NOTE The requirement to report alarms and path failures to the AS does not specify how this shall be processed by the AS. The AS requirements are defined in the appropriate application standard.
Availability
General
The availability of the ATP, ATS and ATSN is the percentage of time during which the ATP, ATS and ATSN are known to operate within the requirements of the appropriate performance category.
NOTE 1 The availability of the ATP, ATS and ATSN should not be confused with transmission network availability. For the purpose of calculating the ATP and system availability the availability of the SPT, the transmission network and the RCT should be considered as serial availabilities.
NOTE 2 Where an ATS uses more than one ATP the availability of the ATPs should be considered parallel.
NOTE 3 The ATSN availability is used to provide a performance indication of the ATSN to an ATSP.
The ATS shall be such that, except under alarm or fault conditions, the status of the ATS shall be monitored to verify its integrity. The monitoring shall be of a sufficient frequency to meet the fault reporting requirements for the appropriate reporting time in Table 3.
It is required to provide evidence that availability can be recorded and is available for inspection at any time.
Redundancy/duplication
Where several interfaces to the ATS exist at the SPT or at the RCT the ATS shall be considered to be available in the event of a fault affecting one or more such interfaces provided:
at least one ATP exists between one interface at the AS and one interface at the AE; and
either:
messages are normally transmitted and received on all such interfaces, or
messages are normally transmitted and received on one primary interface at each end, but that in the event of a failure the system automatically changes to an alternative interface.
ATS unavailability
For the purposes of calculating the system availability the following situations shall be considered:
all faults in the ATS, which will prevent an alarm from being transmitted to its intended ARC(s) within the requirements of the appropriate category;
unavailability due to maintenance of the ATS, unless alternative facilities are provided.
The ATS shall be considered to be unavailable while any of the above conditions exist.
Duration of faults
The time for which the ATS shall be considered to be unavailable shall be the period from the last time the system was known to be available (i.e. with no faults) until the time when a fault is detected, repaired and the system confirmed to be available again.
NOTE Faults caused by deliberate attempts to compromise the system should not be included provided that they are detected and reported within the time specified in Table 3 for the appropriate category.
ATS availability recording
For the purpose of performance monitoring and verification, a fault shall be recorded when the ATS fails to meet the requirement of Table 6.
This fault recording shall, if required by Table 6, be made available to the customer upon request. The records shall be kept as required by 7.5.1.
NOTE The purpose of measuring ATS availability is to identify faults, analyse and fix them to restore the ATS operation.
Table 6 — ATS availability recording
|
|
SP1 |
SP2 |
SP3 |
SP4 |
SP5 |
SP6 |
DP1 |
DP2 |
DP3 |
DP4 |
|
ATS availability in any 7-day period (%) |
Op |
Op |
Op |
97,0 |
99,0 |
99,8 |
Op |
99,0 |
99,8 |
99,8 |
|
Key Op = Optional, i.e. no requirement NOTE The use of an alternative ATP is mandatory according to 5.2 and Table 1. |
||||||||||
ATSN availability
The yearly availability of an ATSN shall not be less than the values specified in Table 7 for all ATS of the same category. If an ATSN fails to meet the requirement of Table 7 a fault shall be recorded.
Table 7 — ATSN availability
|
|
SP1 |
SP2 |
SP3 |
SP4 |
SP5 |
SP6 |
DP1 |
DP2 |
DP3 |
DP4 |
|
ATSN availability yearly (%) |
Op |
Op |
97,0 |
99,0 |
99,5 |
99,9 |
Op |
99,5 |
99,9 |
99,9 |
|
Key Op = Optional, i.e. no requirement |
||||||||||
Security
General security requirements
The ATSP shall describe means to protect the ATS and its components against malicious attacks and inadvertent influences.
To achieve substitution and information security cryptographic techniques shall be used.
When symmetric encryption algorithms are used, key length shall be no less than 128 bits. When other algorithms are deployed, they shall provide similar level of cryptographic strength. Any hash functions used shall give a minimum of 128 bits output. Regular automatic key changes shall be used with machine generated randomised keys. Use of cryptographic algorithms as defined in ISO/IEC 18033 is recommended. Use of hash functions as defined in ISO/IEC 10118 is recommended.
These security measures apply to all data and management functions of the ATS including remote configuration, software/firmware changes of all ATE.
Cryptography used for alarm applications and transmissions shall be fully documented, be in the public domain and have passed peer review as suitable for this application.
It is accepted that some unit identification data, data encapsulation and any error checking data added subsequent to the core message creation may not be encrypted for transmission, but should be protected from alteration. The requirement of alteration protection applies to the application data only, and doesn't apply to any network or link-related information.
Substitution security
Protection against unauthorised substitution of the SPT with identical or simulation equipment along the ATS shall be provided.
Authentication always requires a sufficient number of keys to provide each connected SPT and RCT with a unique code.
