EN 50131-3:2009

SLOVENSKI STANDARD
01-oktober-2009
1DGRPHãþD
SIST EN 50131-6:1999
SIST-TS CLC/TS 50131-3:2004
Alarmni sistemi - Sistemi za javljanje vloma in ropa - 3. del: Kontrolna in
indikacijska oprema
Alarm systems - Intrusion and hold-up systems -- Part 3: Control and indicating
equipment
Alarmanlagen - Einbruch- und Überfallmeldeanlagen -- Teil 3: Melderzentrale
Systèmes d’alarme - Systèmes d'alarme contre l’intrusion et les hold-up -- Partie 3:
Equipement de contrôle et de signalisation
Ta slovenski standard je istoveten z: EN 50131-3:2009
ICS:
13.310 Varstvo pred kriminalom Protection against crime
13.320 Alarmni in opozorilni sistemi Alarm and warning systems
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN 50131-3
NORME EUROPÉENNE
March 2009
EUROPÄISCHE NORM
ICS 13.310 Supersedes CLC/TS 50131-3:2003

English version
Alarm systems -
Intrusion and hold-up systems -
Part 3: Control and indicating equipment

Systèmes d’alarme -  Alarmanlagen -
Systèmes d'alarme contre l’intrusion Einbruch- und Überfallmeldeanlagen -
et les hold-up - Teil 3: Melderzentrale
Partie 3: Equipement de contrôle
et de signalisation
This European Standard was approved by CENELEC on 2009-02-01. CENELEC members are bound to
comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and
notified to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia,
Slovenia, Spain, Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: avenue Marnix 17, B - 1000 Brussels

© 2009 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 50131-3:2009 E
Foreword
This European Standard was prepared by the Technical Committee CENELEC TC 79, Alarm systems.
The text of the draft was submitted to the Unique Acceptance Procedure and was approved by
CENELEC as EN 50131-3 on 2009-02-01.
This European Standard supersedes CLC/TS 50131-3:2003.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2010-02-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2012-02-01
EN 50131 will consist of the following parts, under the general title “Alarm systems – Intrusion and
hold-up systems”:
Part 1 System requirements
Part 2-2 Intrusion detectors - Passive infrared detectors
Part 2-3 Requirements for microwave detectors
Part 2-4 Requirements for combined passive infrared and microwave detectors
Part 2-5 Requirements for combined passive infrared and ultrasonic detectors
Part 2-6 Opening contacts (magnetic)
Part 2-7-1 Intrusion detectors – Glass break detectors (acoustic)
Part 2-7-2 Intrusion detectors – Glass break detectors (passive)
Part 2-7-3 Intrusion detectors – Glass break detectors (active)
Part 3 Control and indicating equipment
Part 4 Warning devices
Part 5-3 Requirements for interconnections equipment using radio frequency techniques
Part 6 Power supplies
Part 7 Application guidelines
Part 8 Security fog device/systems
__________
– 3 – EN 50131-3:2009
Introduction
This document is based on the revision of the Technical Specification originally edited by the
CENELEC TC 79/WG 3, then submitted to the formal vote and finally approved by CENELEC as
CLC/TS 50131-3 on 2003-05-19.
The work done by WG 3 is the result of the comments raised by the National Committees, members of
CENELEC and of harmonisation with EN 50131-1:2006 + A1:2009 prepared by TC 79/WG 1; for this
reason the reader has to take into account EN 50131-1:2006 + A1:2009, which has to be considered
as a “master” document for this EN 50131-3.
Repetition of definitions and requirements contained in EN 50131-1 have been eliminated from this
EN 50131-3, in order to minimise conflict in the event of changes to EN 50131-1, except where
repetition is deemed essential for the clarity of this document.

Reference has been included to various implications arising from the detector standards. Full detail of
the interconnection requirements could be the subject of a future standard.

A number of requirements are contained in this standard for which a formal test procedure can only be
written by defining (and hence restricting) the technology by which the requirement is achieved.
Accordingly, it has been recognised that such functions can be tested only by agreement between
manufacturer and test house, according to documented information relating to how the required
functionality has been achieved.

