Site & Facility Design Principles & Security Controls- Part 2

Utilities and Heating, Ventilation, and Air Conditioning (HVAC)

We come to the part where we talk about physical site & facility controls. The heating and air-conditioning systems are necessary for maintaining a safe and acceptable operating environment for computers and personnel. Computing equipment and networking devices like routers and switches do not like the following conditions which can damage equipment:

  • Excessive heat
  • High Humidity
  • Low humidity

HVAC-requirements planning involves complex calculations based on numerous factors, including the average Thermal produced by the estimated computers and personnel occupying a given area, the size of the room, insulation characteristics, and ventilation systems.

  • The ideal temperature range for computer equipment is between 50°F and 80°F. At temperatures as low as 100°F, magnetic storage media can be damaged.
  • The ideal humidity range for computer equipment is between 40 and 60 percent. Higher humidity causes condensation and corrosion. Lower humidity increases the potential for static electricity.
  • Doors and side panels on computer equipment racks should be kept closed to ensure proper airflow for cooling and ventilation.
  • Empty spaces in equipment racks should be covered with blanking panels.
  • Heating and cooling systems should be properly maintained, and air filters should be cleaned regularly.
  • For gas-discharge fire suppression systems a separate Emergency Power off (EPO) switch should be installed near exits to facilitate a manual shutdown in an emergency.
  • Must everyone knows who to call when there are problems.
  • Monitoring systems should alert the appropriate personnel when operating thresholds are exceeded.

Electrical Power

  • An Emergency Power off (EPO) switch should be installed near major systems and exit doors to shut down power in case of fire or electrical shock.
  • A backup power source should be established, such as a diesel or natural-gas power generator.
  • Backup power should be provided for critical facilities and systems, including emergency lighting, fire detection and suppression, mainframes and servers (and certain workstations), HVAC, physical access control systems, and telecommunications equipment.
  • Using an Uninterruptible Power Supply (UPS) is the most important protection against electrical anomalies. A UPS provides clean power to sensitive systems and a temporary power source during electrical outages (blackouts, brownouts, and sags).
  • A UPS shouldn’t be used as a backup power source.
  • The natural gas not acceptable for emergency life systems because the fuel source can’t be locally stored.

Protective controls for electrostatic discharge (ESD) include:

  • Maintain proper humidity levels (40 to 60 percent)
  • Use anti-static flooring, anti-static carpeting, and floor mats
  • Ensure proper grounding

Sensitive equipment can be damaged or affected by various electrical hazards and anomalies, including:

  • Electrical noise: Includes Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI). EMI is generated by the different charges between the three electrical wires (hot, neutral, and ground) and can be either common-mode noise (caused by hot and ground) or traverse-mode noise (caused by a difference in power between the hot and neutral wires). RFI is caused by electrical components, such as fluorescent lighting and electric cables. A transient is a momentary line-noise disturbance.
  • Electrical anomalies: These anomalies include the ones listed follow table
ITperfection, CISSP, electrical power
[rev_slider alias=”Advertisement-1″ /]


Water damage (and damage from liquids in general) can occur from many different sources, including pipe breakage, leaking roofs, spilled drinks, flooding and so on. Wet computers and other electrical equipment pose a potentially lethal hazard.

Preventive is used to ensure that water in unwanted places does not disrupt business operations or destroy expensive assets. Common features include:

  • Water diversion: Barriers can help to prevent water from entering sensitive areas.
  • Water detection alarms: Sensors that detect the presence of water can alert to personnel.

Fire prevention, detection, and suppression

Threats from fire can be potentially devastating and lethal. In an information system, this is the risk, which not only affects the safety of the employees working in that organization, but also the premises, devices, and the valuable assets of an organization. Other hazards associated with fires include smoke, explosions, building collapse, release of toxic materials or vapors, and water damage.

Therefore, it is vital to take preventive measures, prepare and take care of firefighting equipment, as well as provide training to all employees of the organization. It is even recommended that every once in a while, a fire-fighting maneuver is carried out in the organization and the problems are observed and eliminated.

Following are some common fire protection techniques, which are to be considered:

  • Construct the buildings/offices having an emergency exit to protect employees from harm
  • Place Fire extinguisher
  • Install Fire & Smoke Alarms
  • Store hazardous materials in designated areas.
  • Make sure there are good connections and effective grounds in the wiring.

