| Developing a UL 2050 Room | | | | certification, is authorized to consult, construct, |
| Anyone already in the security business knows that | | | | inspect, monitor and certify a SCIF within a specified |
| getting a certificate from Underwriters Laboratories is | | | | radius of about a four-hour response time, or 200 |
| no small task. On the contrary, getting a facility | | | | miles. It is the security company that sponsors a |
| "certificated" is a lengthy and labyrinthine process | | | | facility for certification and issues the UL 2050 |
| that requires achieving a host of the highest | | | | certificate. |
| standards and ongoing inspections to maintain them. | | | | The First Step |
| That said, it is far from impossible. Hundreds of | | | | The very first step toward UL 2050 certification is to |
| security companies are certificated nation-wide and | | | | contact a CRZH certified security company. UL |
| thousands of UL 2050 certificated facilities are in | | | | maintains a directory of such companies on their |
| operation. | | | | website. Simply, type in your location information and |
| This article is primarily meant to assist those | | | | "CRZH" into the "UL Category Code" and you will be |
| businesses looking to develop a UL 2050 room by | | | | given a list of all certified companies in your area. |
| compiling all of the necessary information in a single | | | | Keep the scope of the search broad by using only |
| place. However, those who already own and operate | | | | state or country information. This will return more |
| these secure facilities, but are looking to change their | | | | results that may apply to you in a 200-mile radius. |
| security company, can also benefit. | | | | Once you contact the security company, negotiations |
| A Brief History of UL 2050 | | | | begin for the kind of SCIF you need for what you're |
| In 1993, the United States Department of Defense | | | | looking to do. Typically, this will start with an |
| developed a set of standards and guidelines for | | | | inspection of the proposed site and then proceed to |
| securing its classified material, information, and | | | | what systems and changes will need to be |
| equipment to be developed, stored, or maintained by | | | | implemented. |
| a government contractor. Specifically, these | | | | It is impossible to overestimate the importance of |
| standards were laid out in something called the | | | | this security company. A SCIF must be constructed |
| National Industrial Security Program Operating Manual | | | | according to precise standards. Each step of |
| or NISPOM. This meant that in order to do work for | | | | construction, programming, electronics, and monitoring |
| the DOD, every contractor's facility needed to meet | | | | must be done by companies with their own particular |
| these particular standards and procedures. | | | | levels of certification and quality. A CRZH security |
| Around the same time, an independent organization | | | | company is an invaluable resource for finding trusted |
| called Underwriters Laboratories developed a set of | | | | companies from builders to alarm monitors. |
| standards that would meet and often surpass the | | | | Consulting a CRZH certificated security company as |
| standards laid out in the NISPOM. The result was | | | | early as possible allows a business to develop realistic |
| Underwriters Laboratories 2050 or UL 2050. | | | | budgets and determine competitive bids for |
| 2050 has no particular meaning except it's how UL | | | | government contracts. |
| refers to this specific level of security. The DOD | | | | Cloud of Mystery |
| recognizes UL's meticulous standards and UL, in turn, | | | | Anyone looking to develop their first SCIF may be |
| is authorized to certify security companies to create, | | | | put off by how unclear the public information is. Cost, |
| monitor, and inspect Sensitive Compartmented | | | | for example, is rarely discussed in any finite terms |
| Information Facilities or SCIFs. | | | | until well into the process. The reason, simply, is that |
| SCIFs and Who Uses Them | | | | the cost must be determined on a case-by-case |
| At it's core, a SCIF is any room or facility that will be | | | | basis according to what changes need to be made to |
| used to research, manufacture, store, or support any | | | | meet UL 2050 standards. |
| projects, information, equipment, or personnel for | | | | Similarly, the standards themselves, described in a |
| any branch of the Armed Services or other agencies. | | | | single UL publication, are one of the most highly |
| Usually they imply classified information or materials, | | | | controlled documents in the nation. Due to the level |
| but while this may conjure images straight out of | | | | of security concerned, a copy can only be issued |
| James Bond, these can be anything from a computer | | | | when a security company registers with UL. Even |
| or chemical lab to warehouses and woodshops. | | | | then it will only be given to a designated employee |
| These SCIFs are almost always used by government | | | | that is verified by address and contact information |
| contractors or those hoping to become one by | | | | and the copy he or she receives is individually |
| bidding on military and government projects. Indeed, | | | | numbered and cataloged. Needless to say, the |
| UL 2050 is the standard for the Department of | | | | consequences of duplicating or leaking the security |
| Defense. Any company looking to work with the | | | | standards of every DOD and Armed Services project |
| DOD, the Armed Services, or any of the other | | | | in the country are dire indeed. |
| twenty-two government agencies must have a UL | | | | After Online and Long-Term |
| 2050 certified SCIF. Since these contracts are | | | | Once the room is developed, the security company is |
| far-reaching and often insulated by a national budget, | | | | responsible for inspecting and monitoring the facility |
| the demand for UL 2050 certified SCIFs typically | | | | to ensure it meets and maintains UL 2050 standards. |
| remains fairly constant even in times of economic | | | | Underwriters Laboratories will execute their own |
| downturn. | | | | inspection of each aspect of the facility. After the |
| Getting a Business UL 2050 Certified | | | | facility has been approved, the security company is |
| Firstly, it isn't a business or company that gets UL | | | | authorized to issue an official UL 2050 certificate. |
| 2050 certified, but rather a specific room or facility. | | | | This certificate is a kind of bond ensuring that the |
| UL 2050 means that the SCIF has been constructed | | | | facility will operate by UL 2050 standards and that |
| and inspected to meet UL specifications that take as | | | | the security company issuing the certificate will |
| their basis the DOD's NISPOM. Whether it's one or | | | | facilitate and ensure that level of operation. To do so, |
| one hundred, this must be done separately for each | | | | the security company will perform periodic inspections |
| SCIF. | | | | of the facility, as will Underwriters Laboratories. |
| However, and this is key, it is not UL that issues the | | | | These inspections are often unannounced and will |
| certificate. Underwriters Laboratories deals directly | | | | occur at least once a year by both organizations. |
| with specific security companies. Each security | | | | Consequently, it is critical to have a security company |
| company goes through a rigorous process of | | | | you trust. Not unlike other services, a good security |
| validation and certification to achieve what UL calls | | | | company should have an extraordinary commitment |
| "CRZH" certification. CRZH doesn't stand for anything, | | | | to quality in installation, service, and response. The |
| but refers only to the code UL assigns to this type | | | | stakes, after all, rank into the millions of dollars in |
| of certificate. | | | | government contracts. |
| The security company, by virtue of its CRZH | | | | |