A table to cross reference EN 50131-1 requirements against this EN 50131-3 and tests has been
included in Annex D.
Contents
Introduction . 3
1 Scope . 6
2 Normative references . 7
3 Definitions and abbreviations . 7
3.1 Definitions . 7
3.2 Abbreviations .10
4 Equipment attributes .10
4.1 General .10
4.2 Functionality .11
5 CIE construction .11
6 Security grade .11
7 Environmental performance .11
7.1 Requirements .11
7.2 Environmental and EMC tests .11
8 Functional requirements .12
8.1 Inputs .12
8.2 Outputs .13
8.3 Operation .13
8.4 Processing .18
8.5 Indication .19
8.6 Notification outputs .20
8.7 Tamper security (detection/protection) .21
8.8 Interconnections .23
8.9 Timing .24
8.10 Event recording .24
8.11 Power supply .25
9 Product documentation .25
9.1 Installation and maintenance .25
9.2 Operating instructions .26
10 Marking and labelling .26
11 Tests .26
11.1 Test conditions .27
11.2 Test procedures .28
11.3 Reduced functional test .28
11.4 Functional tests .29
11.5 Access level .40
11.6 Authorization requirements .41
11.7 Operational tests .46
11.8 Tamper security tests .56
11.9 Substitution tests .59
11.10 Testing of I&HAS timing performance .59
11.11 Testing for interconnections .60
11.12 Event log .61
11.13 Marking and documentation .62
11.14 Environmental and EMC tests .63
Annex A (informative) Interconnection types .65
Annex B (informative) Summary of timing requirements .67
Annex C (normative) Use of non-I&HAS interface .68

– 5 – EN 50131-3:2009
Annex D (informative) Summary of function cross references .69
Figures
Figure A.1 – Specific wired interconnections .65
Figure A.2 – Non-specific wired interconnections .65
Figure A.3 – Wire-free interconnections .66
Tables
Table 1 – Recognition of additional fault conditions .12
Table 2 – Recognition of biometric keys .15
Table 3 – Time intervals for methods of authorization used in combination .15
Table 4 – Detection of repeated invalid authorization attempts .16
Table 5 – Monitoring of processing .19
Table 6 – Indications supplementary to those of EN 50131-1 .20
Table 7 – Tamper protection .22
Table 8 – Tamper detection.22
Table 9 – Tool dimension for tamper detection .23
Table 10 – Removal from mounting .23
Table 11 – Additional events to be included in event log .24
Table 12 – Reduced functional test .29
Table 13 – Tests of the processing of intruder signals or messages .30
Table 14 – Tests of the processing of hold-up signals or messages .32
Table 15 – Tests of the processing of tamper signal or messages .33
Table 16 – Test of processing of fault signals or messages .35
Table 17 – Test of processing of masking signals or messages .37
Table 18 – Test of processing of reduction of range signals or messages .38
Table 19 – Test of CIE processing in the presence of non-I&HAS inputs .40
Table 20 – Test of the access to the functions and controls .41
Table 21 – Test for disabling user input device by invalid keys .45
Table 22 – Test for generation of tamper by invalid keys .46
Table 23 – Test of setting procedure .47
Table 24 – Test of prevention of setting and overriding of prevention of setting procedure .48
Table 25 – Test for unsetting procedure .50
Table 26 – Test of setting and/or unsetting automatically at pre-determined times.52
Table 27 – Inhibit and isolate functions .53
Table 28 – Verification of test functions .54
Table 29 – Test of CIE process monitoring .55
Table 30 – Test of availability of indications .56
Table 31 – Test of event log .62
Table 32 – Environmental and EMC tests .64
Table B.1 – Timing table .67
Table C.1 – Conditions for use of non-I&HAS interface for control and indicating purposes .68
Table D.1 – Cross references.69
Bibliography .73

