Requirements for the provision of secure remote services for fire safety systems and security systems

This document specifies the minimum requirements for the provision of secure remote services via a remote access infrastructure (RAI) carried out either at site or off-site (e.g. via IP connections) to the following systems:
a)   fire safety systems including, but not limited to, fire detection and fire alarm systems, fixed firefighting systems, smoke and heat control systems;
b)   security systems including, but not limited to, intruder and hold-up alarm systems, electronic access control systems, external perimeter security systems and video surveillance systems;
c)   social alarm systems;
d)   emergency sound systems;
e)   a combination of such systems;
f)   management systems connected to systems a) – e).
This document does not cover:
a)   at site services without using remote connection;
b)   the monitoring and alarm receiving services by the MARC, which are described in the EN 50518.

Anforderungen an die Bereitstellung von sicheren Ferndiensten für Brandsicherheitsanlagen und Sicherheitsanlagen

Lignes directrices et exigences relatives aux services à distance sécurisés pour les systèmes de protection incendie et les systèmes de sûreté

Le présent document précise les exigences minimales relatives à la fourniture de services à distance sécurisés via une infrastructure d’accès à distance (RAI) effectués sur le site ou hors site (par exemple via des connexions IP) aux systèmes suivants:
a)   les systèmes de protection incendie comprenant, entre autres, les systèmes de détection et d’alarme incendie, les systèmes fixes de lutte contre l’incendie et les systèmes de contrôle et d’évacuation des fumées et de la chaleur;
b)   les systèmes de sûreté comprenant, entre autres, les systèmes d’alarme de détection d’intrusion ou contre les hold-up, les systèmes de contrôle d’accès électroniques, les systèmes de sécurité périmétrique et les systèmes de vidéosurveillance;
c)   les systèmes d’alarme sociale;
d)   les systèmes électroacoustiques pour situations d’urgence;
e)   une combinaison de ces systèmes;
f)   les systèmes de management connectés aux systèmes a) à e).
Le présent document ne couvre pas:
a)   les services sur le site sans utiliser de connexion à distance;
b)   les services de contrôle et de réception d’alarme par le MARC, qui sont décrits dans l’EN 50518.

Zahteve za zagotavljanje varnih oddaljenih storitev za sisteme požarne varnosti in zaščite

General Information

Status
Published
Publication Date
23-Sep-2021
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
24-Sep-2021
Due Date
24-Feb-2021
Completion Date
24-Sep-2021

Buy Standard

Standard
EN 50710:2021
English language
20 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 50710:2021
01-december-2021
Zahteve za zagotavljanje varnih oddaljenih storitev za sisteme požarne varnosti in
zaščite
Requirements for the provision of secure remote services for fire safety systems and
security systems
Anforderungen an die Bereitstellung von sicheren Ferndiensten für
Brandsicherheitsanlagen und Sicherheitsanlagen
Lignes directrices et exigences relatives aux services à distance pour les systèmes de
protection incendie et les systèmes de sûreté
Ta slovenski standard je istoveten z: EN 50710:2021
ICS:
13.220.20 Požarna zaščita Fire protection
13.320 Alarmni in opozorilni sistemi Alarm and warning systems
33.200 Daljinsko krmiljenje, daljinske Telecontrol. Telemetering
meritve (telemetrija)
SIST EN 50710:2021 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 50710:2021

---------------------- Page: 2 ----------------------
SIST EN 50710:2021


EUROPEAN STANDARD EN 50710

NORME EUROPÉENNE

EUROPÄISCHE NORM
September 2021
ICS 13.220.20; 13.320; 33.200

English Version
Requirements for the provision of secure remote services for fire
safety systems and security systems
Lignes directrices et exigences relatives aux services à Anforderungen an die Bereitstellung von sicheren
distance sécurisés pour les systèmes de protection Ferndiensten für Brandsicherheitsanlagen und
incendie et les systèmes de sûreté Sicherheitsanlagen
This European Standard was approved by CENELEC on 26 July 2021. CEN and CENELEC members are bound to comply with the
CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard
without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre
has the same status as the official versions.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain,
Sweden, Switzerland, Turkey and United Kingdom


