[
Computer and communications assets are often the most critical parts of a business, yet sometimes solutions are dictated by fashion rather than a tailored risk assessment. Paul Bryant of Kingfell plc looks into the issues.
Coming from an insurance industry background when I worked for the Fire Offices’ Committee (and later the Loss Prevention Council), I realised early on that fire safety and fire protection isn’t just about life safety. The Fire Offices’ Committee (FOC) was at the forefront of fire protection regulation in the UK since it was formed in 1868.
For those not aware of this great institution, the FOC was formed by the main fire insurance companies of the time, who jointly agreed a set of tariffs with appropriate discounts if clients made provisions for protection against fire. These provisions relied on passive means of fire protection, as well as early active systems such as sprinklers. The FOC also wrote rules for fire protection systems and introduced approval schemes for fire protection equipment.
Consequently, it was the need to provide for property protection – rather than life safety – that was a key driver for the fire protection industry. In the days of the quill and the bureau, critical assets in offices were largely the building and the paper records stored within. In industry, critical assets were the great machines found in factories.
Today, when we think of critical assets, we mostly think of the computer systems that are the backbone of our businesses. The importance of computer systems was recognised by the Fire Offices Committee back in the 1970s, when special rules for the fire protection of electronic data processing installations were produced. The Loss Prevention Council took over the rules in the 1980s, which were used to produce the equivalent British Standard, BS 6266: Code of Practice for fire protection for electronic equipment installations.
The fire protection of critical assets should be a relatively easy , as we do not need to consider life safety issues such as means of escape provisions. Nevertheless, when you look at BS 6266, you will realise it is certainly not a simple exercise.
The current edition of the standard (2002) provides recommendations appropriate to a series of categories of electronic data processing installation, ranging from the equivalent of the small office environment though to major real time processing centres, such as air traffic control, where many aspects are critical. The standard covers all aspects appropriate to the fire safety and protection regime, including a section on risk assessment, but it is often the sections on the application of fire detection systems for such special environments that remains the main reason for it being specified. It is quite possible that these sections may find themselves in a future version of BS 5839 Part 1.
Setting the fire strategy
The best way to provide an effective fire safety and protection arrangement is by formulating a fire safety strategy that considers not just the best forms of protection for the assets, but reviews the requirements for life safety and how the overall plan may be complementary or not. In fact there are usually four main objectives to be considered in any fire strategy. These are:
– Life safety: Usually set by legislation or building control.
– Property/asset protection: The insurer has often been the driving force here, but company’s increasingly see this as part of their business strategy. Assets, including critical assets, could be absolutely anything from a central server to a great work of art.
– Business protection: As with property protection, the insurer and business will be the likely parties to ensure that proper controls are in place, or that a robust contingency plan will ensure that a fire doesn’t necessarily finish the business (more common than many realise!).
– Environmental protection: This is often overlooked but could be the biggest showstopper in certain circumstances. It’s often viewed as an ethical consideration but will increasingly be put higher on the agenda by legislation.
A proper assessment of objectives, at an early stage, of what is required and what is recommended should help ensure that the final strategy is consistent with all objectives, without adding unnecessary cost. Following on from an agreement of objectives, the strategy could be divided into four elements: fire prevention, fire protection, management of fire and contingency planning.
Fire Prevention is where any strategy should start. Whatever the belief in the abilities of fire protection systems, resources should obviously be focused at preventing fires. A simple set of rules including housekeeping, maintenance of electrical systems, removing unnecessary hazards, can drastically reduce the probability of a fire incident, but can often be overlooked in a busy environment.
Risks can be identified during one of the regular fire safety risk assessments. When considering critical assets, risk assessments need not just evaluate areas in terms of probability and impact.
In the mid-1990’s, Kingfell developed a risk assessment system using the factors of ‘environment’ and ‘process’ are considered in asset protection assessments, the risk may be evaluated in an alternative way. In this context, environment measures the ‘static’ risks, such as the building materials, fixtures and fittings and air conditioning. Process measures those ‘dynamic”‘ factors such as people, operations and use of equipment. Determining the impact of each factor within each area, separately and collectively, may lead to a refreshing, alternative, assessment of risk. This form of assessment could even be used to illustrate the ‘riskiness’ of different areas of a premises, as shown in Figure 1.
Fire protection
When thinking about fire protection of critical assets, many will be able to conjure up a fire protection strategy at will:
– Fire detection, using aspirating systems and/or point detectors, installed at greater densities than normal and operating in a ‘coincidence connection’ configuration.
– Gaseous fire extinguishing systems using one of the many alternative new generation of extinguishing agents.
– Critical rooms separated from other areas by appropriately rated fire separations.
In many cases, this may be the most appropriate design strategy for many a computer suite. However, the emphasis on a strategy based upon the results of a risk assessment should lead to a less generic approach. Fire protection specifications tend to follow a form of fashion, especially when protecting critical assets. For instance, aspirating systems continue to be specified for computer rooms, but it could be questioned if specifiers fully understand why such systems take first place in the queue? Many modern point detectors have the sophisticated abilities and sensitivity of aspirating devices. Similarly, some specifiers still look for the nearest extinguishing agent to Halon, when questions such as: “Do we need a total flooding gaseous system?” or “Are water sprinkler systems suitable in this scenario? never get properly addressed.
Fire Safety Management should often be the starting point to ensure that those with the responsibilities for fire safety and protection have the appropriate authorities – and the proper set of ‘tools’ – to ensure that strategy is maintained. The starting point should identify who is actually the focal point…not always straightforward.
Fire safety management should oversee controls on processes, people, contractors and should be given the budget for a proper and effective maintenance regime.
The business contingency and disaster plan should be totally complementary to the fire safety strategy. This would seem to be commonsense but in some cases, those responsible for the contingency plan may not even be aware of the fire arrangements. The bottom line is that money could be saved if there is a seamless contingency and fire safety strategy.
In conclusion, the protection of critical assets should be seen as part of an overall fire safety and protection strategy, and not just as an adjunct to life safety measures.