Environmental controls mitigate the risks associated with naturally occurring events. The most common of these are power sags, spikes, surges, and reduced voltage, but they also include tornadoes, hurricanes, earthquakes, floods, and other types of weather conditions. Per ISACA, power failures can be grouped into four distinct categories, based on the duration and relative severity of the failure:
To reduce the risks associated with power sags, spikes, and surges, the organization should deploy surge protectors for all electrical equipment. The additional implementation of an uninterruptible power supply (UPS) can provide enough power to either shut down systems gracefully in the event of a power failure or provide enough power to keep mission-critical systems operating until power returns. A UPS can be either implemented on a system-by-system basis (portable) or deployed as part of the overall IT infrastructure. A UPS contains batteries that continue to charge as the system has power and provides battery backup power in case of a failure. Generally, smaller portable UPS systems provide between 30 minutes and 3 hours of power; larger systems (a permanent UPS) can provide power for multiple days. The organization can provide a complete power system, which would include the UPS, a power conditioning system (PCS), and a generator. The PCS is used to prevent sags, spikes, and surges from reaching the electrical equipment by conditioning the incoming power to reduce voltage deviations and provide steady-state voltage regulation. The PCS ensures that all power falls within acceptable levels for the electrical devices it is serving. The organization might employ a generator in concert with the UPS. In most cases, the generator and UPS are controlled by the same system, allowing the generator to power up when the battery power in the UPS falls below a certain threshold. In addition to the issues surrounding electrical power, organizations must deploy environmental controls for the overall health of the hardware and software, as well as preventative, detective, and corrective measures in case of an emergency. Within the design of the IT infrastructure, the organization must determine the best place for the core servers and network devices. This location is sometimes referred to as the LAN room or computer room. It should be implemented with climate controls, fire-suppression systems, and power-control systems. The computer room should be located in a place that is not threatened by electromagnetic interference (EMI) or the possibility of flooding. Electrical equipment must operate in climate-controlled facilities that ensure proper temperature and humidity levels. Relative humidity should be between 40% and 60%, and the temperature should be between 70°F and 74°F. Both extremely low and extremely high temperatures can cause electrical component damage. High humidity can cause corrosion in electrical components, reducing their overall efficiency or permanently damaging the equipment; low humidity can introduce static electricity, which can short out electrical components. Proper ventilation should be employed to maintain clean air free of contaminants. A positive pressurization system ensures that air flows out of instead of into the computer room. If you have ever entered a building and opened the door to feel the air pushing out toward you, you have entered a building that is positively pressurized. This pressurization ensures that contaminants from the outside do not flow into the room or building. Water detectors should be placed near drains in the computer room to detect water leaks and sound audible alarms. One of the most serious threats facing both computing equipment and people is fire. A variety of systems are available to prevent, detect, and suppress fire. A number of fire-detection systems are activated by heat, smoke, or flame. These systems should provide an audible signal and should be linked to a monitoring system that can contact the fire department.
Fire-suppression systems can be either automatic (chemical or water) or manual (fire extinguishers) and are designed to suppress fire using different methods. Table 4.3 outlines suppression agents and their method of extinguishing different types of fires.
The following are automatic fire suppression systems:
The threat of a fire can be mitigated through the use of detection and suppression systems, but personnel also should be properly trained on how to react in case of a fire. This should include the use of manual fire alarms, fire extinguishers, and evacuation procedures. |