European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for
CEN/CENELEC CENELEC Members.
 Ref. No. EN 50710:2021 E

---------------------- Page: 3 ----------------------
SIST EN 50710:2021
Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms, definitions and abbreviations . 6
3.1 Terms, definitions . 6
3.2 Abbreviations . 9
4 Common requirements .10
4.1 General .10
4.2 Agreement and responsibilities .11
4.3 RAI description and security requirements .11
4.3.1 RAI description .11
4.3.2 RAI security requirements .12
4.4 Requirements for organization at FSSS site .13
4.4.1 General .13
4.4.2 Communication .13
4.4.3 Combined and integrated systems .13
4.5 Requirements for organization at remote location .13
4.6 Requirements for the operation of remote services .14
4.6.1 General .14
4.6.2 Impact assessment before remote service is conducted .14
4.6.3 During remote service .14
4.6.4 After remote service, before terminating the remote access .15
4.7 Requirements for remote functions .15
4.7.1 General .15
4.7.2 Read functions .15
4.7.3 Control functions .15
4.7.4 Write functions .15
5 Application specific requirements .16
5.1 Specific requirements for use of remote services with fire detection and fire alarm systems
.16
5.1.1 Control functions .16
5.1.2 Write functions .16
5.2 Specific requirements for use of remote services with fixed firefighting systems .16
5.2.1 Control functions .16
5.2.2 Write functions .16
5.2.3 Remote system checks .16
5.3 Specific requirements for use of remote services with smoke and heat control systems .16
5.3.1 Control functions .16
5.3.2 Write functions .17
5.3.3 Remote system checks .17
5.4 Specific requirements for use of remote services with emergency sound systems .17
5.4.1 Control functions .17
5.4.2 Write functions .17
5.5 Specific requirements for use of remote services with intrusion and hold up alarm systems
.17
5.5.1 General .17
5.5.2 Control functions .17
5.5.3 Write functions .18
5.6 Specific requirements for use of remote services with video surveillance systems .18

---------------------- Page: 4 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
5.6.1 General . 18
5.6.2 Write functions . 18
5.7 Specific requirements for use of remote services with electronic access control systems –
Write Functions . 18
5.8 Specific requirements for use of remote services with external perimeter security systems
– Write Functions . 18
5.9 Specific requirements for use of remote services with social alarm systems – Write
Functions . 18
5.10 Specific requirements for use of remote services with combined and integrated fire safety
systems and/or security systems . 19
5.11 Specific requirements for use of remote services with management systems . 19
5.12 Specific requirements for use of remote services with supervised premises
transceivers . 19
Bibliography . 20

3

---------------------- Page: 5 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
European foreword
This document (EN 50710:2021) has been prepared by Technical Committee CEN/CLC/JTC 4 “Remote
Services for fire safety systems and security systems”, the secretariat of which is held by DIN.
The following dates are fixed:
• latest date by which this document has to (dop) 2022-07-26
be implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2024-07-26
standards conflicting with this document
have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national committee. A complete
listing of these bodies can be found on the CENELEC website.
4

