Requirements for the provision of secure remote services for fire safety systems and security systems

This document specifies the minimum requirements for secure remote services (e. g. via IP connections) to the following systems:
a) fire safety systems including, but not limited to, fire detection and fire alarm systems, fixed firefighting systems, smoke and heat control
systems,
b) security systems including, but not limited to, intruder and hold-up alarm systems, electronic access control systems, external perimeter security systems and video surveillance systems,
c) social alarm systems,
d) a combination of such systems
The scope doesn´t cover:
a) the alarm transmission infrastructure,
b) the use of remote access performed by end-users

Anforderungen an die Bereitstellung von sicheren Ferndiensten für Brandsicherheitsanlagen und Sicherheitsanlagen

Lignes directrices et exigences relatives aux services à distance pour les systèmes de protection incendie et les systèmes de sûreté

Le présent document précise les exigences minimales relatives à la fourniture de services à distance sécurisés via une infrastructure d’accès à distance (RAI) effectués sur le site ou hors site (par exemple via des connexions IP) aux systèmes suivants:
a)   les systèmes de protection incendie comprenant, entre autres, les systèmes de détection et d’alarme incendie, les systèmes fixes de lutte contre l’incendie et les systèmes de contrôle et d’évacuation des fumées et de la chaleur;
b)   les systèmes de sûreté comprenant, entre autres, les systèmes d’alarme de détection d’intrusion ou contre les hold-up, les systèmes de contrôle d’accès électroniques, les systèmes de sécurité périmétrique et les systèmes de vidéosurveillance;
c)   les systèmes d’alarme sociale;
d)   les systèmes électroacoustiques pour situations d’urgence;
e)   une combinaison de ces systèmes;
f)   les systèmes de management connectés aux systèmes a) à e).
Le présent document ne couvre pas:
a)   les services sur le site sans utiliser de connexion à distance;
b)   les services de contrôle et de réception d’alarme par le MARC, qui sont décrits dans l’EN 50518.

Zahteve za zagotavljanje varnih oddaljenih storitev za sisteme požarne varnosti in zaščite

General Information

Status
Published
Publication Date
14-Nov-2021
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
29-Sep-2021
Due Date
04-Dec-2021
Completion Date
15-Nov-2021

Buy Standard

Standard
SIST EN 50710:2021
English language
20 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN 50710:2021
01-december-2021

Zahteve za zagotavljanje varnih oddaljenih storitev za sisteme požarne varnosti in

zaščite

Requirements for the provision of secure remote services for fire safety systems and

security systems
Anforderungen an die Bereitstellung von sicheren Ferndiensten für
Brandsicherheitsanlagen und Sicherheitsanlagen

Lignes directrices et exigences relatives aux services à distance pour les systèmes de

protection incendie et les systèmes de sûreté
Ta slovenski standard je istoveten z: EN 50710:2021
ICS:
13.220.20 Požarna zaščita Fire protection
13.320 Alarmni in opozorilni sistemi Alarm and warning systems
33.200 Daljinsko krmiljenje, daljinske Telecontrol. Telemetering
meritve (telemetrija)
SIST EN 50710:2021 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 50710:2021
---------------------- Page: 2 ----------------------
SIST EN 50710:2021
EUROPEAN STANDARD EN 50710
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2021
ICS 13.220.20; 13.320; 33.200
English Version
Requirements for the provision of secure remote services for fire
safety systems and security systems

Lignes directrices et exigences relatives aux services à Anforderungen an die Bereitstellung von sicheren

distance sécurisés pour les systèmes de protection Ferndiensten für Brandsicherheitsanlagen und

incendie et les systèmes de sûreté Sicherheitsanlagen

This European Standard was approved by CENELEC on 26 July 2021. CEN and CENELEC members are bound to comply with the

CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard

without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC

Management Centre or to any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation

under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre

has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,

Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain,

Sweden, Switzerland, Turkey and United Kingdom
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2021 All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for

CEN/CENELEC CENELEC Members.
Ref. No. EN 50710:2021 E
---------------------- Page: 3 ----------------------
SIST EN 50710:2021
Contents Page

European foreword .................................................................................................................................... 4

Introduction ................................................................................................................................................ 5

