Previous Table of Contents Next


Event Notification

The importance of the alarm system notification feature cannot be understated. The IT auditor can verify that all necessary detectors are in place, but if those detectors do not bring an immediate response, their effectiveness is compromised. The IT auditor cannot assume that a comprehensive alarm system costing any amount of money, and providing every conceivable feature will actually be connected to a guard station or to the police and fire departments.

Local Siren. The local siren is a good method of notification because the personnel on site may be able to respond to the situation and resolve it immediately or very quickly. It also places on-duty personnel on notice as to the existence of a problem even if their only response is to vacate the area, which accomplishes the primary objective in these situations—to protect life.

Guard Location. The IT auditor may find guards that are on site or there may be an off-site guard service connected to the company’s alarms. In either case, an alarm sounding at a guard’s location should cause company personnel to begin responding according to their emergency procedures manual.

Community Services. The company may include procedures to have the guards notify the applicable public service, such as the police or fire department, or the system may be set up with a direct connection to these services. In either case, the setup is designed to ensure that the necessary community services are notified as quickly as possible to accelerate the required response.

Automatic Call-Out. Touch-pulse and touch-tone dialing technology has an unexpected benefit—machines/computers can dial the telephone. This improves the capabilities of physical detection systems. One of the improvements is the ability to establish a calling list. The system uses this list, based on the nature of the detected event, to make phone calls to the appropriate persons on the calling list. When the phone call is answered, the system announces its identify, the type of event, and any other relevant information.

For example, the system call might announce that: “This is the XYZ Company data center alert system. The heat detector has been activated because the room temperature was XXX degrees and is currently YYY degrees. Successful calls have been placed to....” The system tracks successful calls based on a response code that the recipient would be expected to enter after hearing the message.

Event Response

Once the environmental event has been identified and the appropriate parties notified, an appropriate response is required. These responses fall into three categories:

  Administrative responses. Once an environmental event takes place and the appropriate company personnel have been notified, it is likely that one or more emergency procedures will be activated. The extent of those procedures is likely to vary according to the nature and severity of the problem encountered. All personnel should be familiar with the emergency procedures so that they can be implemented quickly with minimal effort.
  Community service response. Once notified, the typical community service response will be to activate the appropriate equipment and personnel who will respond to the scene. Once there, they will have their own procedures to follow, and can generally be expected to take care of themselves.
  On-site manual and automated responses. The on-site manual response should be directed by an emergency procedures manual. The IT auditor should look for such a manual, and make a recommendation that one be developed if one does not exist. Usually, the risk management or facility personnel are responsible for drafting emergency procedures.

The on-site automated response is almost entirely focused on fires, at least in terms of there being alternatives from which to choose. The alarm system may have the capability of being connected to the computer such that an orderly shutdown could be initiated. That would be almost the only automated response to a temperature or water problem:

  A temperature problem. A temperature problem identified by the alarm system usually indicates a failure of the HVAC system. For example, the HVAC thermostat controlling the heat and cooling mechanisms is probably not going to be able to react to the problem. In that case, someone will have to get in and either find a way to at least temporarily correct the problem or else shut down the computer.
  A water problem. A water problem is particularly difficult to address, unless the company has deemed the risk important enough to warrant having an installed pump that can be turned on by the alarm system. In this situation, having the system effect an orderly shutdown is strongly recommended to reduce the risk of data loss and other problems.

FIRE SUPPRESSION SYSTEMS

A fire problem has a number of solutions. The number of solutions, the range in costs to implement and maintain those solutions, and changing regulations require careful analyses of the resolution of fire problems. However, there are two primary fire suppression systems: chemical and water. Many IT professionals continue to be convinced that water has no place in a data center, although numerous companies, such as IBM, have approved and supported a switch to water-based systems for many of their own sites, and suggested water as one of the acceptable alternatives for protecting data centers.

Water-Based Fire Suppression Systems

Two reasons for the switch to water-based systems are: computer construction has changed over time so they are much less susceptible to water damage, and fires in data centers do not usually start with the computer, but with other equipment or materials in the room that are best extinguished by water.

The original sprinkler systems were very simple, turning on only when the temperature increased until a piece of lead would melt, and the sprinkler head would activate. Some of the problems with sprinkler systems include:

  Ballast failure causing unnecessary water release and associated damage
  Water releasing over an area that is not on fire because air circulation patterns moved heated air to another area
  The imprecision of the response such that equipment and facilities that were not at risk were damaged

The desirability of water sprinklers has led to continuing advances in that particular technology; advances that were facilitated by microprocessor technology. Fire detection systems became more sophisticated, gaining the ability to determine the location of a potential fire more precisely. Three new types of water sprinkler-based fire suppression systems that have evolved include:

  Computer-controlled wet pipe
  Computer-controlled dry pipe
  Pre-action dry pipe

Computer-Controlled Wet Pipe. The computer-controlled wet pipe system continues to have the sprinkler water pipes running over the data center charged with water at all times. The first difference is that the sprinkler heads are not controlled by lead ballast, but by microprocessors. In most cases, the sprinkler heads are retracted into the ceiling until the system orders one to discharge when it first drops down from the ceiling.

The second difference is that the company has direct control over what conditions have to be met before the system activates, as well as control over the parameters of the system response. The increased control creates a new issue for the IT auditor because he or she will have to evaluate the established settings for such a system.

Computer-Controlled Dry Pipe. The computer-controlled dry pipe system adds one improvement to the computer-controlled wet pipe system previously described. The improvement is the addition of a master valve that controls all of the sprinkler pipes for the data center. This valve keeps the overhead pipes without water until sensor activations meeting established parameters cause the valve to open.

The valve opening permits water to flow up to the individual sprinkler heads, but that is where the water stops. The individual sprinkler heads are still controlled by the microprocessor that will determine which heads are active and when that will happen. The difference may appear to be minor. However, this system virtually eliminates any chance of an accidental water discharge over the equipment in the data center.


Previous Table of Contents Next