Note: Saving human lives is the first priority.

For a fire to burn, it requires three elements: heat, oxygen, and fuel. These three elements are sometimes referred to as the fire triangle.

Fires are classified according to the fuel type:

ITperfection, CISSP, fire classified

Fire Prevention Plan (FPP)

Occupational Safety and Health Administration (OSHA) offers the Fire Prevention Plan (FPP). The purpose of the fire prevention plan is to prevent a fire from occurring in a workplace.

However, your fire prevention plan must include:

  • A list of all major fire hazards, proper handling and storage procedures for hazardous materials, potential ignition sources and their control, and the type of fire protection equipment necessary to control each major hazard.
  • Procedures to control accumulations of flammable and combustible waste materials.
  • Procedures for regular maintenance of safeguards installed on heat-producing equipment to prevent the accidental ignition of combustible materials.
  • The name or job title of employees responsible for maintaining equipment to prevent or control sources of ignition or fires.
  • The name or job title of employees responsible for the control of fuel source hazards.

Fire detection

Fire detection system is an automated and integrated system to detect fire, perform some emergency response, and generate some alerts. There are several electronic sensors that are integrated into an embedded system to detect smoke, heat, flame, and provide a response.

Following are the common sensors used in a Fire Detection System:

1- Heat Detector: These devices sense either temperatures exceeding a predetermined level or rapidly rising temperatures.

2- Flame Detector: These devices sense either the flicker of flames or the infrared energy of a flame. These systems are provide an extremely rapid response time but are expensive.

3- Smoke Detector: These devices detect smoke, one of the by-products of fire. The four types of smoke detectors are:

  • Aspirating: Draw air into a sampling chamber to detect minute amounts of smoke
  • Ionization Detector: Detect disturbances in the normal ionization current of radioactive materials
  • Photoelectric Detector: Sense variations in light intensity
  • Beam: Similar to photoelectric; sense when smoke interrupts beams of light

Fire Suppression Systems

The two primary types of fire suppression systems are:

  • Fire sprinkler system: Water sprinkler systems: Water extinguishes fire by removing the heat element from the fire triangle, and it’s most effective against Class A fires. Water is the primary fire-extinguishing agent for all business environments. Water is one of the most effective, inexpensive, readily available, and least harmful (to humans) extinguishing agents available.
  • Gaseous fire suppression system: These systems may be portable (such as a CO2 extinguisher) or fixed (beneath a raised floor).

The four variations of water sprinkler systems are:

  1. Wet-pipe: Most commonly used and considered the most reliable. Disadvantages include flooding because of nozzle or pipe failure and because of frozen pipes in cold weather.
  2. Dry-pipe: No standing water in the pipes. This type of system is less efficient than the wet pipe system but reduces the risk of accidental flooding.
  3. Deluge: Operates similarly to a dry-pipe system but is designed to deliver large volumes of water quickly. Note, these systems are not used for computer-equipment areas.
  4. Preaction: This system is automatic and smart. In this system, pipes are initially dry. Now, f a sensor heats up, this system considers it as green light to charge a pipe with water and then an alarm is activated.

Gaseous fire suppression system are typically classified according to the extinguishing agent that’s employed. These agents include:

  1. Gas-discharge: These systems suppress fire by separating the elements of the fire triangle; they are most effective against Class B and C fires. Halon used to be the gas of choice in gas-discharge fire suppression Systems. Halon is an ozone-depleting substance, so the Montreal Protocol of 1987 prohibited the production and installation of Halon systems. Acceptable replacements include FM-200, CEA-410 or CEA-308, NAF-S-III, FE-13, Argon or Argonite and Inergen.
  2. Carbon dioxide (CO2): It is a commonly used colorless, odorless gas that extinguishes fire by removing the oxygen element from the fire triangle. CO2 is most effective against Class B and C fires. Its use is potentially lethal and therefore best suited for unmanned areas or with a delay action.
  3. Soda acid: Includes a variety of chemical compounds that extinguish fires by removing the fuel element of the fire triangle. Soda acid is most effective against Class A and B fires.

Also see:

Site & Facility Design Principles & Security Controls- Part 1