Navigating EAS and CAP compliance used to be easier, but now it seems to have become a costly roller coaster-like endeavor. EAS regulations and content distribution technologies continue to evolve, exposing an environment where upgrades and configuration management require near-continuous attention. What’s more, FCC requirements are continually being updated, so it’s difficult to keep up. Add software and security concerns to the mix, and it all makes compliance progressively more complex.

The good news is that, while the rules have undergone several changes in the past 20 years, the overall approach to compliance is not difficult. Maintaining the equipment is relatively simple, as most equipment follows the same basic rules.

How can you be sure your EAS equipment is compliant? Here’s a straightforward, step-by-step checklist. If you follow it properly, you can ensure continued compliance under the current FCC rules.

Step 1. Check the Current State EAS Plan

Get a current copy of your state’s EAS plan. Typically you can find it online, either through the FCC at www.fcc.gov/general/emergency-alert-system-eas, or directly from your state’s broadcast association website (e.g. TAB.org for Texas or FAB.org for Florida). It’s a good idea to either print a copy and keep it in your EAS file or keep an electronic version in a similar place.

From your state plan you should:

• Verify your location and compliance as outlined in the state plan.
• Monitor at least two over-the-air stations.
• Assure your EAS equipment is receiving the prescribed monitoring stations and their feeds.

It’s important to verify the signal integrity on the EAS device. That is, is the level adequate to ensure EAS tones will be properly decoded?

Some equipment will give both a visual OK and allow aural verification through the user interface that it has received a monthly test. In cases when the test fails, check the antenna. Many times, we’ve had reports from customers that failed to receive a monthly test, only to find out the antenna connection was removed or, worse, the monitoring antenna had been stolen!

• Verify that other key values, such as FIPS codes and EAS event codes, are properly entered into the EAS equipment.

The FCC requires forwarding the EAN, NPT and RMT event codes, however your state plan might require additional codes, so make sure the equipment is configured to receive and forward all the designated event codes.

Step 2. CRITICAL: Verify That Your IPAWS Connection Is Behind a Proper Firewall

Following the FCC’s Fifth Report and Order, all EAS participants are required to monitor the FEMA IPAWS system using an internet connection. Obviously, that means the equipment must be connected to an internet source, however, the connection must go through a firewall. At Monroe Electronics and Digital Alert Systems, we continue to see customers connect their equipment directly to the internet through a wired modem or terminal. We cannot stress enough that such a connection is absolutely unacceptable!

You must ensure there is a firewall between the EAS/CAP device and the internet connection! Don’t simply guess!

Recognize EAS/CAP devices are not security appliances. They are not designed to be used without proper firewalling. Installing an inexpensive firewall/router and changing the default user name and password offers protection over a device directly connected to the internet. This equipment should be considered part of a station’s critical infrastructure and treated as such. You wouldn’t want your accounting computer exposed to the open internet – the same goes for your EAS/CAP device.

Depending on the equipment, there might be verification tests to assure proper IPAWS connection. Regardless, one way to check is simply to inspect your incoming logs. FEMA issues weekly tests nearly every Monday at 11 a.m. local time. That means one at 11 a.m. ET, another at 11 a.m. CT, and so on. By looking at the incoming IPAWS received logs, you can verify you’re receiving these alerts and know with confidence you’ll be able to receive an actual emergency message. As always, check the operator’s manual or contact the manufacturer’s support team to answer any questions.

Step 3. Back Up and Store

Because most record keeping for EAS is now done electronically, it’s wise to create a backup for configurations and event logs. Most new equipment will send an email indicating when an event has occurred. Therefore one of the best courses of action is to set up an independent email account (such as [email protected]) for storing EAS logs. Creating an account is easy to do. Then, by setting the EAS/CAP device to send an email whenever an event takes place, the mailbox becomes an automatic backup of all the EAS events. It’s important to keep all EAS logs — received and transmitted (forwarded) — for a minimum of two years, and this simple procedure can ensure those logs are available if needed.

The FCC requires a weekly review of the logs, and better equipment can be set to email a weekly and monthly report automatically, both to the EAS email account (the one you set up as we just instructed) and to others at the station. The person responsible for compliance should review the log carefully. Did you get any activations? Were they properly forwarded? Did you send out Require Weekly Tests (RWTs) every week, and if not, why? What about receiving the Required Monthly Test (RMT)? Looking over this log can quickly reveal any discrepancies that might require corrective action.

For even more redundancy, you might want to keep a hard copy in the station logs, but at a minimum, print the report as a PDF and e-sign it. Then store it as further proof of proper EAS compliance. For example, you could email the signed summary to your EAS mailbox.

And don’t forget configuration settings. The EAS/CAP device relies on a computer core to execute its many functions. As with any computer, it’s a good idea to store a copy of the unit’s configuration in a separate location instead of on the device itself. That way, if the device fails or gets replaced or repaired, you can simply restore the settings rather than completely reprogram all the variables.

Step 4. Maintenance/ Housekeeping

Like with any piece of modern, flexible computing equipment, periodic maintenance is important to maintaining optimum performance. That’s because manufacturers are continually adding new features and tweaking or improving functions.

Responsible manufacturers will notify you of any updates or changes, but it pays to follow a couple best practices:

• Make sure the unit is registered with the manufacturer. If the manufacturer has a support infrastructure that sends out update information, then make sure you’re on the email list.

• Check the manufacturer’s website periodically for any updates. Many of these updates are critical to proper operation and security.

In summary, the basic EAS/CAP compliance guidelines are:

• Monitor at least two over-the-air stations per the state EAS plan.
• Monitor the FEMA IPAWS feed through a firewalled internet connection.
• Assure the equipment is configured to pass EAN, NPT, and RMT event codes at a minimum, and include any state-sponsored event codes.
• Assure the equipment or station is generating an RWT at least once a week, noting this rule is suspended if another activation has occurred within the week.
• Keep all EAS logs — received and transmitted (forwarded) — for a minimum of two years.
• Register your equipment with your manufacturer for updates and check your manufacturer’s website periodically to see if any updates are available.
• Keep equipment up to date by installing any manufacturer-provided updates to ensure proper operation and enhance any security features.

While the rules governing EAS are seemingly always in flux, fundamental compliance is quite easy to achieve if you follow these essential steps.