Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error
Fire suppression in IT server rooms
Options
Go to last post Go to first unread
Previous Topic Next Topic
df2  
#1 Posted : 28 August 2014 13:38:17(UTC)
Rank: Forum user
df2
We are currently relocaitng our IT server room and as part of the initial tender we asked for a gas suppression system to be installed as part of our fire protection controls (this is already in place in our existing server room). In order to lower costs, it has been suggested that we omit the gas suppression system from the installation.

I have spoken with our insurers and they have advised that providing the equipment is not above a certain value and we have a business continuity plan in place to cover any incident, they are happy for us to proceed without it. I am not!!

Can anyone provide any further pointers/examples etc that I may be able to use to reinforce my case to have it installed?

Any information would be appreciated.
Back to top
PIKEMAN  
#2 Posted : 28 August 2014 13:40:53(UTC)
Rank: Super forum user
PIKEMAN
Surely this would come from a fire risk assessment and also your business continuity plans.
Back to top
JohnW  
#3 Posted : 28 August 2014 13:51:13(UTC)
Rank: Super forum user
JohnW
I second the points made by Pikeman

If your insurers want you to use a cheaper fire-fighting solution, note that powder fire extinguishers may not suitable for computer hardware systems - this might be a myth but it's what some folks tell me
Back to top
David Bannister  
#4 Posted : 28 August 2014 13:51:41(UTC)
Rank: Super forum user
David Bannister
Hi DF2, I think the best way to reach a decision on whether the fire suppression is really needed is to fully consider all aspects of the risk e.g.
the likelihood of ignition
the likelihood of spread
the extent of damage that would be caused
the criticality of the systems
the availability of replacement kit
the down time before critical parts are restarted
the overall impact to the business from the scenario
the possibility of contingency arrangements
the appetite for risk of the business
the acceptability or otherwise of that risk.

If the answer at the bottom reached by the business owners is to accept the lack of suppression then that is their decision to make.

Lack of email and accounts for a few days will be unlikely to kill a business but denial of service to volatile customers may be too much of an exposure.
Back to top
df2  
#5 Posted : 29 August 2014 13:17:08(UTC)
Rank: Forum user
df2
Cheers all

These are the things that have been considered and put forward already so i'm glad i was approaching it the right way. It still seems to be down to money as the deciding factor.

I'll keep battling on!
Back to top
Canopener  
#6 Posted : 29 August 2014 13:39:09(UTC)
Rank: Super forum user
Canopener
Dave makes some very valid observations, especially that of the appetite for risk. For the most organisations it is not the cost of the equipment that is the biggest concern (especially if this is insured) but rather the value of the data and the time taken to restore that data and the potential of loss of business while that data is being restored (if at all).

This may not be an insurable/insured risk (and therefore of no great concern to your insurers) but for your organisation itself, I would have thought that this should be one of the major considerations especially as any significant delay is being able to restore data could be the difference between being able to sustain a viable business or not.

If you are doing regular backups to another location (real or virtual) and you have a robust recovery plan, then your organisation might consider that sufficient.

I you have raised this at the correct level and they chose to ignore the advice that they pay you for then I am not sure if you need to keep battling against them unless you feel that there is a significant life risk; even then like most of us, if you have raised the issue at the correct level and with plausible arguments, then you have probably done all you can do. You don't have to win every 'battle'.

Cost (alongside the risk, the appetite for risk etc etc) is valid.
Back to top
firesafety101  
#7 Posted : 29 August 2014 15:23:07(UTC)
Rank: Super forum user
firesafety101
You need to look at the reason/s why you think you need the gas suppression system?

If it is to save the equipment from a fire protection point of view then fair enough, if you really need to save the equipment, or can it be replaced quite cheaply in comparison with the fire system, (remember it is the insure who will stand the cost of replacement)?

If it is to prevent losing vital information on the servers and if you do not have business continuity back up then, again fair enough.

If, however you can replace the equipment at a reasonable cost, (to the insurer) and if you do have business continuity that will enable the business to carry on functioning during the time the server room is out of action then no need to ignore the guidance of the insurer.

Save yourself the trouble and hassle of arguing the toss if it really is not necessary.

Remember the "Powers that be" look at issues like these from a different point of view and if you look at it from "outside the box" you may see their point?
Back to top
mssy  
#8 Posted : 29 August 2014 17:23:14(UTC)
Rank: Super forum user
mssy
Firstly to those who think a FRA will provide any useful information to assess whether or not to provide a suppression system in this case, of course it wont. FRAs consider life risk and not asset protection.

I must come clean and admit I dislike posts that simply refer people to a British standard, but in this case I will do the same. The bottom line is you simply must align your risk assessment to a proper standard to get best practice and de-personalise the decision

BS6266:2011 is £200, but worth every penny when assessing data hall/server room fire protection.

It defines various sizes of risk into (I think) 4 groups - from a server room to a top tier data hall. then it gives guidance on each group how and to what level the kit should be protected.

Take care if you are going with the "do nothing" option, as you need to base that on a proper standard, rather that discussing it over a pint in the pub. So, if it all goes belly up and the same Directors who didnt want to spend any cash come looking for a fall guy, you can link your RA with the model as set out in BS6266 and prove due diligence

I am currently involved in an identical situation at a major multi £million site. I have got all parties to agree that the BS 6266 methodology is the one we will use to ensure our final decision is linked to best practice.

Its all about being able to sleep at night. Surely that's worth £200 of anyone's money!!

http://shop.bsigroup.com.../?pid=000000000030189448
Back to top
df2  
#9 Posted : 01 September 2014 11:54:09(UTC)
Rank: Forum user
df2
Thanks everyone. Much appreciated.
Back to top
Users browsing this topic
Guest
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2025, Yet Another Forum.NET