1 Scope ............................................................................................................................................. 6

2 Normative references ................................................................................................................... 6

3 Terms, definitions and abbreviations ......................................................................................... 6

3.1 Terms, definitions ......................................................................................................................... 6

3.2 Abbreviations ................................................................................................................................ 9

4 Common requirements ..............................................................................................................10

4.1 General .........................................................................................................................................10

4.2 Agreement and responsibilities ................................................................................................11

4.3 RAI description and security requirements .............................................................................11

4.3.1 RAI description ...........................................................................................................................11

4.3.2 RAI security requirements .........................................................................................................12

4.4 Requirements for organization at FSSS site ............................................................................13

4.4.1 General .........................................................................................................................................13

4.4.2 Communication ...........................................................................................................................13

4.4.3 Combined and integrated systems ...........................................................................................13

4.5 Requirements for organization at remote location .................................................................13

4.6 Requirements for the operation of remote services ...............................................................14

4.6.1 General .........................................................................................................................................14

4.6.2 Impact assessment before remote service is conducted .......................................................14

4.6.3 During remote service ................................................................................................................14

4.6.4 After remote service, before terminating the remote access .................................................15

4.7 Requirements for remote functions ..........................................................................................15

4.7.1 General .........................................................................................................................................15

4.7.2 Read functions ............................................................................................................................15

4.7.3 Control functions ........................................................................................................................15

4.7.4 Write functions ............................................................................................................................15

5 Application specific requirements ............................................................................................16

5.1 Specific requirements for use of remote services with fire detection and fire alarm systems

......................................................................................................................................................16

5.1.1 Control functions ........................................................................................................................16

5.1.2 Write functions ............................................................................................................................16

5.2 Specific requirements for use of remote services with fixed firefighting systems .............16

5.2.1 Control functions ........................................................................................................................16

5.2.2 Write functions ............................................................................................................................16

5.2.3 Remote system checks ..............................................................................................................16

5.3 Specific requirements for use of remote services with smoke and heat control systems .16

5.3.1 Control functions ........................................................................................................................16

5.3.2 Write functions ............................................................................................................................17

5.3.3 Remote system checks ..............................................................................................................17

5.4 Specific requirements for use of remote services with emergency sound systems ..........17

5.4.1 Control functions ........................................................................................................................17

5.4.2 Write functions ............................................................................................................................17

5.5 Specific requirements for use of remote services with intrusion and hold up alarm systems

......................................................................................................................................................17

5.5.1 General .........................................................................................................................................17

5.5.2 Control functions ........................................................................................................................17

5.5.3 Write functions ............................................................................................................................18

5.6 Specific requirements for use of remote services with video surveillance systems ..........18

---------------------- Page: 4 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)

5.6.1 General ........................................................................................................................................ 18

5.6.2 Write functions ........................................................................................................................... 18

5.7 Specific requirements for use of remote services with electronic access control systems –

Write Functions .......................................................................................................................... 18

5.8 Specific requirements for use of remote services with external perimeter security systems

– Write Functions ....................................................................................................................... 18

5.9 Specific requirements for use of remote services with social alarm systems – Write

Functions .................................................................................................................................... 18

5.10 Specific requirements for use of remote services with combined and integrated fire safety

systems and/or security systems ............................................................................................. 19

5.11 Specific requirements for use of remote services with management systems ................... 19

5.12 Specific requirements for use of remote services with supervised premises

transceivers ................................................................................................................................ 19

Bibliography ............................................................................................................................................. 20

---------------------- Page: 5 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
European foreword

This document (EN 50710:2021) has been prepared by Technical Committee CEN/CLC/JTC 4 “Remote

Services for fire safety systems and security systems”, the secretariat of which is held by DIN.

The following dates are fixed:
• latest date by which this document has to (dop) 2022-07-26
be implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2024-07-26
standards conflicting with this document
have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

Any feedback and questions on this document should be directed to the users’ national committee. A complete

listing of these bodies can be found on the CENELEC website.
---------------------- Page: 6 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
Introduction

It has been common practice for many years to monitor the alarm and fault status of fire safety and security

systems installed in premises from remote locations.