1 Scope
This standard specifies the requirements, performance criteria and testing procedures for control and
indicating equipment (CIE) intended for use in intrusion and hold-up alarm systems (I&HAS) installed
in buildings. This document also applies to CIE to be used in IAS or HAS.
The CIE may incorporate processing functions of other I&HAS components or its processing
requirements may be distributed among such components.
This standard specifies the requirements for CIE installed in buildings using specific or non-specific
wired interconnections or wire-free interconnections. These requirements also apply to ACE that are
installed inside or outside of the supervised premises and mounted in indoor or outdoor environments.
Where CIE shares means of detection, interconnection, control, communication, processing and/or
power supplies with other applications, these requirements apply to I&HAS functions only.
This standard specifies performance requirements for CIE at each of the four security grades identified
in the European Standard EN 50131-1, “Alarm Systems – Intrusion and hold-up systems – System
requirements”. Requirements are also specified for four environmental classes covering applications
for indoor and outdoor locations.
This standard includes mandatory functions, which shall be provided on all CIE for the appropriate
security grade, as well as optional functions that may additionally be provided.
This standard does not deal with requirements for compliance with EU regulatory Directives, such as
the EMC Directive, Low Voltage Directive, etc. except in that it specifies the equipment operating
conditions for EMC susceptibility testing as required by EN 50130-4.
NOTE In this standard reference to the term “I&HAS” is used throughout, except where there is specific need to differentiate
between the IAS and HAS portions of a system. The term is intended to include IAS and HAS when such systems are installed
separately.
– 7 – EN 50131-3:2009
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
Publication Year Title
EN 50130-4 1995 Alarm systems - Part 4: Electromagnetic compatibility - Product family
standard: Immunity requirements for components of fire, intruder and
social alarm systems
EN 50130-5 1998 Alarm systems - Part 5: Environmental test methods
EN 50131-1 2006 Alarm systems - Intrusion and hold-up systems - Part 1: System
A1 2009 requirements
EN 50131-5-3 2005 Alarm systems - Intrusion systems - Part 5-3: Requirements for
interconnections equipment using radio frequency techniques
EN 50131-6 2008 Alarm systems - Intrusion and hold-up systems - Part 6: Power
supplies
EN 60068-1 1994 Environmental testing - Part 1: General and guidance
(IEC 60068-1:1988 + corr. Oct. 1988 + A1:1992)
EN 60068-2-75 1997 Environmental testing - Part 2-75: Tests - Test Eh: Hammer tests
(IEC 60068-2-75:1997)
EN 60529 Degrees of protection provided by enclosures (IP code) (IEC 60529)
EN 62262 Degrees of protection provided by enclosures for electrical equipment
against external mechanical impacts (IK code) (IEC 62262)
3 Definitions and abbreviations
3.1 Definitions
For the purposes of this document, the following terms and definitions apply in addition to those given
in EN 50131-1:2006.
3.1.1
acknowledge
action of a user to accept an indication
3.1.2
alarm point
one or more detector(s) providing a common signal or message, at the CIE or at the ACE for the
purpose of indication or processing
3.1.3
alarm signal or message
signal or message generated by an alarm point
3.1.4
biometric key
use of biometric characteristic by an authorized user to gain access to restricted functions or parts of a
CIE (EXAMPLE: finger print or iris recognition)

3.1.5
conditioning
exposure of the Equipment Under Test (EUT) to environmental conditions in order to determine the
effect of such conditions on the EUT
3.1.6
detector
device designed to generate an alarm signal or message in response to the sensing of an abnormal
condition indicating the presence of a hazard
3.1.7
digital key
portable device containing digitally coded information used by an authorized user to gain access to
restricted functions or parts of a CIE (EXAMPLE: magnetic card, electronic token or similar)
3.1.8
entry route facility
means to ignore signals or messages from specified detectors during unsetting for a specified time
period
3.1.9
entry time
time permitted for unsetting procedure where entry route is used
3.1.10
exit route facility
means to ignore signals or messages from specified detectors during setting for a specified period
3.1.11
external power source (EPS)
energy supply external to the I&HAS which may be non-continuous (EXAMPLE: main power supply)
NOTE  For Type A and Type B PS only. The EPS is derived as described in EN 50131-6.
3.1.12
fail to set
condition when defined setting procedure has not been completed within a specific time so that I&HAS
is left in the “setting mode”
3.1.13
false acceptance rate (FAR)
proportion of biometric verification transactions with wrongful claims of identity that are incorrectly
accepted
3.1.14
false rejection rate (FRR)
proportion of biometric verification transactions with truthful claims of identity that are incorrectly
denied
3.1.15
interaction
any deliberate operation or act by the user to control or vary the function of the I&HAS
3.1.16
intrusion
entry into the supervised premises by an unauthorised person(s)

