Updates, changes to NFPA 75 affect data centers
The 2016 edition of NFPA 75: Standard for the Fire Protection of Information Technology (IT) Equipment may include changes to the risk assessment approach users of the document must take.
The origin of NFPA 75: Standard for the Fire Protection of Information Technology (IT) Equipment dates back to a fire that occurred in the Pentagon on July 2, 1959. According to the Arlington Fire Journal, published Feb. 11, 2005, the fire developed in a basement computer room operated by the Air Force and burned for more than five hours, fueled primarily by magnetic tape. The fire damaged 4,000 sq ft of the Pentagon and resulted in an estimated $30 million of damage to the building and computer equipment in what was, at the time, the worlds' largest government office building.
Primarily as a result of the Pentagon fire, NFPA 75 was tentatively adopted at the 1961 NFPA annual meeting as the Standard for the Protection of Electronic Computer Systems. A primary driver was to standardize fire protection recommendations in the computer industry, therein preventing another large-scale fire tragedy. The standard was officially adopted at the 1962 annual meeting and has since been revised through a consensus standard development process approved by the American National Standards Institute.
The standard is under the 2015 fall revision cycle, meaning the next edition that will be issued by the standards council is expected to be the 2016 edition. The technical committee on Electronic Computer Systems-the committee that oversees the development process of the standard-met in April as part of the first draft preparation of the 2016 edition. Several public inputs originating from the work of the NFPA 75 risk/performance task group were voted on during this meeting. The NFPA 75 risk/performance task group is a small group that was formed in early 2013 from members of the NFPA 75 technical committee. The goal of the NFPA 75 risk/performance task group is to review and update the risk assessment approach of the standard and consider appropriate performance requirements or equivalencies to respond to the diversity of IT equipment facilities.
This is a review of the task group's work and reflects how their proposals, if accepted, could impact the 2016 edition.
Understanding NFPA 75
The purpose of NFPA 75, as defined in Section 1.2, "is to provide the minimum requirements for the protection of information technology equipment and information technology equipment areas from damage by fire or its associated effects--namely, smoke, corrosion, heat, and water."
Users of the standard can expect the document to provide the minimum level of requirements to protect their IT equipment from fire and the effects of fire. Application of the standard is based on risk considerations outlined in Chapter 4. Chapter 4 Risk Considerations include life safety aspects of the function (e.g., process controls, air traffic controls), fire threat of the installation to occupants or exposed property, economic loss from loss of function or loss of records, economic loss from value of equipment, regulatory impact, reputation impact, and redundant off-site processing system.
Looking closely at Chapter 4 Risk Considerations, the lead-in paragraph states:
4.1.1* A fire risk analysis shall be permitted to be used to determine the construction, fire protection, and fire detection requirements for IT equipment, information technology rooms, and IT areas where specifically permitted by Chapters 5 and 8.
In past editions of the standard, there were several references to the Chapter 4 risk assessment allowance in various parts of the document. However, in the 2013 edition of the standard, there are only two references to the risk assessment. The first reference is in Section 1.3.1, which states that "a documented risk assessment shall be the basis for implementation of the standard." The second reference is in Section 126.96.36.199, which states that "the power to all electronic equipment shall be disconnected upon activation of a gaseous agent total flooding system, unless the risk considerations outlined in Chapter 4 indicate the need for continuous power."
Risk/Performance task group
The purpose of the NFPA 75 risk/performance task group was to review the standard to further develop the risk elements that should be examined as part of a fire risk assessment. The objective of the group is to identify those elements of the standard that are suitable for a fire risk assessment, and develop parameters for which a fire risk analysis may be applied.
In traditional application of NFPA 75, the standard is applied when a risk assessment determines the need. The mere presence of IT equipment does not constitute the need to invoke the standard. When the standard is invoked, all provisions of the standard apply. So the flow logic of the traditional application of NFPA 75 is:
Apply standard if risk assessment determines need.
