Applying NFPA 75 in data centers
NFPA 75: Standard for the Fire Protection of Information Technology (IT) Equipment covers the requirements for the protection of IT equipment from fire damage. The current edition (2013) has not been adopted by all jurisdictions; however, fire protection engineers should be well aware of its requirements because of the large number of IT facilities and data centers.
- Illustrate NFPA 75: Standard for the Fire Protection of Information Technology (IT) Equipment and how it affects data center design.
- Make use of NFPA 75 in IT equipment room design.
- Examine the changes to the new edition of NFPA 75.
By the time this article is issued, the 2017 edition of NFPA 75: Standard for the Fire Protection of Information Technology (IT) Equipment should be nearly wrapped up. For more than 50 years, the Technical Committee on electronic computer systems has kept pace with the ever-changing IT equipment industry by overseeing the development process of the standard.
From the early computer systems of the 1950s, through the IT equipment developed during the dot-com era of the late 1990s, to the modern cloud data centers of today, NFPA 75 has been the standard of care for fire protection of IT equipment. This article will review some of the key features of the current edition, 2013, and highlight some of the significant changes to the next edition.
Purpose and application
The purpose of NFPA 75, as defined by Section 1.2, "is to provide the minimum requirements for the protection of IT equipment and IT equipment areas from damage by fire or its associated effects—namely, smoke, corrosion, heat, and water." Users of the standard can expect the document to provide the minimum level of requirements to protect their IT equipment from fire and the effects of fire. Due to the vast amount of different IT equipment applications, it is intended that the standard be applied based on the specific nature and anticipated fire risks at each facility.
To that end, Chapter 1 requires that a documented risk assessment shall be the basis for implementation of the standard. Chapter 1 also refers users to Chapter 4, Risk Considerations, which states that levels of acceptable fire risk shall consider factors including life safety, property protection, economic loss, regulatory impact, and redundant offsite processing, to name a few. It is also worth noting that Chapter 4 states that a fire risk assessment may be used to determine construction type, fire suppression, and fire-detection requirements, where specifically permitted elsewhere in the standard.
While past editions of the standard contained several references in various parts of the document to this Chapter 4 risk assessment allowance, the 2013 edition of the standard only contains two. The first reference is in Section 1.3.1, which states that "a documented risk assessment shall be the basis for implementation of the standard." The second reference is in Section 22.214.171.124, which states that "the power to all electronic equipment shall be disconnected upon activation of a gaseous-agent total flooding system unless the risk considerations outlined in Chapter 4 indicate the need for continuous power."
This was a detail not lost on the Technical Committee, which established a risk/performance task group to review the standard to further develop the risk elements that should be examined as part of a fire risk assessment. The task group recommendations led to significant changes to the 2017 edition of the standard. The article "Updates, changes to NFPA 75 affect data centers" provides a more descriptive account of the work of this task group and their resulting recommendations.
With the introduction of the standard, and a brief discussion about Chapters 1 and 4, a review of the structure of the rest of the standard is warranted prior to discussing key changes to the 2017 edition. The first three chapters are administrative, following the Manual of Style for NFPA Technical Committee Documents: Administration, Referenced Publications, and Definitions. Chapter 4 is titled Risk Considerations. Chapters 5 through 10 are largely prescriptive in nature in that they provide specific fire protection criteria for IT equipment. The last chapter, Chapter 11, addresses emergency and recovery procedures.
Chapters 5 through 10 are considered the core chapters, in that they address items including building construction requirements, materials and equipment permitted in IT equipment areas, fire protection, fire detection, and utility requirements, to name a few. Consistent with the purpose of the standard, all criteria in chapters 5 through 10 are aimed at minimizing the fire threat to IT equipment. Looking more closely at Chapter 5, Construction Requirements, some of the requirements are as follows:
- IT equipment rooms shall be separated from other occupancies within the building by a minimum 1-hour fire-resistant-rated construction.
- Door openings in the separation barrier shall be ¾-hour fire-resistance-rated.
- All air ducts and air-transfer openings passing through the separation barrier shall be provided with automatic fire and smoke dampers.
The basis for these requirements is due to past experience with fires involving IT equipment rooms. According to an NFPA 75 annex note, past fire experience has demonstrated that the fire often starts in areas other than the IT equipment room, and that the fire and its related products, including smoke and heat, can spread to the IT equipment room if the room is not adequately separated by fire-resistance-rated walls with protected enclosures. Given this discussion, it should be noted that users of the standard must still comply with local building and fire codes. Any conflicts between NFPA 75 and the local codes must be properly managed.
The changes to the 2017 edition are the result of the NFPA 75 Technical Committee, which oversees the development process of the standard. The committee spends several hours reviewing proposals for new or revised criteria, research findings, and new initiatives, with the overall goal of continual improvement of the standard. The 2017 edition of NFPA 75 reflects the ever-changing needs and evolving technology associated with IT equipment.
The first notable revision addresses the application of the standard. While Chapter 1 has a requirement for the standard to be applied through a documented risk assessment, in practice, that has not always the case. For example, most federal government agencies, such as the Department of Veterans Affairs, the Department of Defense, and the General Services Administration, require adherence to NFPA 75 through their respective fire protection design manual and standards. Now it may, in fact, be that these government agencies have performed a documented risk assessment, which concluded that their IT equipment shall be protected in accordance with NFPA 75. However, the documented risk assessment is not mentioned in their respective fire protection criteria, and the provisions of NFPA 75 are to be adhered to in full, with certain additional provisions. Even in the private sector, while compliance with NFPA 75 is rarely mandated by the local building or fire codes, NFPA 75 is routinely applied to IT equipment facilities purely on a prescriptive basis.
Somewhat in response to the manner in which NFPA 75 is being applied, both in the federal government and private sectors, the next edition of the standard will contain a clarifying annex detail to the application statement of Chapter 1. The purpose of the new annex figure is simply to facilitate users of the standard by navigating them through the decision tree.
As indicated in the decision tree, the first decision the user must make is to determine if NFPA 75 applies. Section 1.3, Application, will continue to indicate that a documented risk assessment shall be the basis for implementation of the standard, following the risk considerations outlined in Chapter 4. If the standard applies, the user is directed to Chapter 4, where the first notable change in the 2017 edition of the standard occurs.