Table 8 — SPT substitution security requirements
|
|
SP1 |
SP2 |
SP3 |
SP4 |
SP5 |
SP6 |
DP1 |
DP2 |
DP3 |
DP4 |
|
Substitution protection |
Op |
Op |
Op |
M |
M |
M |
Op |
Op |
M |
M |
|
Key M = Mandatory Op = Optional |
||||||||||
Information security
The ATS will be classified according to its ability to meet the information security requirement.
Protection of the information transmitted by the ATS shall be provided by measures to prevent unauthorised reading and to detect unauthorised modification of the information transmitted.
Table 9 — Information security requirements
|
|
SP1 |
SP2 |
SP3 |
SP4 |
SP5 |
SP6 |
DP1 |
DP2 |
DP3 |
DP4 |
|
Information security |
Op |
Op |
Op |
M |
M |
M |
Op |
Op |
M |
M |
|
Key M = Mandatory Op = Optional |
||||||||||
Verification of performance
The verification of performance of an ATS shall be carried out by the ATSP to ensure that the monitoring of all parts of the ATS is effective and that fault signals are generated and successfully transmitted in the event of detected ATS faults.
General
The performance verification of an ATS shall comprise of a number of aspects as listed below:
verification that the basic operation of the system conforms to the requirements of this European Standard and to any related standards; this shall include testing to establish that alarms are transmitted, and that the ATS is monitored;
such additional regular or routine verification as required to establish or confirm the availability of the ATS.
NOTE Testing of the supervised premises interface to the AS is described in detail in EN 50136-2.
ATSN performance
For the purposes of performance verification of an ATSN, all the ATSs of one category shall be considered.
Where ASs form a number of geographically distinct groups and where these groups communicate with separate receivers within the receiving centre or can otherwise be separately identified then each group may be verified as a separate ATSN. Where this division is used the verification shall be carried out separately on each of the identified groups.
The ATSP shall document what criteria is used to group ATSs to build a single ATSN.
Performance verification of the ATSN shall ensure that, for the system configuration and the anticipated number of connected ASs that the ATSN is capable of meeting the requirements of 6.2. This shall be done by practical performance verification of all associated fully commissioned ATSs.
Transmission time
The correct transmission of alarms shall be verified, including the transmission of alarms associated with ATS monitoring. The time taken to transmit an alarm, e.g. a test alarm, shall be in accordance with Table 2.
The time taken to recognise and transmit a fault signal resulting from a fault of the ATP from the AS at the supervised premises to the AE at the ARC shall be in accordance with Table 3.
Verification interval
The verification of performance detailed in Table 2 and Table 3 of an ATS shall be carried out either continuously or in the case of the following events:
the initial commissioning of the ATS;
following any ATS changes (ATE and/or transmission network).
Where the rate of transmission of alarms through the system varies predictably with time or where the use of the ATS by other services using the same equipment varies with time (e.g. systems using a public switched telephone network or a shared PSN) then the distribution of times when performance verification is carried out shall reflect the distribution of times during the day or week that actual messages are expected to occur.
The results of the verification on each ATS and ATSN shall be analysed over successive periods of three months. This does not imply that each ATS and ATSN shall have been activated and tested in every threemonth period.
Availability
Records
Records of all faults and of all performance verification carried out on all ATSs and ATSNs shall be maintained and recorded by the ATSP.
Records shall be maintained of all ATS faults, including those affecting alternative paths or equipment, where these are required in order to comply with the specified availability for the appropriate category.
Records for each ATS fault shall include:
the time and date when the fault was identified,
the time and date when the solution was implemented and the system restored to normal operation.
Records shall be kept for not less than three years.
Availability records of the ATS and ATSN shall be given to the customer when requested.
Inspection of records
These records shall be open to inspection by a representative from an accredited certification body, or a representative from some other independent organisation (e.g. insurance approvals body). It shall be possible to trace the inclusion of individual system faults in the summarised data required to meet this European Standard, and to trace published performance figures back to individual performance verifications or faults.
Calculations
General
The records of all performance verification carried out on an ATS and/or ATSN shall be used to determine the availability of the ATS and the ATSN.
ATS availability calculations
For each occasion when a single ATS is unavailable (see 6.7.3) the duration of each single fault shall be determined.
For each seven-day period the availability of the ATS shall be calculated as: where
И44= 1-
WF
10080,
xl00%
WA = weekly availability, expressed in percent;
WF = sum of fault times in any seven-day period, expressed in minutes calculated as defined in 6.7.4).
NOTE 10 080 is the number of minutes in a week, 7d x 24h x 60min.
