Without integration, alert notification is useless

Without integration, alert notification is useless
Tags: Education / Schools, Networking / Connectivity, Security
August 22, 2011 - Sean Matthews

There are more than a handful of software and hardware vendors out there touting the fact that their products are CAP compliant. For the uninitiated, CAP stands for common alerting protocol. You can think of it as the digital version of the Emergency Alert System (EAS) used by broadcasters, cable companies and satellite providers for decades.

According to the OASIS standard, "The Common Alerting Protocol (CAP) is a simple but general format for exchanging all-hazard emergency alerts and public warnings over all kinds of networks. CAP allows a consistent warning message to be disseminated simultaneously over many different warning systems, thus increasing warning effectiveness while simplifying the warning task ... CAP provides a template for effective warning messages based on best practices identified in academic research and real-world experience."

When someone states that their product is CAP compliant, it probably means one of two things; they can either produce a CAP message or receive a CAP message, but that doesn't mean that their product can be effectively integrated into a practical solution. Most college campuses, for example, have multiple mass notification systems in place that are proprietary and probably will not work together even if they are CAP compliant. This can lead to a delay in the delivery of emergency messages. It may mean that certain endpoints might not ever receive the message.

If each of these proprietary products can simply produce a CAP message, but none can receive a message, then nobody will know when one of these systems created an alert. A 2009 "Campus Safety Magazine" article focused on a solution at Florida State University stated that "because every emergency alert system has its strengths and weaknesses, it is generally considered a best practice for a campus to have several modes of mass notification in place. Some institutions have 20 or more methods they use. If each of those methods has its own activation process, however, the amount of time it takes to send a message via each modality could be burdensome. For example, depending on who is working at the time, it can take Florida State University (FSU) between 13 and 20 minutes to activate all of its 27 systems." A lot can happen in 20 minutes.

The first step toward resolving the issue of numerous, disparate emergency systems is to research each and categorize them into three groups: (1) can generate a CAP compliant message, (2) can consume a CAP message or (3) does not support CAP messages.

For the systems that can generate a CAP-compliant message, next find out exactly how that message is disseminated. For example, is the message simply posted to a Web page? Or can the message be sent to a specific server designed to receive and process such messages (also referred to as a "CAP listener")? If the CAP message is posted to a website, find out how successive CAP messages are handled (i.e., Do later CAP messages replace or append previous messages?).

Then, for the systems that can process a CAP message, find out if the message must be specifically sent to the consuming system by the sending system, or if the CAP listener can watch, or poll, another system for new messages.

It is critical that before you recommend, specify or purchase a "CAP-compliant" solution, that you research the capabilities of each product that will be part of the total Alert Notification system. Again, without integration, alert notification is useless.

For additional information on CAP standards, visit http://www.oasis-open.org/.