Technological developments within fire safety systems and/or security systems (FSSS) as well as the

telecommunication paths now permit remote access to those FSSS with a wide variety of available functions up

to and including full operation and programming / parameters setting as if an authorized person was at site.

Remote service supplements the at site visits of competent person and enables new possibilities for customers

(end-users). In short, the overall service quality offered by the various types of professional services providers

at time of installation, maintenance or operation increases significantly. On one hand, end-users experience

faster response times leading to higher system reliability and availability. On the other hand, service providers

can provide new services such as predictive maintenance, which improves also staff utilization.

Not all countries have industry standards for the use of remote access, which are crucial for end-users and

service providers. Specifically, design requirements and strict operational procedures are fundamental in

avoiding actions such as unintended deactivating parts of FSSS.

This document is intended to support the implementation of the European Service Directive (2006/123/EC) and

EN 16763, Services for fire safety systems and security systems. This document is intended to be applied in

conjunction with installation guidelines, either European (if any) or national, as well as with national laws and

regulations in the field of the systems.

This document does not replace the work of other CEN/CENELEC committees such as CEN/TC72, CLC/TC79,

CEN/TC191 and CLC/BTTF 133-1. It should be read in conjunction with their standards and application

guidelines for the use of their products and systems. Only services for the systems within the scopes of

CEN/TC72, CLC/TC79, CEN/TC191 and CLC/BTTF 133-1 are covered in this document with the exceptions

defined in the scope.
Service providers offering remote services for FSSS may consider the following:

— how the use of remote checks instead of or as an addition to predictive maintenance can reduce the number

of journeys to site;

— how the prior use of remote diagnostic and test capabilities can be used to ensure that all necessary

equipment and spares are carried to site for corrective maintenance purposes, and thus have the ambition

of first time fixes;

— how retaining data rather than keeping site/provider hard copies can reduce waste thus effecting a

reduction in their “carbon footprint.”.
---------------------- Page: 7 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
1 Scope

This document specifies the minimum requirements for the provision of secure remote services via a remote

access infrastructure (RAI) carried out either at site or off-site (e.g. via IP connections) to the following systems:

a) fire safety systems including, but not limited to, fire detection and fire alarm systems, fixed firefighting

systems, smoke and heat control systems;

b) security systems including, but not limited to, intruder and hold-up alarm systems, electronic access control

systems, external perimeter security systems and video surveillance systems;
c) social alarm systems;
d) emergency sound systems;
e) a combination of such systems;
f) management systems connected to systems a) – e).
This document does not cover:
a) at site services without using remote connection;

b) the monitoring and alarm receiving services by the MARC, which are described in the EN 50518.

2 Normative references

The following documents are referred to in the text in such a way that some or all of their content constitutes

requirements of this document. For dated references, only the edition cited applies. For undated references, the

latest edition of the referenced document (including any amendments) applies.
EN 16763, Services for fire safety systems and security systems
EN 50131 (all parts), Alarm systems — Intrusion and hold-up systems
EN 50136 (all parts), Alarm Systems — Alarm transmission systems and equipment
EN 50518, Monitoring and Alarm Receiving Centre

EN 50600 (all parts), Information technology — Data centre facilities and infrastructures

3 Terms, definitions and abbreviations
3.1 Terms, definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at https://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1.1
at site
physically at the FSSS site
---------------------- Page: 8 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
3.1.2
authentication
provision of assurance that a claimed characteristic of an entity is correct
[SOURCE: EN ISO/IEC 27000:2018, 3.5]
3.1.3
authorization
permission to gain access to the various functions of a system
3.1.4
check
confirmation that the system meets the specification
Note 1 to entry: In the fire industry the term check means verification.
3.1.5
client
party for which services are provided
[SOURCE: EN 16763:2017, 2.16]
3.1.6
connection

communication link between FSSS and remote location system used for remote access

3.1.7
control function
operations including the transmission of commands, but without write functions
EXAMPLES test commands, resets
3.1.8
fault

condition detected within a FSSS that prevents the system or part(s) thereof from functioning normally

3.1.9
management system

software system for reception, input, generation, storing, forwarding, processing and indication of messages

and data as well as for the control of multiple FSSS
EXAMPLE Building management system
3.1.10
monitoring and alarm receiving centre
MARC

continuously manned centre where information concerning the status of one or more FSSS is reported, and

additionally where the status of one or more alarm transmission system is monitored

Note 1 to entry: In accordance with EN 50518, MARC is equivalent to ARC (Alarm receiving centre).