– 9 – EN 50131-3:2009
3.1.17
logical key
logical information used by an authorized user to gain access to restricted functions or parts of a CIE
(EXAMPLE: PIN code, digital key, biometric key)
3.1.18
mechanical key
implement relying solely on physical shape to determine its uniqueness, used by an authorized user to
gain access to restricted functions or parts of a CIE
3.1.19
non-I&HAS interface
device external to the I&HAS used to carry out some or all ACE functions (EXAMPLES: Computer,
PDA)
3.1.20
operating mode
set, unset, setting and unsetting are the four operating modes

3.1.21
open by normal means
opening of the equipment housing by the procedure defined by the manufacturer
3.1.22
Personal Identification Number (PIN Code)
code used by an authorised user to gain access to restricted functions or parts of a CIE (example,
numeric or alphanumeric)
3.1.23
soak
an attribute of an alarm point such that signals or messages that normally create notifications are
prevented from doing so, but continue to be recorded in the event log
3.1.24
storage device (SD)
device which stores energy (EXAMPLE: a battery)
3.1.25
Supervised Premises Transceiver (SPT)
this document uses the definition of EN 50131-1:2006
3.1.26
test condition
condition of an alarm system in which the normal functions are modified for test purposes
3.1.27
user input
command generated by a deliberate user action
3.1.28
user input device
device used for user input (EXAMPLES: ACE, physical lock with electrical contacts)

3.2 Abbreviations
For the purposes of this European Standard the following abbreviations are used:
ACE Ancillary control equipment
APS Alternative power source
ARC Alarm receiving centre
ATS Alarm transmission system
CIE Control and indicating equipment
EPS External power source
EUT Equipment under test
FAR False acceptance rate
FRR False rejection rate
HAS Hold-up alarm system
IAS Intrusion alarm system
I&HAS Intrusion and hold-up alarm system
PDA Personal digital assistant
PIN Personal identification number
PS Power supply
SD Storage device
SPT Supervised premises transceiver
WD Warning device
4 Equipment attributes
4.1 General
CIE shall include attributes for the reception of signals and/or messages, processing the information,
notification and indication as appropriate. The detailed requirements are provided in Clause 8.
NOTE  If a function is provided that is optional for a particular grade and a claim of compliance is made, it shall meet the
applicable requirements for the grade for which compliance is claimed (if any are given). If there are no specifications for the
function at the grade in question, the requirements for any higher grade (as identified by the manufacturer) shall apply.
Compliance with this standard shall be demonstrated by assessment of Clause 4 through to Clause 10
and the application of the tests of Clause 11.
Annex D provides a cross reference between the requirements of EN 50131-1 and the requirements
and tests of this standard.
– 11 – EN 50131-3:2009
4.2 Functionality
Functions additional to the mandatory functions specified in this standard may be included in I&HAS
providing they do not influence the correct operation of the mandatory functions.
Where provided, these additional functions shall not affect compliance with the requirements of this
standard, except as permitted by EN 50131-1:2006, 8.3.13.
It is permitted for the CIE to include functionality for special purposes that would render the
I&HAS non-compliant with EN 50131-1. The manufacturer’s documentation shall include a
warning to this effect.
If use of a function(s) or combination of functions within the CIE would result in the installed I&HAS not
being compliant with EN 50131-1 or being compliant at a lower security grade (EXAMPLE: function(s)
reducing the security of the I&HAS) the manufacturer shall, either:
a) detail the configuration(s) which are compliant with EN 50131-1;
or
b) detail the function(s) or combination of functions that would result in the installed I&HAS not being
compliant with EN 50131-1.
The manufacturer shall document the fact that compliance labelling should be removed or adjusted if
non-compliant configurations are selected.

5 CIE construction
The CIE may be in a single housing or be distributed in multiple housings and may be combined with
other I&HAS components.
Provision shall be made to allow adequate fixing of the housing to the mounting surface.
Use of equipment not part of the I&HAS may be used to carry out ACE functions (EXAMPLE:
computer, PDA) if the conditions specified in Annex C are met.
6 Security grade
The CIE and ACE shall be declared to comply with one of four security grades (with grade 1 being the
lowest and grade 4 being the highest) and shall meet all the requirements of that grade.
The requirements for the performance of the CIE will vary depending upon its grade. Any testing will
be carried out according to the grade declared in the CIE documentation and marking.
7 Environmental performance
7.1 Requirements
CIE and ACE shall be suitable for use in at least one of the environmental classes defined in
EN 50131-1.
When the requirements of the four environmental classes are inadequate, due to the extreme
conditions experienced in certain geographic locations, special national conditions are given in
EN 50131-1:2006, Annex A.
7.2 Environmental and EMC tests
EN 50130-4 specifies EMC susceptibility tests relevant to I&HAS components. The operating
conditions for these tests are specified in Table 32 of this standard.

