5 Things You Need To Know About The 2022 Edition Of NFPA 72

5 Things You Need To Know About The 2022 Edition Of NFPA 72
Electronic Security Association — April 19, 2023

By Rodger Reiswig | VP Industry Relations, Johnson Controls | ESA Standards Committee Chair

It’s been three years since the National Fire Protection Association (NFPA) published the most recent edition of the wide-ranging standard that spans “the application, installation, location, performance, inspection, testing and maintenance of fire alarm systems, fire warning equipment, and emergency warning equipment and their components.” 

 

2022 Update 

A 2022 edition was officially published in September 2021, after thousands of hours of collaboration, review, and debate among a technical committee. The 2022 update is a significant one; there are hundreds of changes in the document, ranging from minor edits of terminology to major items like Cybersecurity. Whether you’re an architect, engineer, contractor, or building owner/manager, NFPA 72 matters. 

It will have an impact on how you design, test, install and maintain life safety systems in the future. So even if your jurisdiction will not immediately adopt the 2022 edition of NFPA 72, it’s important to know what’s in the pipeline. Understanding the new edition will enable you to plan for the future and gain insight into how technologies like remote access are changing life safety and building systems. 

Here are five things you need to know about the 2022 edition of NFPA 72: 

1) Secondary power supply requirements for batteries have changed 
 

Batteries play a significant role in ensuring fire alarm system reliability but are one of the most overlooked items. Fire alarm control units typically rely on their local power grid as a primary power supply, and when that grid is operational, all is fine. 

However, should that power failure due to weather interference or technical failure and brownout conditions occur, the secondary power supply comes into play? 

 

NFPA Capacity  

NFPA 72 states that the secondary power supply (typically batteries) for the protected premises system shall have sufficient capacity to operate the system under quiescent load (system operating in a nonalarm condition) for a minimum of 24 hours. 

At the end of the 24-hour, the secondary power supply must be capable of operating all alarm notification appliances used for evacuation or to direct aid to the location of an emergency for five minutes. If the system incorporates in-building fire emergency voice/alarm communications, then the system needs to operate for 15 minutes. 

 

NFPA Charging system 

Batteries need to be able to take a charge from the charging system within the fire alarm control unit. Batteries have a life expectancy and also need to be load tested at least annually. 

But not all batteries are created equal. So much so that NFPA 72 has decided to raise the bar and impose a new requirement for the batteries used in fire alarm control units. 

 

NFPA’s Listing standards 

Examples of listing standards are UL 1989, Standby Batteries, and UL 2054, Household and Commercial Batteries 

NFPA 72 states that effective January 1, 2024, rechargeable batteries for the secondary power supply used in control units, devices, and accessories shall be listed or component-recognized by a nationally recognized testing laboratory. 

The action was taken because of the acknowledged new dangers posed by today’s battery technologies, primarily due to increased energy densities. Examples of listing standards are UL 1989, Standby Batteries, and UL 2054, Household and Commercial Batteries. 

2) Fire alarm control units powered by the Internet of Things require new cybersecurity measures 

 

Should you be concerned about cybersecurity in a fire alarm control unit? It depends on how it was installed and connected. Many fire alarm systems do not require cybersecurity as they typically use their wiring and infrastructure and do not connect to “outside” equipment. 

For example, smoke detectors connected to the fire alarm control unit with wires only used for the fire alarm system, meaning there are no attack vectors that could be exploited. However, this is rapidly changing. 

 

Cybersecurity standards 

With fire alarm systems able to connect to the internet, allowing a user to see the status of their system on an app and even perform remote service diagnostics, these cloud-based integrations require new cybersecurity measures. 

Underwaters Laboratories, UL, has created a suite of cybersecurity standards. For example, The UL 2900 series of documents covering cybersecurity encompass healthcare, industrial and life safety signaling systems. Now manufacturers can produce fire alarm control units listed to these standards and “build-in” cybersecurity measures. 