3.1.11
read function
the transmission of information from the FSSS at site

EXAMPLES visual, acoustic, fault conditions, event log, software versions, parameters, time series, test results and

such.
---------------------- Page: 9 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
3.1.12
remote access
logical access to a FSSS to apply read, control or write functions
3.1.13
remote access client
RAC

software and/or hardware used to gain remote access to functions of one or more FSSS

3.1.14
remote access endpoint
RAE

software and/or hardware endpoint located at site that manages remote access to one or more FSSS

Note 1 to entry: In this document, both RAS and RAE are to be understood as functions, not as devices.

3.1.15
remote access infrastructure
RAI
infrastructure incorporating a RAE, RAS, RAC and IT infrastructure
3.1.16
remote access infrastructure service provider
RAISP
entity responsible for the design, operation and maintenance of the RAI
3.1.17
remote access server
RAS

software and/or hardware used to manage multiple remote connections of multiple FSSS and users

Note 1 to entry: In this document, both RAS and RAE are to be understood as functions, not as devices.

3.1.18
remote location
location from which remote services are carried out
Note 1 to entry: This may be the same or a different location as the RAS.
3.1.19
remote service
any service for the client of an FSSS, carried out via a remote connection
3.1.20
remote service application

software application connected to the RAI permitting remote access to one or more installed FSSS or remote

service functions or both

Note 1 to entry: There may be more than one separate application to carry out all aspects of this functionality.

Note 2 to entry: This application is running on the Remote Access Client.

Note 3 to entry: A web browser is not considered a remote service application. A web browser may be used to enable

access to the remote service application.
---------------------- Page: 10 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
3.1.21
remote service provider
RSP
entity which is responsible for the provision of the remote service to a client

Note 1 to entry: The RSP can be identical with the RAISP. The RSP may delegate certain responsibility to a RAISP but

retains overall responsibility.
3.1.22
response authority
authority with responsibility for attending the FSSS site following an alarm
3.1.23
responsible person

A designated and qualified person who is trained on the use of the installed system

3.1.24
service organization

organization or part of an organization delivering one or more services to a client

3.1.25
session

temporary and interactive information interchange between a user and a FSSS or between an automation

system and a FSSS
3.1.26
set

status of an I&HAS or part thereof in which an intruder and/or hold-up alarm condition can be notified

3.1.27
state of the art

developed stage of technical capability at a given time as regards products, processes and services, based on

the relevant consolidated findings of science, technology and experience
[SOURCE: EN 45020:2006, 1.4]
3.1.28
supervised premises transceiver
SPT

alarm transmission equipment at the supervised premises including the interface to the FSSS and the interface

to one or more transmission networks and being part of one or more alarm transmission paths

3.1.29
write function
re-configuration, maintenance, repair or change of mode of operations
EXAMPLES software updates or bug fixes, upgrades and such
3.2 Abbreviations
For the purposes of this document, the following abbreviations apply.
EACS Electronic Access Control Systems
EPSS External Perimeter Security Systems
ESS Emergency Sound Systems
FDAS Fire Detection and Fire Alarm System (including voice alarm systems)
---------------------- Page: 11 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
FFFS Fixed Fire Fighting System
FSSS Fire Safety System and/or Security System
I&HAS Intrusion and Holdup Alarm System
MARC Monitoring and Alarm Receiving Centre
RAE Remote Access End point
RAI Remote Access Infrastructure
RAISP Remote Access Infrastructure Service Provider
RAS Remote Access Server
RAC Remote Access Client
RSP Remote Service Provider
SHCS Smoke and Heat Control System
SPT Supervised Premises Transceiver
VSS Video Surveillance Systems
4 Common requirements
4.1 General

The implementation of the provision of remote services shall be governed by an assessment of the risk added

by the remote nature of the service.
Such a risk assessment shall include, but not be limited to:
— site locations / client specific requirements;
— operations permitted and the protection measures;
— applicable guidelines and regulations for the equipment in the scope;
— applicable laws and regulations for privacy and data protection;
— cyber security;
— protecting information by mitigating information risks.