ATSN availability calculations
The weighted fault time of the ATSN is calculated as follows:
FT = DFxNA
where
FT = weighted fault time, expressed in minutes;
DF = duration of a single fault, expressed in minutes, calculated as described in 6.7.4
NA = the number of affected ASs;
525 600 x NC )
xl00%
where
YA - any one-year period availability, expressed in percent;
YF - sum of weighted fault times in any one-year period, expressed in minutes:
n
YF = ^FTi
i=i
zVC = the total number of connected ASs;
NOTE 525 600 is the number of minutes in a year, 365d x 24h x 60min.
The sum of fault times shall be for all faults cleared during a one-year period. The number of deployed ATSs shall be that at midnight on the last day of the one-year period. The yearly system availability will be the arithmetic mean of the weekly availabilities for 52 successive weeks.
Where a system is expanded or reduced then the availability of the new system size need not change the rolling seven-day period .
The results and the calculations shall be kept for a period not less than three years.
Documentation
The ATSP(s) shall maintain documentation sufficient for planning, installation, commissioning, service and operation of the ATS. ATE Instructions shall be structured to reflect the access levels of the different type of users. Documentation shall include ATS categorization according to Table 1, Table 2, Table 3, Table 4, Table 5, Table 6, Table 7, Table 8 and Table 9, and 6.8.
Alarm
trartsni 83ЮП system
ATS
I I Cort rd led by the alarm transmiss ion service prcvidefATSP)
p-- — - — Partly contrdled bythe ATS Ifeg. by service level agreemerts)
I «
! j Out of the scope of EN50136-1
Al arm transrri ssi on path(A T P)
0 Encfcioints of an al arm transrri ssi on pattfA TP)
Alt ernd і ve AT P(if ем sting), starting at a different network interface of the SPT and ending at the same cr і a different RCTthanthe primary AT FUsingt he same or a different transmission network than the primary AT P
Moritored interconnections between ATS andend nodes Afi AS
1) Needed for the practical operation of the ATS, but not carryng ATPs; not in the scope of EN50136-1 2) Not necessa lily arising, but if eocisth g. the n earring ATPs
Figure 1 — Logical representation of an AT
S
Annex A
(informative)
ATS configurations examples
ATS
AS
OS PT
TN1 BRCTQ AE
D TNI Transmission Network Interface
(^2) TN Transmission Network
ATP Alarm Transmission Path (SPT, TN11. TN. TNI2, RCT)
Q Endpoints of an ATP
Figure A.1 —Example of a simple single path alarm transmission systemATS
□ TNI Transmission Network Interface
(^2) TN Transmission Network
ATP1 Alarm Transmission Path (SPT. TNM. TN1, TNI3, RCT)
ATP2 Alarm Transmission Path (SPT. TNI2, TN2. TNI4, RCT)
Q Endpoints of an ATP
Figure A.2 — Example of a simple dual path alarm transmission system
□ TNI Transmission Network Interface
(^2) TN Transmission Network
ATP1 Alarm Transmission Path 1 (SPT, TNI1, TN1, TNI3, RCT1 or TNI5, RCT2)
ATP2 Alarm Transmission Path 2 (SPT. TNI2, TN2, TNI4. RCT1 or TNI6. RCT2)
О Endpoints of an ATP
Figure A.3 — Example of a dual path alarm transmission systemAnnex В
(informative)
Availability examples
An availability figure of 99,8 % comes down to 0,2 % unavailability, this is 20,16 min in seven days (10 080 min).
There is a direct relation between the ATS and the ATSN availability. For example in an ATSN an outage of 20 min in a week affecting 10 % of all ATSs of the same category which results in an ATSN availability of 99,989 %. The ATSN availability requirement is therefore much higher than the single ATS availability requirement.
Any major transmission network outage of 17 h (in a year) affecting all ASs will result in an ATSN availability of 99,8 %.Annex C
(informative)
Verification of performance
C.1 Introduction
The purpose of this verification is to list requirements that can enable assessment by test house personnel of the performance of ATE when used in conjunction with the corresponding ATS. The requirements are intended to demonstrate that messages from the ATE sent over the ATS can successfully reach the ARC within defined time limits and with an acceptable level of reliability. Requirements are also given for the maximum reporting times in the event of a failure of a transmission link.
Satisfactory performance assessment by test house to the requirements and verification is required prior to approval and listing of the product(s) by a certifying body.
The ATS shall be verified according to its specified category.
C.2 Set up configuration
|
Equipment number |
Description |
Manufacturer |
Type |
Ser. no. |
SW ver. / Other info |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Block diagram:
Figure C.1
The block diagram describes the set-up for normal operation and monitoring of the ATS.
C.3 System evaluation and functional verification
The numbers in the below tables allocated to each verification are the same as the numbers given in the EN- standards. The requirements, evaluations and results of the evaluations are given in tables below. Passed in the "Result"- column means the interpretation of the EN-standards and the verification result leaves no doubt that the requirement is met. If the requirement is not met or if doubt exists, "Not passed" is stated. "Not relevant" is stated if the requirement is not relevant for the specific ATS tested.
