Developing a UL 2050 Room
Anyone already in the security business knows that getting a certificate from Underwriters Laboratories is no small task. On the contrary, obtaining a facility "certificated" is a lengthy and labyrinthine process that requires achieving a host of the highest standards and ongoing examinations to maintain them.
That said, it is far from impossible. Hundreds of security companies are certificated nation-wide and thousands of UL 2050 certificated facilities are in operation.
This article is primarily intended to assist those businesses looking to develop a UL 2050 room by compiling all of the necessary information in a single place. However, those who already own and operate these secure facilities, but are looking to change their security company, can also benefit.
A Brief History of UL 2050
In 1993, the United States Department of Defense developed a set of standards and guidelines for securing its classified material, information and and equipment to be developed, stored, or maintained by a government contractor. Specifically, these standards were laid out in something called the National Industrial Security Program Operating Manual or NISPOM. This meant that in order to do work for the DOD, every contractor's facility needed to meet these particular standards and procedures.
Around the same time, an independent organization called Underwriters Laboratories developed a set of standards that would meet and often surpass the standards laid out in the NISPOM. The result was Underwriters Laboratories 2050 or UL 2050.
2050 has no particular meaning except it's how UL explains to this specific level of security. The DOD recognizes UL's strict standards and UL, in turn, is authorized to certify security companies to create, monitor, and inspect Sensitive Compartmented Information Facilities or SCIFs.
SCIFs and Who Uses Them
At it's core, a SCIF is any room or facility that will be used to research, manufacture, store, or support any projects, information, equipment, or personnel for any branch of the Armed Services or other agencies. Usually they actually classified information or materials, but while this may conjure images straight out of James Bond, these can be anything from a computer or chemical lab to warehouses and woodshops.
These SCIFs are almost always used by government contractors or those hoping to become one by bidding on military and government projects. Indeed, UL 2050 is the standard for the Department of Defense. Any company looking to work with the DOD, the Armed Services, or any of the other twenty-two government agencies must have a UL 2050 certified SCIF. Since these contracts are far-reaching and often insulated by a national budget, the demand for UL 2050 certified SCIFs typically remains fairly constant even in times of economic downturn.
Getting a Business UL 2050 Certified
Firstly, it is not a business or company that gets UL 2050 certified, but rather a specific room or facility. UL 2050 means that the SCIF has been constructed and inspected to meet UL specifications that take as their basis the DOD's NISPOM. Whether it's one or one hundred, this must be done separately for each SCIF.
However, and this is key, it is not UL that issues the certificate. Underwriters Laboratories deals directly with specific security companies. Each security company goes through a rigorous process of validation and certification to achieve what UL calls "CRZH" certification. CRZH does not stand for anything, but reiter only to the code UL assigns to this type of certificate.
The security company, by virtue of its CRZH certification, is authorized to consult, construct, inspect, monitor and certify a SCIF within a specified radius of about a four-hour response time, or 200 miles. It is the security company that sponsors a facility for certification and issues the UL 2050 certificate.
The First Step
The very first step towards UL 2050 certification is to contact a CRZH certified security company. UL maintains a directory of such companies on their website. Simply, type in your location information and "CRZH" into the "UL Category Code" and you will be given a list of all certified companies in your area. Keep the scope of the search broad by using only state or country information. This will return more results that may apply to you in a 200-mile radius.
Once you contact the security company, negotiations begin for the kind of SCIF you need for what you're looking to do. Typically, this will start with an inspection of the proposed site and then proceed to what systems and changes will need to be implemented.
It is impossible to overestimate the importance of this security company. A SCIF must be constructed according to precise standards. Each step of construction, programming, electronics, and monitoring must be done by companies with their own special levels of certification and quality. A CRZH security company is an invaluable resource for finding trusted companies from builders to alarm monitors.
Consulting a CRZH certificated security company as early as possible allows a business to develop realistic budgets and determine competitive bids for government contracts.
Cloud of Mystery
Anyone looking to develop their first SCIF may be put off by how unclear the public information is. Cost, for example, is rarely discussed in any finite terms until well into the process. The reason, simply, is that the cost must be determined on a case-by-case basis according to what changes need to be made to meet UL 2050 standards.
Similarly, the standards themselves, described in a single UL publication, are one of the most highly controlled documents in the nation. Due to the level of security concerned, a copy can only be issued when a security company registers with UL. Even then it will only be given to a designated employee that is verified by address and contact information and the copy he or she receives is individually numbered and cataloged. Needless to say, the consequences of duplicating or leaking the security standards of every DOD and Armed Services project in the country are dire indeed.
After Online and Long-Term
Once the room is developed, the security company is responsible for inspecting and monitoring the facility to ensure it meets and maintains UL 2050 standards. Underwriters Laboratories will execute their own inspection of each aspect of the facility. After the facility has been approved, the security company is authorized to issue an official UL 2050 certificate.
This certificate is a kind of bond ensuring that the facility will operate by UL 2050 standards and that the security company issuing the certificate will facilitate and ensure that level of operation. To do so, the security company will perform periodic inspections of the facility, as will Underwriters Laboratories. These inspections are often unannounced and will occur at least once a year by both organizations.
Consequently, it is critical to have a security company you trust. Not unlike other services, a good security company should have an extraordinary commitment to quality in installation, service, and response. The stakes, after all, rank into the millions of dollars in government contracts.