The equipment and systems installed for the purposes of remote services (the Remote Access Infrastructure)

shall be periodically maintained and updated. The responsibility for the respective devices and systems shall

be clearly agreed by the contractual parties.

The remote service processes, technologies and communications paths shall be secure and reliable. This

requires proper concept and design, documentation, and holistic testing prior to release.

The equipment and systems installed for the purposes of remote services (the RAI) shall themselves be the

subject of testing, both prior to commissioning and as part of maintenance (preventive and corrective), and

updated in accordance with the state of the art and with the supplier’s and / or manufacturer’s recommendations.

The remote connection shall be subject to periodic review and checks. Measures shall be taken to avoid errors

leading to unintentional actions such as turning off parts of the system.

Remote services provider shall also be familiar with the standards and technical specifications of the FSSS for

which the service is to be provided and particularly those relating to system performance and shall be trained

to use the RAI.
Information from the remote services should be available for the client.
---------------------- Page: 12 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
4.2 Agreement and responsibilities

Contractual agreements between the organization providing the remote service(s) and the client should include

identification of:
1) the specific FSSS and the site in which it is installed;

2) the scope of the services provided, the operations or tests to be conducted remotely, including when and

under what circumstances and the possible further actions to be conducted based on the results of the

remote service;
3) legal entity responsible for the RAS;
4) transparency as to where and how system and site data are handled and stored;

5) the process of client authorization required for each operation and how the communication (see 4.4.2) to

the client is made and evidenced;

NOTE This may take the form of contractual agreement where no specific authorization process is required for certain

or all operations.
6) use and handling of credentials;

7) the means of maintaining an audit trail of all remote actions and the retaining period;

8) any conditions required by the client’s insurer;
9) any conditions required by e.g. police, fire brigade etc. if applicable;

10) the agreed time limitation(s) on active remote sessions with regards to the read, control and write functions

according to the risk assessment;
11) use and handling of automated connections/sessions and
12) the limit of responsibility of the RSP.
4.3 RAI description and security requirements
4.3.1 RAI description

The remote services connections and communications architecture are illustrated in Figure 1.

It contains the Remote Access Infrastructure (RAI) represented with its liaisons and a representation of the

RAS, which may take various forms of implementation depending on the type of remote access and the types

of services considered for each application.
The RAS contains:
— the secured access to the FSSS

— a secured software application designed according to the types of services and the capabilities of the

installed systems such as:
— slient software; or
— client/server software; or
— web based software.
---------------------- Page: 13 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)
Figure 1 — Remote access overview

The RAS and associated applications shall be located in part of the FSSS site, of a maintenance service provider

(service organization), of a MARC or of a suitable contracted third party (data centre).

MARCs shall fulfil EN 50518. Data centres shall fulfil EN 50600 series or equivalent. Service Organizations shall

fulfil EN 16763.
4.3.2 RAI security requirements

In order to ensure the security of the communication link, the following requirements shall be applied to all

remote connections established via the RAI to perform remote services carried out either at site or off-site –

including those performed prior to or as part of commissioning.

The Security of the RAI shall be supported by state of the art security measures such as authentication,

authorization, encryption, substitution protection, event logging and traceability.

The physical and logical connections part of the RAI shall be monitored securely for internet cyber security. The

platform is to be audited regularly for effective protection and continuous improvement.

Remote access to the FSSS shall only be possible via a RAS.

NOTE There can be more than one RAS and / or remote location associated with any given FSSS.

Access to the RAC shall require authorization by secure means appropriate to the assessed risk (see 4.2) and

at least equivalent to that specified by the relevant standard for use at site. This authorization shall identify the

authorized person / automation system performing the remote services.
The session shall be terminated after a defined period of inactivity.
---------------------- Page: 14 ----------------------
SIST EN 50710:2021
EN 50710:2021 (E)

Information related to the sessions (login, logout, user, operations) shall be logged at the RAS with timestamps.

The communication links between the RAC and the RAS and between the RAS and the RAE of the FSSS shall

require authentication before remote functions are executed.
4.4 Requirements f
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.