---------------------- Page: 6 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
Introduction
It has been common practice for many years to monitor the alarm and fault status of fire safety and security
systems installed in premises from remote locations.
Technological developments within fire safety systems and/or security systems (FSSS) as well as the
telecommunication paths now permit remote access to those FSSS with a wide variety of available functions up
to and including full operation and programming / parameters setting as if an authorized person was at site.
Remote service supplements the at site visits of competent person and enables new possibilities for customers
(end-users). In short, the overall service quality offered by the various types of professional services providers
at time of installation, maintenance or operation increases significantly. On one hand, end-users experience
faster response times leading to higher system reliability and availability. On the other hand, service providers
can provide new services such as predictive maintenance, which improves also staff utilization.
Not all countries have industry standards for the use of remote access, which are crucial for end-users and
service providers. Specifically, design requirements and strict operational procedures are fundamental in
avoiding actions such as unintended deactivating parts of FSSS.
This document is intended to support the implementation of the European Service Directive (2006/123/EC) and
EN 16763, Services for fire safety systems and security systems. This document is intended to be applied in
conjunction with installation guidelines, either European (if any) or national, as well as with national laws and
regulations in the field of the systems.
This document does not replace the work of other CEN/CENELEC committees such as CEN/TC72, CLC/TC79,
CEN/TC191 and CLC/BTTF 133-1. It should be read in conjunction with their standards and application
guidelines for the use of their products and systems. Only services for the systems within the scopes of
CEN/TC72, CLC/TC79, CEN/TC191 and CLC/BTTF 133-1 are covered in this document with the exceptions
defined in the scope.
Service providers offering remote services for FSSS may consider the following:
— how the use of remote checks instead of or as an addition to predictive maintenance can reduce the number
of journeys to site;
— how the prior use of remote diagnostic and test capabilities can be used to ensure that all necessary
equipment and spares are carried to site for corrective maintenance purposes, and thus have the ambition
of first time fixes;
— how retaining data rather than keeping site/provider hard copies can reduce waste thus effecting a
reduction in their “carbon footprint.”.
5

---------------------- Page: 7 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
1 Scope
This document specifies the minimum requirements for the provision of secure remote services via a remote
access infrastructure (RAI) carried out either at site or off-site (e.g. via IP connections) to the following systems:
a) fire safety systems including, but not limited to, fire detection and fire alarm systems, fixed firefighting
systems, smoke and heat control systems;
b) security systems including, but not limited to, intruder and hold-up alarm systems, electronic access control
systems, external perimeter security systems and video surveillance systems;
c) social alarm systems;
d) emergency sound systems;
e) a combination of such systems;
f) management systems connected to systems a) – e).
This document does not cover:
a) at site services without using remote connection;
b) the monitoring and alarm receiving services by the MARC, which are described in the EN 50518.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references, the
latest edition of the referenced document (including any amendments) applies.
EN 16763, Services for fire safety systems and security systems
EN 50131 (all parts), Alarm systems — Intrusion and hold-up systems
EN 50136 (all parts), Alarm Systems — Alarm transmission systems and equipment
EN 50518, Monitoring and Alarm Receiving Centre
EN 50600 (all parts), Information technology — Data centre facilities and infrastructures
3 Terms, definitions and abbreviations
3.1 Terms, definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at https://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1.1
at site
physically at the FSSS site
6

---------------------- Page: 8 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
3.1.2
authentication
provision of assurance that a claimed characteristic of an entity is correct
[SOURCE: EN ISO/IEC 27000:2018, 3.5]
3.1.3
authorization
permission to gain access to the various functions of a system
3.1.4
check
confirmation that the system meets the specification
Note 1 to entry: In the fire industry the term check means verification.
3.1.5
client
party for which services are provided
[SOURCE: EN 16763:2017, 2.16]
3.1.6
connection
communication link between FSSS and remote location system used for remote access
3.1.7
control function
operations including the transmission of commands, but without write functions
EXAMPLES test commands, resets
3.1.8
fault
condition detected within a FSSS that prevents the system or part(s) thereof from functioning normally
3.1.9
management system
software system for reception, input, generation, storing, forwarding, processing and indication of messages
and data as well as for the control of multiple FSSS
EXAMPLE Building management system
3.1.10
monitoring and alarm receiving centre
MARC
continuously manned centre where information concerning the status of one or more FSSS is reported, and
additionally where the status of one or more alarm transmission system is monitored
Note 1 to entry: In accordance with EN 50518, MARC is equivalent to ARC (Alarm receiving centre).
3.1.11
read function
the transmission of information from the FSSS at site
EXAMPLES visual, acoustic, fault conditions, event log, software versions, parameters, time series, test results and
such.
7

