Environmental Protection Practices and Devices

Environmental controls mitigate the risks associated with naturally occurring events. The most common of these are power sags, spikes, surges, and reduced voltage, but they also include tornadoes, hurricanes, earthquakes, floods, and other types of weather conditions. Per ISACA, power failures can be grouped into four distinct categories, based on the duration and relative severity of the failure:

• Total failure A complete loss of electrical power, which might involve a single area building up to an entire geographic area. This is often caused by weather conditions (such as a storm or earthquake) or the incapability of an electrical utility company to meet user demands (such as during summer months).

• Severely reduced voltage (brownout) The failure of an electrical utility company to supply power within an acceptable range (108125 volts AC in the United States). Such failure places a strain on electrical equipment and could limit its operational life or even cause permanent damage.

• Sags, spikes, and surges Temporary and rapid decreases (sags) or increases (spikes and surges) in voltage levels. These anomalies can cause loss of data, data corruption, network transmission errors, or even physical damage to hardware devices such as hard disks or memory chips.

• Electromagnetic interference (EMI) Interference caused by electrical storms or noisy elective equipment (such as motors, fluorescent lighting, or radio transmitters). This interference could cause computer systems to hang or crash, and could result in damages similar to those caused by sags, spikes, and surges.

To reduce the risks associated with power sags, spikes, and surges, the organization should deploy surge protectors for all electrical equipment. The additional implementation of an uninterruptible power supply (UPS) can provide enough power to either shut down systems gracefully in the event of a power failure or provide enough power to keep mission-critical systems operating until power returns. A UPS can be either implemented on a system-by-system basis (portable) or deployed as part of the overall IT infrastructure. A UPS contains batteries that continue to charge as the system has power and provides battery backup power in case of a failure. Generally, smaller portable UPS systems provide between 30 minutes and 3 hours of power; larger systems (a permanent UPS) can provide power for multiple days.

The organization can provide a complete power system, which would include the UPS, a power conditioning system (PCS), and a generator. The PCS is used to prevent sags, spikes, and surges from reaching the electrical equipment by conditioning the incoming power to reduce voltage deviations and provide steady-state voltage regulation. The PCS ensures that all power falls within acceptable levels for the electrical devices it is serving. The organization might employ a generator in concert with the UPS. In most cases, the generator and UPS are controlled by the same system, allowing the generator to power up when the battery power in the UPS falls below a certain threshold.

In addition to the issues surrounding electrical power, organizations must deploy environmental controls for the overall health of the hardware and software, as well as preventative, detective, and corrective measures in case of an emergency. Within the design of the IT infrastructure, the organization must determine the best place for the core servers and network devices. This location is sometimes referred to as the LAN room or computer room. It should be implemented with climate controls, fire-suppression systems, and power-control systems. The computer room should be located in a place that is not threatened by electromagnetic interference (EMI) or the possibility of flooding.

Electrical equipment must operate in climate-controlled facilities that ensure proper temperature and humidity levels. Relative humidity should be between 40% and 60%, and the temperature should be between 70°F and 74°F. Both extremely low and extremely high temperatures can cause electrical component damage. High humidity can cause corrosion in electrical components, reducing their overall efficiency or permanently damaging the equipment; low humidity can introduce static electricity, which can short out electrical components. Proper ventilation should be employed to maintain clean air free of contaminants. A positive pressurization system ensures that air flows out of instead of into the computer room. If you have ever entered a building and opened the door to feel the air pushing out toward you, you have entered a building that is positively pressurized. This pressurization ensures that contaminants from the outside do not flow into the room or building. Water detectors should be placed near drains in the computer room to detect water leaks and sound audible alarms.

One of the most serious threats facing both computing equipment and people is fire. A variety of systems are available to prevent, detect, and suppress fire.

A number of fire-detection systems are activated by heat, smoke, or flame. These systems should provide an audible signal and should be linked to a monitoring system that can contact the fire department.

• Smoke detectors Placed both above and below the ceiling tiles. They use optical detectors that detect the change in light intensity when there is a presence of smoke.

• Heat-activated detectors Detect a rise in temperature. They can be configured to sound an alarm when the temperature exceeds a certain level.

• Flame-activated detectors Sense infrared energy or the light patterns associated with the pulsating flames of a fire.

Fire-suppression systems can be either automatic (chemical or water) or manual (fire extinguishers) and are designed to suppress fire using different methods. Table 4.3 outlines suppression agents and their method of extinguishing different types of fires.

The following are automatic fire suppression systems:

• Water sprinklers These are effective in fire suppression, but they will damage electrical equipment.

• Water dry pipe A dry-pipe sprinkler system suppresses fire via water that is released from a main valve, to be delivered via a system of dry pipes that fill with water when the fire alarm activates the water pumps. A dry-pipe system detects the risk of leakage.

  Water-based suppression systems are an acceptable means of fire suppression, but they should be combined with an automatic power shut-off system.

  
  

  Although many methods of fire suppression exist, dry-pipe sprinklers are considered to be the most environmentally friendly because they are water based as opposed to chemical based in the case of halon or CO².

  
  

• Halon Pressurized halon gas is released, which interferes with the chemical reaction of a fire. Halon damages the ozone and, therefore, is banned, but replacement chemicals include FM-200, NAF SIII, and NAF PIII.

• CO² Carbon dioxide replaces oxygen. Although it is environmentally acceptable, it cannot be used in sites that are staffed because it is a threat to human life.

The threat of a fire can be mitigated through the use of detection and suppression systems, but personnel also should be properly trained on how to react in case of a fire. This should include the use of manual fire alarms, fire extinguishers, and evacuation procedures.