Proposed U.L. requirements for remote access logins:

  1. A security sign-on consisting of a minimum of six alpha-numeric characters shall be required.  Central One permits but does not require the minimum number of characters at this time.
  2. Each individual shall have a personal security sign-on.  Central One is already in compliance with this requirement.
  3. The time, date and identifying characteristic of the individual signing on shall be recorded.  Central One has, as of 10/22/02, begun recording each sign-on as required.  The identifying characteristic will be the employee number.  The record of sign-in activity will be delivered to the dealer in a new daily report file called "REM" plus the dealer number.  It will be delivered according to the same instructions used for delivering the "EMP" file that contains employee clock-in activity.  Of course, a permanent record will be archived in the central station records.
  4. Any modification to the database shall be logged with a unique personal identification belonging to the person performing the modification.  This information is already maintained by Central One.
  5. Each user's security sign-on shall be required to be changed not less than once every three months.  The system shall prompt the user to change the security sign-on at three month intervals.  The system shall not authorize the user to gain access if the security sign-on is not changed after the prompt.  Central One does not presently require the periodic changing of sign-on passwords.  Central One will be required to implement that requirement if this U.L. proposal becomes a standard.  It is anticipated that we will implement this in such a way that all login passwords will expire on the same date.

Listed companies will have additional restrictions imposed at the remote access site.  When a copy or copies of the central station database is available at the remote site, it shall be protected as follows.  Paper printout of the database shall not be provided at the remote site (except dealers may have a printout of the customers that he/she serves).

  1. If the database is on removable media:
    1. It shall be under lock and key within the remote location.
    2. It shall be accessible only to authorized alarm company employees.
    3. Access shall be limited to those with a need to know.
    4. Filing shall be organized in such a way that will alert someone when any of the media is missing.
    5. Data shall be unrecognizable to anyone not having the programs and cipher to unlock them
  2. If the database is on non-removable media then access to the database shall have the same security as a central station system.