---------------------- Page: 9 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
3.1.12
remote access
logical access to a FSSS to apply read, control or write functions
3.1.13
remote access client
RAC
software and/or hardware used to gain remote access to functions of one or more FSSS
3.1.14
remote access endpoint
RAE
software and/or hardware endpoint located at site that manages remote access to one or more FSSS
Note 1 to entry: In this document, both RAS and RAE are to be understood as functions, not as devices.
3.1.15
remote access infrastructure
RAI
infrastructure incorporating a RAE, RAS, RAC and IT infrastructure
3.1.16
remote access infrastructure service provider
RAISP
entity responsible for the design, operation and maintenance of the RAI
3.1.17
remote access server
RAS
software and/or hardware used to manage multiple remote connections of multiple FSSS and users
Note 1 to entry: In this document, both RAS and RAE are to be understood as functions, not as devices.
3.1.18
remote location
location from which remote services are carried out
Note 1 to entry: This may be the same or a different location as the RAS.
3.1.19
remote service
any service for the client of an FSSS, carried out via a remote connection
3.1.20
remote service application
software application connected to the RAI permitting remote access to one or more installed FSSS or remote
service functions or both
Note 1 to entry: There may be more than one separate application to carry out all aspects of this functionality.
Note 2 to entry: This application is running on the Remote Access Client.
Note 3 to entry: A web browser is not considered a remote service application. A web browser may be used to enable
access to the remote service application.
8

---------------------- Page: 10 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
3.1.21
remote service provider
RSP
entity which is responsible for the provision of the remote service to a client
Note 1 to entry: The RSP can be identical with the RAISP. The RSP may delegate certain responsibility to a RAISP but
retains overall responsibility.
3.1.22
response authority
authority with responsibility for attending the FSSS site following an alarm
3.1.23
responsible person
A designated and qualified person who is trained on the use of the installed system
3.1.24
service organization
organization or part of an organization delivering one or more services to a client
3.1.25
session
temporary and interactive information interchange between a user and a FSSS or between an automation
system and a FSSS
3.1.26
set
status of an I&HAS or part thereof in which an intruder and/or hold-up alarm condition can be notified
3.1.27
state of the art
developed stage of technical capability at a given time as regards products, processes and services, based on
the relevant consolidated findings of science, technology and experience
[SOURCE: EN 45020:2006, 1.4]
3.1.28
supervised premises transceiver
SPT
alarm transmission equipment at the supervised premises including the interface to the FSSS and the interface
to one or more transmission networks and being part of one or more alarm transmission paths
3.1.29
write function
re-configuration, maintenance, repair or change of mode of operations
EXAMPLES software updates or bug fixes, upgrades and such
3.2 Abbreviations
For the purposes of this document, the following abbreviations apply.
EACS Electronic Access Control Systems
EPSS External Perimeter Security Systems
ESS Emergency Sound Systems
FDAS Fire Detection and Fire Alarm System (including voice alarm systems)
9

---------------------- Page: 11 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
FFFS Fixed Fire Fighting System
FSSS Fire Safety System and/or Security System
I&HAS Intrusion and Holdup Alarm System
MARC Monitoring and Alarm Receiving Centre
RAE Remote Access End point
RAI Remote Access Infrastructure
RAISP Remote Access Infrastructure Service Provider
RAS Remote Access Server
RAC Remote Access Client
RSP Remote Service Provider
SHCS Smoke and Heat Control System
SPT Supervised Premises Transceiver
VSS Video Surveillance Systems
4 Common requirements
4.1 General
The implementation of the provision of remote services shall be governed by an assessment of the risk added
by the remote nature of the service.
Such a risk assessment shall include, but not be limited to:
— site locations / client specific requirements;
— operations permitted and the protection measures;
— applicable guidelines and regulations for the equipment in the scope;
— applicable laws and regulations for privacy and data protection;
— cyber security;
— protecting information by mitigating information risks.
The equipment and systems installed for the purposes of remote services (the Remote Access Infrastructure)
shall be periodically maintained and updated. The responsibility for the respective devices and systems shall
be clearly agreed by the contractual parties.
The remote service processes, technologies and communications paths shall be secure and reliable. This
requires proper concept and design, documentation, and holistic testing prior to release.
The equipment and systems installed for the purposes of remote services (the RAI) shall themselves be the
subject of testing, both prior to commissioning and as part of maintenance (preventive and corrective), and
updated in accordance with the state of the art and with the supplier’s and / or manufacturer’s recommendations.
The remote connection shall be subject to periodic review and checks. Measures shall be taken to avoid errors
leading to unintentional actions such as turning off parts of the system.
Remote services provider shall also be familiar with the standards and technical specifications of the FSSS for
which the service is to be provided and particularly those relating to system performance and shall be trained
to use the RAI.
Information from the remote services should be available for the client.
10