If standard is invoked, all provisions of the standard apply.
The NFPA 75 risk/performance task group strove to go beyond the traditional approach in applying NFPA 75 through use of a fire risk assessment.
Apply standard if risk assessment determines need.
Determine minimum prescriptive requirements.
Use fire risk assessment to determine equivalent or additional requirements based on level of acceptable risk for given facility.
To carry out the group's objective, work groups were formed to review existing portions of the standard to determine which provisions of the standard may be subject to modification based on a fire risk assessment. One group developed suggestions for improvement of Chapter 4. Other groups reviewed Chapters 5 through 10. The consolidated work group reports were reviewed by the task group, with the recommendations from each respective work group being submitted as public inputs for vote at the NFPA 75 First Draft Committee meeting held in April. Posting of the second draft report is scheduled for July 17, 2015. The public comment closing date is Nov. 14, 2014.
Perhaps the most significant public input submitted by the task group involves revisions to Chapter 4 to enhance the risk consideration criteria, and the addition of a chapter. The proposed new Chapter 5, performance-based design approach, is intended to recognize performance-based practices. Specific performance-based design goals and objectives are provided as part of this proposed new chapter. The performance-based approach permits an alternative means to be used for the elements of the IT equipment, rooms, and equipment areas as permitted in Chapters 5, 8, and 10 (proposed new Chapters 6, 9, and 11).
For those sections within Chapters 5 through 10 that the task group felt may be subject to a fire risk assessment, the following language has been proposed: "This section is permitted to be evaluated as part of the performance-based risk analysis as outlined in Chapters 4 and 5."
It should be noted that the task group did not recommend any fire risk assessment related proposals associated with current Chapters 6, 7, and 9. The Chapter 7 work group, for example, determined that existing standards and regulatory listing requirements have proven to be more than adequate, and as such, equipment construction need not be a fire risk assessment factor.
A concern that has been expressed frequently regarding modifications to NFPA 75, particularly by those who regularly apply the standard, is whether there will be concrete prescriptive guidance for conditions necessary to waive prescriptive requirements. To address this valid concern, each task group proposal sought to define the conditions that must exist to waive each prescriptive requirement. For example, there were four task group proposals associated with Chapter 5 Construction Requirements. One such proposal involves Section 5.3.2, which requires drainage beneath a structural or raised floor where an IT equipment system is located. Citing an example of a retrofit project where an IT equipment area may be built within an existing building and providing drainage may not be feasible, the Chapter 5 Work Group found this requirement to be subject to a fire risk assessment. The following public input was submitted as new paragraph 5.3.3:
Under the following condition the drainage requirements are permitted to be evaluated as part of the performance-based risk analysis as outlined in Chapters 4 and 5:
The risk analysis provides an alternate solution such as containment with leak detection.
Other Chapter 4 public input involved the building construction criteria, location of IT equipment area within the building, and IT equipment area interior construction materials. Public input affecting Chapter 8 involved automatic fire protection systems, automatic detection systems, portable extinguishers and hose lines, gaseous total flooding extinguishing systems, and expansions and renovations. Public input affecting Chapter 10 involves the disconnecting means.
In response to the ever-increasing diversity of IT equipment facilities, the risk/performance task group was initiated to further develop the risk elements that should be examined as part of a fire risk assessment. The traditional approach of applying the standard when a risk assessment determines the need, and then invoking provisions from the entire standard, may not always be appropriate given the continuing developments in IT facility design and use. The public input generated from the NFPA 75 risk/performance task group goes beyond this traditional approach by expanding upon the fire risk assessment provisions within the standard.
Mark Aaby is manager at Koffel Associates. He holds a master's degree in fire protection engineering from University of Maryland. Aaby is a member of NFPA and SFPE, has more than 17 years of fire protection engineering experience. He serves on the NFPA 75 Electronic Computer Systems Technical Committee.