UL 2050 certification: what it is and how to obtain it
Development of a UL 2050 room
Anyone already in the security business knows that getting certified by Underwriters Laboratories is no easy task. In contrast, getting a “certified” facility is a long and labyrinthine process that requires achieving a host of the highest standards and ongoing inspections to maintain them.
That said, it’s far from impossible. Hundreds of security companies are certified across the country and thousands of UL 2050 certified facilities are in operation.
This article is primarily intended to help those companies looking to develop a UL 2050 room by compiling all the necessary information in one place. However, those who already own and operate these secure facilities, but are looking to change their security company, may also benefit.
A brief history of UL 2050
In 1993, the United States Department of Defense developed a set of standards and guidelines to ensure the security of its classified material, information, and equipment to be developed, stored, or maintained by a government contractor. Specifically, these standards were laid out in something called the National Industrial Security Program Operating Manual, or NISPOM. This meant that in order to work for the DOD, each contractor’s facility had to meet these particular standards and procedures.
Around the same time, an independent organization called Underwriters Laboratories developed a set of standards that would meet and often exceed the standards set forth in NISPOM. The result was Underwriters Laboratories 2050 or UL 2050.
2050 has no particular meaning, except that it is how UL refers to this specific level of safety. DOD recognizes UL’s meticulous standards, and UL, in turn, is authorized to certify security companies to create, monitor, and inspect Confidential Information Compartment Facilities, or SCIFs.
SCIF and who uses them
In essence, a SCIF is any room or facility that will be used to research, manufacture, store, or support any project, information, equipment, or personnel for any branch of the Armed Forces or other agencies. They usually involve classified information or materials, but while this may conjure up images straight out of James Bond, they can be anything from a computer or chemical lab to warehouses and carpenters.
These SCIFs are almost always used by government contractors or those hoping to become one when bidding on military and government projects. In fact, UL 2050 is the Department of Defense standard. Any company seeking to work with the DOD, the Armed Forces, or any of the twenty-two other government agencies is required to have a SCIF certified to UL 2050. Since these contracts are far-reaching and often isolated by a national budget, the Demand for SCIF with UL 2050 certification generally remains fairly constant even in times of economic downturn.
Obtain a UL 2050 certified company
First of all, it is not a company or company that gets the UL 2050 certification, but rather a specific room or facility. UL 2050 means that the SCIF has been built and inspected to meet UL specifications based on the DOD NISPOM. Whether one or a hundred, this must be done separately for each SCIF.
However, and this is key, it is not UL that issues the certificate. Underwriters Laboratories deals directly with specific security companies. Each security company goes through a rigorous validation and certification process to achieve what UL calls “CRZH” certification. CRZH does not mean anything, but refers only to the UL code assigned to this type of certificate.
The security company, by virtue of its CRZH certification, is authorized to consult, build, inspect, monitor and certify a SCIF within a specific radius of around a four-hour response time, or 200 miles. It is the security company that sponsors a facility for certification and issues the UL 2050 certificate.
The first step
The first step towards UL 2050 certification is to contact a CRZH certified security company. UL maintains a directory of such companies on its website. Simply enter your location information and “CRZH” in the “UL Category Code” and you will be given a list of all certified companies in your area. Keep the search scope wide by using only state or country information. This will return more results that can be applied to you within a 200 mile radius.
Once you contact the security company, negotiations will begin on the type of SCIF you need for what you want to do. This will typically start with an inspection of the proposed site and then proceed to what systems and changes will need to be implemented.
It is impossible to overestimate the importance of this security company. An SCIF must be built according to precise standards. Every step of construction, programming, electronics, and monitoring must be done by companies with their own particular levels of certification and quality. A CRZH security company is an invaluable resource for finding reputable companies, from builders to alarm monitors.
Consulting a CRZH-certified security company as soon as possible allows a company to develop realistic budgets and determine competitive bids for government contracts.
mystery cloud
Anyone wishing to develop their first SCIF can be put off by how unclear the public information is. Cost, for example, is rarely analyzed in finite terms until well into the process. The reason, simply, is that the cost must be determined on a case-by-case basis according to the changes that must be made to comply with UL 2050 standards.
Similarly, the standards themselves, described in a single UL publication, are one of the most closely controlled documents in the country. Due to the level of security involved, a copy can only be issued when a security company is registered with UL. Even so, it will only be released to a designated employee who is verified by address and contact information and the copy you receive is individually numbered and catalogued. Needless to say, the consequences of duplicating or leaking the security standards of every DOD and Military project in the country are truly dire.
Later online and long term
Once the room is developed, the security company is responsible for inspecting and monitoring the facility to ensure it meets and maintains UL 2050 standards. Underwriters Laboratories will perform their own inspection of every aspect of the facility. Once the installation is approved, the security company is authorized to issue an official UL 2050 certificate.
This certificate is a kind of bond that guarantees that the installation will operate according to UL 2050 standards and that the security company that issues the certificate will facilitate and guarantee that level of operation. To do this, the security company will carry out periodic inspections of the installation, as will Underwriters Laboratories. These inspections are often unannounced and will be conducted at least once a year by both organizations.
Consequently, it is essential to have a security company you trust. Like other services, a good security company must have an extraordinary commitment to quality installation, service, and response. After all, the stakes are millions of dollars in government contracts.