---------------------- Page: 12 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
4.2 Agreement and responsibilities
Contractual agreements between the organization providing the remote service(s) and the client should include
identification of:
1) the specific FSSS and the site in which it is installed;
2) the scope of the services provided, the operations or tests to be conducted remotely, including when and
under what circumstances and the possible further actions to be conducted based on the results of the
remote service;
3) legal entity responsible for the RAS;
4) transparency as to where and how system and site data are handled and stored;
5) the process of client authorization required for each operation and how the communication (see 4.4.2) to
the client is made and evidenced;
NOTE This may take the form of contractual agreement where no specific authorization process is required for certain
or all operations.
6) use and handling of credentials;
7) the means of maintaining an audit trail of all remote actions and the retaining period;
8) any conditions required by the client’s insurer;
9) any conditions required by e.g. police, fire brigade etc. if applicable;
10) the agreed time limitation(s) on active remote sessions with regards to the read, control and write functions
according to the risk assessment;
11) use and handling of automated connections/sessions and
12) the limit of responsibility of the RSP.
4.3 RAI description and security requirements
4.3.1 RAI description
The remote services connections and communications architecture are illustrated in Figure 1.
It contains the Remote Access Infrastructure (RAI) represented with its liaisons and a representation of the
RAS, which may take various forms of implementation depending on the type of remote access and the types
of services considered for each application.
The RAS contains:
— the secured access to the FSSS
— a secured software application designed according to the types of services and the capabilities of the
installed systems such as:
— slient software; or
— client/server software; or
— web based software.
11

---------------------- Page: 13 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)

Figure 1 — Remote access overview
The RAS and associated applications shall be located in part of the FSSS site, of a maintenance service provider
(service organization), of a MARC or of a suitable contracted third party (data centre).
MARCs shall fulfil EN 50518. Data centres shall fulfil EN 50600 series or equivalent. Service Organizations shall
fulfil EN 16763.
4.3.2 RAI security requirements
In order to ensure the security of the communication link, the following requirements shall be applied to all
remote connections established via the RAI to perform remote services carried out either at site or off-site –
including those performed prior to or as part of commissioning.
The Security of the RAI shall be supported by state of the art security measures such as authentication,
authorization, encryption, substitution protection, event logging and traceability.
The physical and logical connections part of the RAI shall be monitored securely for internet cyber security. The
platform is to be audited regularly for effective protection and continuous improvement.
Remote access to the FSSS shall only be possible via a RAS.
NOTE There can be more than one RAS and / or remote location associated with any given FSSS.
Access to the RAC shall require authorization by secure means appropriate to the assessed risk (see 4.2) and
at least equivalent to that specified by the relevant standard for use at site. This authorization shall identify the
authorized person / automation system performing the remote services.
The session shall be terminated after a defined period of inactivity.
12

---------------------- Page: 14 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
Information related to the sessions (login, logout, user, operations) shall be logged at the RAS with timestamps.
The communication links between the RAC and the RAS and between the RAS and the RAE of the FSSS shall
require authentication before remote functions are executed.
4.4 Requirements f
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.