EN 50130-5 describes environmental test methods relevant to I&HAS components. The tests
applicable are specified in Table 32 of this standard.
NOTE Other environmental aspects, covered by EU Regulatory Directives, are outside the scope of this standard.
8 Functional requirements
8.1 Inputs
Depending on the grade of the CIE and ACE, means shall be provided to receive signals or messages
from detectors, hold-up trigger devices and information from user input devices as specified in the
following subclauses.
NOTE 1  This standard does not specify details of interconnections or the format of these signals or messages. Details of
possible means of transfer of the information are included in some of the component standards within the EN 50131 series.
NOTE 2  Some system components may require up to 180 s to initialise before normal functionality is available (EXAMPLE:
detectors).
8.1.1 Intruder detection
The CIE shall provide the means to receive signals or messages from intruder detectors.
8.1.2 Hold-up device
When a CIE provides hold-up facilities, means shall be provided to receive signals or messages from
hold-up devices.
8.1.3 Tamper
The CIE shall provide the means to receive tamper signals or messages.
8.1.4 Fault
Dependent on the grade, CIE shall include means to recognize the fault conditions as specified in
EN 50131-1:2006, Table 1 and in addition those faults shown in Table 1.
Table 1 - Recognition of additional fault conditions
Faults Grade 1 Grade 2 Grade 3 Grade 4
a
Battery change required M M M M
b
Power output fault b Op Op M M
Monitoring of processing Op Op M M
M = Mandatory    Op = Optional
a
= applies to type “C” PS only as defined in EN 50131-6.
b
= as in EN 50131-6:2008, 4.2.5.

8.1.5 User input
The CIE shall provide the means to receive information from user input devices (EXAMPLE: a keypad
or switch).
8.1.6 Masking
The CIE shall provide the means to receive masking signals or messages, according to grade.
The CIE shall process masking signals or messages when the system is set and optionally when
unset.
– 13 – EN 50131-3:2009
8.1.7 Movement detector range reduction
The CIE shall provide the means used to receive reduction of range signals or messages, according to
grade.
NOTE  The means to convey movement detector reduction of range signals or messages from detectors may not permit
differentiation from masking events. See detector standards.
8.1.8 Non-I&HAS inputs
When a CIE receives signals or messages or other information not necessary to meet the
requirements of this standard (EXAMPLE: monitoring of non-I&HAS equipment), this shall not affect
the ability of the CIE to meet the requirements of this standard.
8.2 Outputs
Notification output requirements are detailed in 8.6
The CIE may need to provide output signals or messages to interface with other I&HAS components,
as required by other relevant component standards. The installation documentation shall identify
which configurations are available.
EXAMPLES:
a) indication enable for detector or other component;
b) set/unset status information for detector, security fog device, etc.;
c) to trigger audible or visual alarm confirmation equipment;
d) to trigger security fog devices, etc.;
e) to enable functional test mode of detector;
f) to trigger remote self-test of detector or other component;
g) to restore detectors or other devices.
NOTE  If the restore involves removal of power from detectors, up to 180 s should be allowed for the detector to resume
normal operation (see EN 50131-2-series).
Output signals or messages may additionally be provided to interface to equipment outside of the
I&HAS (EXAMPLE: lighting).
8.3 Operation
The CIE shall provide the means necessary to enable authorized users to access the functions of the
CIE. Access to these functions shall be restricted by access levels and corresponding authorisations
according to 8.3.1 and 8.3.2 (EXAMPLE: by using a keypad or lock).
8.3.1 Access levels
Access to the functions of a CIE shall be restricted according to the requirements of EN 50131-1:2006,
8.3.1. If the CIE includes security functions additional to those identified in EN 50131-1:2006, Table 2
the access levels necessary to operate those functions shall be specified by the manufacturer. Access
levels for any non-security functions shall be specified in the manufacturer’s documentation.
Access at level 3 shall be authorized by access level 2 such that:

