entry, or to gain entry by stealth) Among the “traditional” provisions for intruder detection are: the above access control provisions, plus an alarm system which detects forcible attack upon shell, attempted entry via ventilation channels, fire doors, etc. It will be apparent that provisions of the types exemplified in (ii) and (iii) above do not and cannot OF THEMSELVES substitute for physical protection. In the absence of physical protection, an attacker would quickly force through multiple layers of access control and, although detected, the company would be unable to prevent the attacker from penetrating to the operating room of the ARC. A crucial feature of physical security is the TIME DELAY that such security provides in resisting a criminal attack. In assessing any layered security arrangements, therefore, one must always look at physical security provisions such as: ** If a receptionist/guard is relied upon as part of the layered security, are reinforcements readily to hand and will they be alerted and attend in time to defeat the attack; if so, are they likely to be sufficient to defeat the attack? (what are their instructions and what can reasonably be expected of them if threatened with a firearm or imitation firearm?) If there are not reinforcements readily to hand, is there some effective means for the receptionist/guard to trigger the remote ‘locking’ of robust interior doors so as physically to obstruct the progress of the attack? [In the case of an ARC within a very large protected building, site or compound, the time it would take intruders to progress from the point where they have been detected (and an alarm raised) may be taken into account, but only if there is a reasonable expectation that the police (or other appropriate enforcement authority) would arrive in force before the intruders had progressed as far as entering the monitoring room of the ARC]. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 5 of 13 ** If access controlled doors/turnstiles are relied upon, are they robust against being forcibly overcome? Are there alternative weaker paths to circumvent the control point, (e.g. use of fire escape routes, breaking through ‘plasterboard’ walls or through permanently locked doors that are of weak construction [such as ordinary panel doors], climbing over fences, turnstiles, etc.)? Overall, taking the TOTALITY of the arrangements, and contemplating various scenarios of attack, the aim is to give the same degree of resistance/delay as is given by a “traditional” BS 5979 ARC. If that is achieved, then the requirement of the NOTE (i.e. “an equivalent standard of protection”) is satisfied. Care must be taken to avoid looking for a higher overall standard of protection and to avoid requiring the arrangements to resist forms of attack (or severity of attack) that a “traditional” ARC complying with BS 5979 would be unlikely to be able to resist. NOTE: When assessing a layered security alternative to BS 5979 traditional methods, one should always look for and include consideration of the security of the WEAKEST ROUTE of entry/attack. 3 SPECIFIC EXCLUSIONS The NOTE at the end of 5.1.1.3 is not regarded as justifying relaxation of the fire resistance criteria (set out in 5.1.1.1). These criteria are to be satisfied in full in all cases. There should be evidence that the fire protection arrangements are acceptable to the local fire brigade (or other competent person). 4 CLASSIFICATION OF ZONES OF PROTECTION For the purpose of these guidelines the following system of classifying zones of protection is used: Zone 1 (Un-Protected): means an area which a member of the public can in practice readily enter (whether a public right of way or private land that the public ought not to enter). Parts (or all) of a zone 1 area may be under constant surveillance (e.g. by means of CCTV cameras); the existence of such surveillance does not of itself cause the area to be re- classified to a higher zone. Parts of a building to which in practice there is public access are regarded as zone 1 areas. Examples include customer areas of shops, showrooms, etc. and parts of offices into which general customers are routinely taken. An area is designed “zone 1” if there is a reasonable prospect of an un-authorised person without means of identification successfully entering the zone. The person may lie about the purpose of his visit, but he does not carry falsified documents and he has not made a prior appointment. The person may drive or walk into areas or through gates, fences, walls, turnstiles, etc. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 6 of 13 NOTE: A zone 1 area may be within a building, or it may be an area of land/ground (which need not be bounded by fences, walls or other barriers). Zone 2 (Lightly Protected): means an area which a member of the public cannot in practice readily enter. An area is designated zone 2 if there are effective means for ensuring that an un-authorised person is prevented from entering, either (a) by physical barriers (such as locked doors, high walls, locked high gates, high fences), or (b) by his intended entry route being via a checkpoint at which a human operator (guard, receptionist, etc.) is stationed. Where (b) applies, the procedures or staff regulations must be such that the checkpoint operator does not permit entry unless reasonable authentication of the applicant’s genuineness is obtained (e.g. presentation of identity card showing the person to be a member of staff, requiring that invited visitors are validated by the staff member who has invited them, etc.) NOTE: A zone 2 area may be within a building, or it may be a bounded area of land/ground. Zone 3 (Protected): means an area meeting the requirements for zone 2, but which ADDITIONALLY satisfies the following requirements: ** There is continuous surveillance (without blind spots) of all locked doors, high walls, locked high gates, high fences, and the like, and surveillance of all entry check points, by CCTV or similar, the arrangements for viewing of the CCTV screens being such that it is likely that an attempted intrusion will be detected by or brought to the attention of zone 5 operators. ** There are effective means for dealing promptly with an incident such as someone ignoring, pushing past or threatening the checkpoint operator. Such means should normally include the following: *** means for alerting zone 5 operators that there is an emergency *** EITHER ability to summon reinforcements in time to apprehend the intruders before they have penetrated to an area of risk OR ability to remotely ‘lock’ doors along the path between the control point and an area of risk, so as to bar the progress of the intruders *** procedure for dealing with the case of the checkpoint operator being threatened with firearms or imitation firearms NOTE: A zone 3 area may be within a building, or it may be a bounded area of land/ground. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 7 of 13 Zone 4 (Heavily Protected): means an area within a building, the area complying with the following criteria: *** There shall be only one door giving access (entry) to the zone 4 area. There may however be fire exit doors permitting exit from the zone 4 area, but these doors shall not be provided with means for opening them from outside the zone 4 area. (This does not prohibit provision for the fire exit doors to be unlocked in emergency from outside the zone 4 area by means of a key or combination code that is kept in a burglary resistant safe or vault under protocols similar to those set out in BS 5979:2007 for emergency keys or combination symbols). ** The door giving access to the zone 4 area shall be access-controlled (e.g. by card access or PIN keypad) the protocols being such that access is restricted to the security department personnel of the company, visitors accompanied by such personnel, and specified senior managers and directors of the company. The protocols shall be such that routine visitors such as job applicants, representatives of suppliers and prospective suppliers, customers and prospective customers, etc. do not enter the zone 4 area, (unless, exceptionally, there is specific reason authorised by a security manager for them to enter). ** The door giving access to the zone 4 area shall be of at least class B construction. Any fire exit doors shall be of corresponding construction. Where such a door opens to an area of zone 1 or zone 2, the door shall be of class A construction, and such a door shall be outward opening, or so installed that it is no less resistant to being forced than an outward opening door. Any fire exit doors shall be of corresponding construction. ** Walls separating a zone 4 area from an area of zone 1 shall be of at least class A construction, (except that if the zone 1 area is at least 6 metres above the ground and there are no ledges, lower roofs, etc., that would aid access, then walls shall be of at least class B construction. Walls separating a zone 4 area from an area of zone 2 shall be of at least class B construction. Walls separating a zone 4 area from an area of zone 3 shall be of at least class C construction. ** Floors and ceilings separating a zone 4 area from an area of zone 1 shall be of at least class A construction, (except that in the case of ceilings which are more than 6 feet above the ground and which are on the top storey of a building, if there are no ledges, lower roofs, etc., that would aid access, then such ceilings shall be of at least class B construction). Floors and ceilings separating a zone 4 area from an area of zone 2 shall be of at least a class B construction. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 8 of 13 Floors and ceilings separating a zone 4 area from a zone 3 area shall be of at least class C construction. ** Glazing separating a zone 4 area from an area of zone 1 or zone 2 shall be of at least class B construction. Glazing separating a zone 4 area from a zone 3 area shall be of at least class C construction. Zone 5 (Fully Protected): means an area within a building, the area complying with the following criteria: ** There shall be only one entrance/exit door to the zone 5 area and this door shall lead directly from an area classified as zone 4, except that additionally there may be a fire exit door from the zone 5 area. ** Any fire exit door from the zone 5 area shall not be provided with means for opening it from outside the zone 5 area (this does not prohibit provision for the fire exit door to be unlocked in an emergency from outside the zone 5 area by means of a key or combination code that is kept in a burglary resistant safe or vault under protocols similar to those set out in BS 5979:2007 for emergency keys or combination codes). ** The normal entrance/exit for the zone 5 area shall be of class A construction. The door shall be outward opening, or so installed that it is no less resistant to being forced open than an outward opening door. ** Walls, floors and ceilings separating a zone 5 area from an area of zone 1 or zone 2 shall be of class A construction. Walls, floors and ceilings separating a zone 5 area from an area of zone 3 or zone 4 shall be of at least class B construction. ** Glazing separating a zone 5 area from an area of lower numerical classification shall meet the size limitation criteria and bullet-resistant criteria of BS 5979. An exception may be made if security measures prevent un-authorised persons from reaching the zone 5 area and there is no line of sight to the glazed areas from outside the building housing the ARC. Glazing between zone 5 and zones 1, 2 or 3 is subject to the general restriction that glazed areas are to be kept to a minimum, and preferably there should be no such glazing. ** It shall not be possible to see into a zone 5 area from an area of lower numerical classification. ** The entrance/exit door of a zone 5 area shall be subject to the full access-control protocols applicable to the inner door of a lobby, as set out in BS 5979. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 9 of 13 5 CLASSIFICATION OF DEGREE OF PHYSICAL PROTECTION AGAINST ATTACK Class A Construction: meeting the full category II physical constructional criteria for the shell of an ARC, as set out in 5.1.1 of BS 5979:2007 in the case of walls, floors and ceilings (but excluding the paragraph at the end of 5.1.1.3), in 5.1.2.1 and 5.1.2.3 of BS 5979:2007 in the case of doors, in 5.1.3 of BS 5979:2007 in the case of key transfer hatches, in 5.1.4.2 of BS 5979:2007 in the case of glazing, in 5.1.5.2 of BS 5979:2007 in the case of ventilation, and in 5.1.6 of BS 5979:2007 in the case of services. Class B Construction: forms of constructions that do not comply with the criteria for class A construction, but which nevertheless provide a significant degree of physical protection. Examples of class B construction are: WALLS of single brickwork, blockwork (e.g. concrete blocks or breeze blocks) or of concrete wall construction. FLOORS and CEILINGS of concrete or similar construction. An exception is that the ceiling may be of less robust construction if it is on the top storey of a building, is more than 10 metres from the ground, and the WHOLE of the top storey of the building is a zone 4 area, there being no ledges, lower roofs, or the like which would assist someone attempting to climb onto the roof. GLAZING which is : either (a) of vandal resistant laminated or wired glass in robust frames, or (b) more than 10 metres above the ground (in which case there shall be no roofs, ledges, etc. that would aid access to the windows. Any opening window not in accordance with (a) above shall be provided with very substantial fittings which limit the opening such that an adult person cannot climb through the window opening. DOORS of tongue-and-grooved framed, ledged and braced construction hung on substantial timber frames with substantial fittings, or other construction providing equivalent degree of resistance to attack. Class C Construction: forms of construction that do not comply with the criteria for class A or for class B construction, but which nevertheless provide a basic minimum degree of physical protection. Examples of class C construction are: WALLS, FLOORS and CEILINGS of corrugated steel sheets or of tongue-and-grooved floor boarding or of sheets of floor boarding grade man-made board (such as chipboard or plywood) mounted on a substantial timber or steel frame. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 10 of 13 FENCES and GATES forming the boundary of a Zone 2 or Zone 3 compound should have posts and fixings of substantial construction such that the fences or gates cannot be easily pushed over using human force. It should not be possible to easily climb over fences and gates. Consideration should be given to overall height, use of barbed wire and other measures designed to prevent ascent. Wire mesh fencing with barbed wire along the top is acceptable provided that EITHER (a) the area is regularly patrolled and intrusion is likely to be promptly detected OR (b) CCTV surveillance of the fences is free from blind spots and it is likely that unauthorised entry will be detected. ACCESS CONTROL BARRIERS for external compounds may be automatically or manually operated poles or bars if the checkpoint is manned. Un-manned checkpoints should have more substantial barriers such as remotely operated steps or flaps in the road to prevent vehicle access and suitable gates (as above) to prevent pedestrian access. GLAZING of normal glass, any opening windows being either (a) more than 10 metres above the ground (in which case there shall be no roofs, ledges, etc., that would aid access to the windows) or (b) the opening being limited by very substantial fittings such that an adult person cannot climb through the window opening. DOORS complying with the criteria for class B construction. Class D Construction: forms of construction not complying with the criteria for class A, class B, or class C, and not providing an equivalent degree of physical protection. NOTE: Such light or flimsy constructions are not regarded as forming an adequate barrier between areas having differing numerical zone classification. Examples of class D construction are: ** any door which does not have construction equivalent to that of a tongue-and- grooved, framed, ledged and braced door on substantial timber frame with substantial hinges and other fittings. ** any wall, ceiling, floor or roof which does not have the strength of either (i) single- brick, (ii) single-blockwork (concrete blocks, composite blocks or breeze blocks), (iii) tongue-and-grooved floor boarding timber mounted on a substantial timber or steel frame, (iv) sheets of flooring grade man-made board mounted on a substantial timber or steel frame, or (v) corrugated steel sheets (of the type used for warehouse buildings) mounted on a substantial timber or steel frame. NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 11 of 13 6 SPECIFIC GUIDELINES 6.1 When considering the effectiveness of a “layered security” system, NSI should have regard to: i. all possible avenues of approach from public roads to the interior of the shell ii. all possible avenues of approach from land or buildings adjacent to the site (ie. the site on which the ARC is situated) to the interior of the shell iii. the possibility of “gate-crashing” by vehicle iv. the possibility of fences, boundary walls, or buildings being rammed by vehicle, including rams mounted on a vehicle at high level up to say 6 metres above ground v. the security of essential services (telephone lines, standby power cables and plant, etc) vi. the likely effect of attack by an armed gang (or a gang carrying imitation firearms) and the procedures set out by the company for the handling of such an eventuality vii. whether members of the public, potential customers, potential suppliers, etc. pass through part of the premises or site close to the ARC or wait in such parts of the premises or site, and whether the company’s procedures and staff regulations ensure that such members of the public, potential customers, potential suppliers, etc. are at all times accompanied by authorised staff personnel viii. the number of staff (not being ARC personnel) who are authorised to access areas close to the ARC, the degree of security screening carried out on such staff, the effectiveness of the access-control system/arrangements, the staff turnover levels, and the arrangements for withdrawing access from former staff members ix whether members of the family and boyfriends/girlfriends of staff members are admitted to areas close to the ARC x. the nature and effectiveness of “out-of-hours” arrangements NOTE: Aerial attack is not considered. Abseiling from the roof of the building housing the control room is not considered. However, sliding down ropes attached to adjacent buildings, overhanging trees, etc., should be considered. 6.2 Where a “layered security” system depends for its effectiveness upon human personnel (receptionists, patrols, guards, etc.) it is appropriate to have regard to the provisions for communication to and from these personnel in the event of an emergency incident. What instructions have been issued? What provision is there for alerting others that an incident is going on? What provision is there for NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 12 of 13 summoning assistance? From where are the patrols/guards controlled and coordinated? Is this control room itself vulnerable? 