Help Ensure Proper Computer Data and Records Fire Protection

Due to the nature of computers and paper files, using a standard water sprinkler system may not be a feasible method to help protect your organization's data. Standard water sprinklers will spray water onto computer equipment potentially destroying valuable information and paper records that are irreplaceable.

Fortunately, there are alternatives to standard sprinkler systems as well as steps that your organization can take to reduce or even eliminate the risk of a total loss.

In the past, organizations frequently employed Halon fire suppression systems to protect their assets. Halon was created in the mid-1900s as a solution for an extinguishing system that is non-conductive and leaves no residue when used. The most common forms of Halon are 1211 and 1301. In the Clean Air Act of 1994, the United States banned the production and import of Halon, requiring organizations to replace Halon systems as the supply runs out and/or their systems become obsolete.

There are newer chemical systems that offer the highest available level of protection against fire for data and records protection. Your organization should consult with certified sprinkler installers to determine what system will work best.

Causes of Fire in Data Centers

Large data centers and server rooms generate very high amounts of heat due to their electrical requirement. The average server uses between 500 to 1,200 watts per hour of use. Server racks are typically 42U tall (1U=1.75 inches). The average server takes up 3U’s in a server rack, allowing you to fit 14 standard-size servers in one rack. If you allow for aisle space and the ability to open the server door, you can reasonably estimate that one server will take up 25 sq. ft. This means a 500 sq. ft. room can theoretically hold 25 server racks.

Twenty-five server racks in a 500 sq. ft. room are going to generate 175 to 420kWh per hour of use. Comparatively, the average homeowner in the US uses less than 30kwh in a day. This usage of electricity creates high amounts of heat. Computer processors can run between 90 to 100 degrees Fahrenheit when idle and up to 170 degrees when at maximum usage. The fire hazard significantly increases due to the number of electronics and equipment that could fail due to heavy load usage. Server rooms must also have a significant cooling ability due to the heat output from the processors. Combustibles stored in server rooms or closets pose a significant fire risk due to sparks and heat generated by servers. No combustibles should be stored in the server room or closet. The optimal server room should have a temperature between 68- and 71-degrees Fahrenheit to extend the life of the equipment or prevent system overheating that can result in a fire.

Maintenance

Preventative maintenance can be used to help prolong the life of the equipment as well as identify potential risk sources. In addition to preventative maintenance, taking time to update systems as well. The following actions should be taken as part of a monthly preventative maintenance schedule:

• Verify data backups. If backups are stored offsite or are cloud-based, verify with vendors and/or third-party companies to make sure that data is being stored responsibly and safely.
• Check storage utilization. Make sure that servers have adequate space for your information and your organization’s needs as well as forecast the amount of storage needed for future usage. Contact your IT manager to set thresholds for your organization.
• Review hardware usage. View usage for CPU (Computer Processing Unit) and RAM (Random Access Memory) and determine if the usage exceeds company guidelines or a threshold set by an IT manager.
• Update software, firmware and patches. Updating systems allows for networks to run more efficiently. Patches should be conducted weekly for routine maintenance or as part of a schedule determined by your IT manager. Patches that show immediate threats should be done immediately. Patches can be completed via a scheduled update from the manufacturer or manual patch deployment by system administrators.

Great American offers a wide variety of tools to help mitigate risks and improve business continuity through tools like SecurityScorecard for Cyber Division policyholders.

SecurityScorecard offers a report that assists in understanding your risks and provides a path to greater cyber security understanding. They include a full report with information to provide improvements on 10 important risk factors:

• Review network usage. Servers have limits with the amount of data they can receive and transfer to the internet due to the hardware being used. Network cards in servers are limited and data transfer outside of the network should be reviewed by your company’s IT manager. If network cards do not meet organizational needs, oftentimes they can be upgraded and replaced with limited downtime. Contact internet providers to review the services that your organization is receiving and if they will need to be upgraded or enhanced.
• Clean hardware. As hardware sits, dust and other contaminants can enter the server through the system’s cooling fans. Servers should be cleaned using compressed air and isopropyl alcohol on a swab or wipe. Over time, CPU thermal paste will wear and dry out, increasing the temperature of the system. Thermal paste should be reapplied every one to two years as needed. Please review CPU idle temps and manufacturer specifications for optimal application.

For organizations to effectively deploy their IT programs, they must decide on the risk management strategies that their organization wants to take. Their programs can be a combination of the following three techniques:

1. Eliminate: For many organizations, the digitization of server backups that are located offsite can allow for protection against total loss of data. While the digitization of paper files may take time to complete, it is much safer to store them digitally where the likelihood of theft or total loss is significantly less. Server backups can be costly for organizations that want to store data across multiple locations. However, they do provide an additional layer of protection due to the very unlikely possibility of a fire at two locations. By following one of these two steps, organizations can potentially eliminate their risk of losing data or records.
2. Transfer: Your organization decides that it is too costly to implement its own backup servers and does not have the ability to store digitized records due to technical limitations. The next alternative may be to contract with a cloud storage provider or third-party data center that can store your data at a lower cost. For a variety of reasons, a downfall of this decision may be higher levels of security required for your organization. However, this decision still enables organizations to shift their risk and better protect their organization.
3. Mitigate: At this point, organizations have decided that due to security or other reasons, the servers must be kept onsite and protected by the staff and facilities available. This will require organizations to implement advanced fire suppression equipment. In addition to this, maintenance plans should be approved by IT managers and administrators should be put in place to protect user data and organization stability.

For additional Loss Control guidance, please visit the Plan & Protect safety hub.

Resources

• Environmental Protection Agency | 1990 Clean Air Act Amendment Summary: Title VI
• US Energy Information Administration | Frequently Asked Questions