 

Patches 

“Bad actors are constantly on the prowl for vulnerabilities and patches need to be sent periodically” 

But cybersecurity protection doesn’t stop once a piece of equipment leaves the factory. Bad actors are constantly on the prowl for vulnerabilities and patches need to be sent periodically to fix any such avenues for attack. 

Just like our computer s, mobile devices, etc. all routinely receive updates to help to prevent unwanted attacks, fire alarm systems are no different. How these patches will get delivered and tested is different. 

 

Fire alarms 

Fire alarms need to function all of the time, they cannot go down unless service personnel or Firewatch people are on site. When patches are implemented, we need to ensure the system still functions properly, has come back online properly, and has not been compromised. 

Fire alarms, unlike our computers, cannot be rebooted over and over trying to fix them when a patch does not function properly. Nor do we have the luxury to replace a fire alarm CPU as quickly as a laptop. 

 

Guidelines for cybersecurity 

To address all of this, NFPA 72 has created a new chapter for 2022, Chapter 11 entitled “Cybersecurity.” The chapter is a placeholder for the technical committees to work on for the 2025 edition. But it does offer a glimpse into things to come and provides some guidance for today. 

Along with the chapter addition, there is a new Annex J entitled “Guidelines for Cybersecurity.” There is a wealth of information on how cybersecurity measures can be improved for fire alarm and signaling solutions within the new annex. 

3) Remote access for fire alarm control units requires new capabilities 

 

“We do not want to allow bad actors to possibly use the fire alarm system to access larger digital infrastructure” 

Now that systems are being connected for users to see the status of their systems and remote diagnostics have become the norm, NFPA and UL have had to make changes to the allowance and proper usage of these features. UL 864 the Standard for Control Units and Accessories for Fire Alarm Systems has recently added testing protocols for remote access for fire alarm systems. 

NFPA 72 has also added guidance for how to properly implement remote access. Like cybersecurity, we do not want to allow bad actors to possibly use the fire alarm system to access larger digital infrastructure and do harm. 

 

Benefits of NFPA 72

The benefit of having properly listed equipment and processes for remote access is the door is now open even wider for remote testing, programming, and other applications. Some of the additions to NFPA 72 are that remote access shall not affect the operation or response of the fire alarm or signaling systems. 

Remote access can now allow for the first time the ability to test and perform maintenance activities, including the resetting, silencing, or operation of emergency control functions. 

 

Remote access with NFPA 72

There are additional requirements such as the system needing a means to manually terminate the remote access connection at the remote device and the fire alarm or signaling system control unit at any time. 

Further, remote access needs to automatically terminate within a maximum of one hour of inactivity in the remote access mode. Also, the resetting, silencing, or operation of emergency control functions shall be limited to a portion(s) of the system taken out of service and must be enabled by a qualified person onsite by password or limited access. 

4) Fire alarm systems must meet new MNS standards 

“The 2007 edition of the NFPA 72 added annex materials to guide allowing a fire alarm system to be used” 

The role of communication in fire systems has been evolving for years, and NFPA 72 has been evolving with it. The 2007 edition of the NFPA 72 added annex materials to guide allowing a fire alarm system to be used or connected to a Mass Notification System (MNS). 

In the 2010 edition, this was taken a step further with the creation of Chapter 24, Emergency Communications Systems (ECS). 

 

UL 2572 Standard 

At that time there were no listing standards for MNS or ECS, but that was about to change. UL created a new Standard in 2016, UL 2572 Standard for Mass Notification Systems. This new Standard allows for equipment to become certified to be used for MNS or ECS applications. 

Since the Standard has been released many manufacturers have been able to obtain this certification for their respective systems. Starting with the 2022 edition of NFPA 72, control units installed as part of an MNS must be listed by applicable standards such as UL 2572, and Mass Notification Systems. 

5) You are key to the process 

The NFPA has made the process of updating NFPA 72 rigorous, open and inclusive, and the organization values your opinion. Don’t sit on the sidelines. 

Your knowledge, input, and feedback will help ensure that life safety standards continue to improve in a way that makes sense for everyone. If you believe there are key changes that should be addressed or new technologies that should be added, go to the NFPA website to make your voice heard.