6.3 Where any wall, floor, ceiling, door, or window (or any part thereof) forms the boundary between zones of different classifications, then that wall, floor, ceiling, door, window (or part thereof) has to be of construction appropriate for maintaining the integrity of the zone of higher classification. As an example, if any wall, floor, ceiling, door or window (or any part thereof) of a zone 5 area (e.g. of the control room of an ARC) faces or abuts an area of zone 1, then that wall, floor, ceiling, door, window (or part thereof) has to be judged against the full “traditional” criteria for BS 5979. However, where the wall, floor, ceiling, door or window is between zones of adjacent numerical classification then the construction may be proportionally less. Where the ceiling of a control room forms part of the roof of a building, the ceiling construction must be judged against the zone bounding the building having the lowest classification, except where the roof in question is very high above ground and is not vulnerable to access by climbing the outside of the building from an adjacent building, or by breaking through a ceiling in another part of the building (whether via a trap door, or by damaging the ceiling). Nevertheless, a wall, floor, ceiling, door or window forming a boundary between zones of different classification must always have a basic minimum integrity. Any barrier that does not have such basic minimum integrity is deemed not to be an effective barrier and therefore it is to be viewed as if it did not exist. Manned checkpoints, on entry routes to parts of buildings having physical barriers not meeting the requirements for class C construction, will be deemed to extend to parts where CCTV surveillance or alarming of the physical barriers is in existence or to areas where the guard is expected to see or hear an attack on the barrier. Guidance on a basic minimum level of integrity is given in Section 7 below. If ARC personnel have to leave the zone 5 area in order to visit the toilet facilities, regard shall be had to the degree of security protection which exists in the corridors/areas they have to go through and the degree to which the toilet facilities themselves are within a protected area. Any toilet facility that has to be used by ARC personnel shall normally be located within zone 4, but may exceptionally be located within zone 3 if the security arrangements for the building in which the ARC is located are such that visitors to the building are accompanied at all times. Any route that has to be used between the control room of the ARC and such toilet facilities should similarly comply with zone 4 criteria (or zone 3 in exception cases). NSI Technical Bulletin No. 0007 Guidance on the application of the last paragraph of 5.1.1.3 of BS 5979:2007 relating to the use of layered security 13 of 13 7 BASIC MINIMUM CONSTRUCTION However comprehensive and effective the layered security (or other means of protection) protecting the approaches to an ARC and/or protecting the building within which the centre is housed, it is considered in-appropriate that an ARC should be housed in a flimsy building or in room/area that is separated from other (less protected) parts of the building only by materials such as a ‘plasterboard’ partitioning, or by light doors having hardboard or three- ply panels. Similarly, such light constructions to not form an adequate barrier between areas having different numerical zone classifications. 8 GENERAL CRITERIA AND CLASSIFICATION REQUIRED FOR PARTS OF THE ALARM RECEIVING CENTRE 8.1 The control room of the ARC shall be located in an area of zone 5 classification. For the purposes of assessment against clauses within BS 5979:2007 not covered by these guidelines, the boundary of zone 5 is considered to be the “shell”. 8.2 The normal entrance to the zone 5 area housing the control room shall be via two doors (an inner door and an outer door) separated by an ante-room with the doors inter-locked to prevent both being open at the same time. The ante-room shall meet the criteria for a zone 4 area. NOTE: The ante-room may be a corridor. 8.3 The inner door shall be controlled from within the zone 5 area by separate physical actions from those for the outer door. 8.4 The ante-room shall have a means of surveillance of any person in the area of the ante-room immediately outside the inner door such that such person can be viewed from within the zone 5 area. There shall also be a means of surveillance of the ante- room such that no part of the ante-room is out of view of the zone 5 area. 8.5 Consideration shall be given to the level of physical protection of communication cables between the point of entry to the site and the shell. In exterior compounds, communication cables should be underground or protected by steel conduit. Manhole covers, including the cover in the road immediately outside the compound, should be protected by alarm or by CCTV surveillance. 8.6 Consideration shall be given to the level of fire protection of communication cables between the point of entry into the building housing the control room and the shell. Full compliance with sub-clause 5.1.9.1 of BS 5979:2007 will be sought in all zones within a building, but diverse routing is an acceptable alternative to BS 5839-1: 2002 provided all traffic can be routed down the alternative path. ******