a) access remains authorized until manually removed,
or
b) access requires authorization for each occasion it is used.
Access at level 4 shall be authorized by access level 2 and 3 for each occasion it is used.
If level 3 access is granted without level 2 authorisation, as permitted by EN 50131-1:2006, 8.3.1, the
internal warning device shall be time limited, either to a fixed time quoted by the manufacturer or until
silenced by the level 3 user.
8.3.2 Authorization
Access to the functions of a CIE (as defined) at levels 2, 3 and 4 shall be restricted as required by
EN 50131-1:2006, 8.3.2. Authorization is not required for access at level 1.
Authorization shall be validated by the CIE.
NOTE If means to provide temporary authorization is provided (EXAMPLE: PIN code valid for a limited time or valid for use a
specified number of times), details should be included in the manufacturer’s documentation.
8.3.2.1 Use of mechanical key
Where mechanical keys are used, the manufacturer shall supply sufficient information to establish the
number of combinations available.
8.3.2.2 Use of logical keys
Where logical keys are used, the manufacturer shall supply sufficient information to establish the
number of combinations available.
Additionally the following apply to specific types of logical key. This does NOT restrict use of other
types.
8.3.2.2.1 Use of PIN codes
Where PIN codes are used, the number of combinations not available shall be identified by the
manufacturer and shall be disallowed from calculation of codes available.
Means shall be provided to prevent reading of authorization codes.
Entry of a code shall be completed within 60 s. If the code entry is not completed in that time, it shall
be treated as invalid in the context of 8.3.2.4.
8.3.2.2.2 Digital keys
Where a user can complete the setting or unsetting procedure from a location more than 1 m from the
CIE or ACE, digital keys used for I&HAS of grades 3 and 4 shall include means to prevent acceptance
of keys copied from intercepted data (EXAMPLE: rolling codes).

Where the operation can be performed other than at the point of exit from the premises, means shall
be provided to make the “prevention of setting” and “completion of setting” indications available to the
user (EXAMPLE: on the key).
Self-powered digital keys shall monitor storage device charge as required by EN 50131-6:2008, 4.2.2
and report battery low condition to the CIE (via ACE where applicable) each time the device is used
for setting or unsetting. This report shall be made on each event for a minimum of 25 such events,
over a period not exceeding 1 month and shall result in an indication and event log entry (including the
identity of the relevant user) each time the condition is reported.

When a low battery condition is identified at the time of setting, the I&HAS shall not set until the low
battery indication has been manually acknowledged at the CIE or ACE. This acknowledgement shall
be logged at grade 2 and above.

8.3.2.2.3 Biometric keys
Where biometric means are used for authorization, the recognition coding structure shall provide a
minimum number of combinations as shown in Table 2. Each recognition information presented to the
system shall be compared with this structure. The False Acceptance and False Rejection Rates shall
not exceed the values shown in Table 2.

– 15 – EN 50131-3:2009
Table 2 – Recognition of biometric keys
Grade 1 Grade 2 Grade 3 Grade 4
Number of 1 000 10 000 100 000 1 000 000
combinations
False Acceptance < 0,1 % < 0,1 % < 0,01 % < 0,001 %
Rate (FAR)
False Rejection < 1 % < 1 % < 1 % < 1 %
Rate (FRR)
If the FAR and FRR are adjustable, the means of adjustment shall permit identification of the
parameters to ensure compliance with the above grades. This information shall be included in the
manufacturer’s documentation.
NOTE  Additional characteristics of specific types of biometric device should be considered according to the suitability for the
assessed risk of the I&HAS (EXAMPLE: ease with which the biometric characteristic may be compromised).
8.3.2.3 Use of methods of authorization in combination
Two or more devices or technologies may be used by one or more individuals to authorize level 2 or
level 3 access to a CIE (EXAMPLE: use of PIN code plus digital key).
The combination of operations shall be validated by the CIE.
The maximum time between completion of one operation and initiation of the next shall be restricted
by grade according to Table 3:
Table 3 – Time intervals for methods of authorization used in combination
Grade 1 Grade 2 Grade 3 Grade 4
Time permitted 1 min 1 min 30 s 15 s
The number of combinations for each device is multiplied to assess the resulting grade compliance.
NOTE 1  Two different technologies may be used by same person.
NOTE 2  Two devices of same technology may be allocated to different people.
NOTE 3  Two technologies may be combined into a single device (EXAMPLE: mechanical key with integrated digital key).
8.3.2.4 Detection of repeated invalid authorization attempts
Depending on the grade, when a CIE uses logical keys to restrict access or when the CIE has the
means to identify individual mechanical keys, means shall be provided to detect and record repeated
attempts to gain access not recognised as valid by the CIE, as specified in Table 4.
When required by Table 4, the user input device(s) at which the invalid attempts are made shall be
disabled for a minimum of 90 s. Other or all user input devices may also be disabled.
Tamper shall not be activated when less than 3 invalid attempts are detected.
The CIE may treat repeated use of the same invalid logical key as a single attempt.

Table 4 – Detection of repeated invalid authorization attempts
Grade 1 Grade 2 Grade 3 Grade 4
a
Disable user input device(s) Op Op M M
Maximum number of attempts before user input 10 10 10 3
device(s) initially disabled
Maximum number of further attempts before user input 10 10 1 1
device(s) disabled
Record in event log each time user input device(s) Op Op Op M
disabled
a
Tamper signal or message Op Op Op M
Maximum number of attempts before tamper activated 21 21 21 7
M = Mandatory
Op = Optional
a
For grade 2 at least one of these requirements shall be provided.
8.3.3 Setting procedures
CIE shall provide means for a user to set the I&HAS or part thereof in accordance with
EN 50131-1:2006, 8.3.3 and 8.3.4.
NOTE  It is not mandatory to provide means to set a HAS or the HAS portion of an I&HAS.
The CIE may provide means to set automatically at pre-determined times (time dependent). When
means are provided to set at pre-determined periods, the CIE shall generate at least one indication
before commencing setting. Details of the pre-setting indication(s) shall be included in manufacturer’s
documentation.
NOTE This indication should enable a user on the premises to be aware of the imminent setting of the I&HAS.
If setting at grade 1 is implemented as permitted by EN 50131-1:2006, 8.3.4, means shall be provided
to cancel the setting procedure before it is completed. This shall not permit cancelling the setting
procedure if started by other means.
8.3.3.1 Prevention of setting and overriding of prevention of setting
The CIE shall provide means to prevent the setting of the system in accordance with
EN 50131-1:2006, 8.3.5 and may provide means to override such prevention of setting in accordance
with EN 50131-1:2006, 8.3.6.
Where the Prevention of Setting condition arises after the exit procedure has commenced, there shall
be means to warn the user that setting has been prevented (EXAMPLE: audible alert indication).
When setting is time dependent, means may be provided to override conditions preventing setting
automatically.
The overriding of prevention of setting conditions shall be logged as specified in 8.10.
8.3.3.2 Exit route facility
Provision of an exit route facility is optional.
When an exit route facility is provided, the CIE shall be provided with means to select the defined
alarm point(s) to be included in the exit route facility.
The CIE may provide the means to indicate that the exit procedure has commenced, in accordance
with EN 50131-1:2006, 8.3.4 and Table 9.

– 17 – EN 50131-3:2009
8.3.3.3 Failure to set
Means shall be provided to indicate and/or notify when the CIE fails to set, following the initiation of
setting procedure.
8.3.3.4 Set state
The CIE shall provide time limited means (for example, an output signal or message) to indicate that
the system has set (in accordance with EN 50131-1:2006, 8.3.7).
Means shall be provided to comply with at least one of the requirements specified in
EN 50131-1:2006, 8.3.7 whilst the I&HAS (or part thereof) is in the set state.
8.3.4 Unsetting procedure
The CIE shall provide means for a user to unset the I&HAS or part thereof in accordance with
EN 50131-1:2006, 8.3.3 and 8.3.8.
NOTE  It is not mandatory to provide means to unset a HAS or the HAS portion of an I&HAS.
The CIE may provide means to unset at pre-determined times. When this is done, the automatic
unsetting action shall not cancel an existing alarm condition.
The procedures for unsetting with associated indications, including the optional use of an entry route,
shall be in accordance with the requirements of EN 50131-1:2006, 8.3.8.
8.3.5 Restore function
The CIE shall provide means to restor
...