The first part of this series looked at how the mission-critical industry was a consequence of the IT revolution that occurred in the twentieth century. This new industry had unprecedented historical growth in terms of the scope of technology, industry and the facilities it has spawned. Early on, information technology services were recognized as a unique category of industry and facility type that was experiencing breathtaking changes almost annually. The fire-protection code committees decided to handle the continual change by establishing basic core requirements for all IT facilities and providing additional recommended practices for consideration. This limited requirements base led to a variety of protection solutions for any given facility. These protection solutions or approaches can be broken down into four general categories which include risk-, consensus-, owner- and project-based solutions.
In the risk category, the most advanced method is the facility risk analysis. It is perhaps the most rigorous of the various options that are available in the category and is considered the most conservative. This approach involves several aspects of risk that must be understood to avoid the confusion that can easily attend these analyses. The reason for this confusion is that the term risk has a number of meanings in industry that are fairly diverse depending on the context. This study is interested in the use of the term as a scalar concept and will provide a brief review of some of the more common definitions of it in this context. The following review will help to distinguish and identify the primary definitions of interest from the others and to clarify their use in a risk analysis.
One use of the term risk is to make it refer to uncertainty—that is, any event that is unsure as a possibility, probability or consequence. Second, the term can refer to an unknown or unpredictable phenomenon that causes an event (e.g., stock price) to result one way rather than another. Third, the insurance industry will often use the term to refer to anything that is insured. Fourth, the term also refers to the probability of an event occurring. Fifth, another meaning has risk synonymous with the word hazard. In this sense it refers to something that is potentially dangerous, can cause damage or accidents, or presents an exposure or vulnerability to some sort of harm or loss. Sixth, in another sense it refers to the expected consequence of a specific adverse event on an asset or operation. Finally, the last two meanings (i.e., numbers 5 and 6) come together in yet another definition (number seven) that is at the center of the fire risk analysis. This mathematical definition defines risk as the product of a hazard severity and its probability. This is the primary aspect of the term risk that is used in a facility fire risk analysis.
In this last definition of risk, the phrase hazard severity refers to how much damage or harm a given hazard in a facility could create in a potential incident. In this context, an incident refers to any sort of equipment malfunction or any operational or facility condition that leads to smoke, fire, explosion or other consequences that would be harmful to the facility. On the basis of this definition, risk is expressed either quantitatively or qualitatively and is related to the magnitude of the hazard severity and probability product. Such a definition is considered by many to be fairly intuitive. In other words, any concern regarding an adverse event is usually weighed in the average individual’s mind against the likelihood or frequency of the event. Therefore if either the hazard severity or the probability is considered to be low, that scenario ranks lower than others that rate higher, though no real value is attributed to it.
If there is an intention to characterize the risk in a quantitative manner, however, it can be a challenging activity. The reason is that assigning meaningful or valid numerical values to the hazard severity and probability of an event are formidable tasks. Either there would need to be an accessible and reasonably comprehensive database of loss events for the industry, or assigned relative values would have to be used. Those who pursue the former method would need data on the industry, facility, rooms and equipment of interest, or reasonably similar ones. Most, however, acknowledge that despite the large incident databases in code organizations and insurance firms, there is relatively little relevant data available. This situation is due to the significant differences in facility equipment, configuration and size as well as in the nature, cause and location of the event—all critical factors of useful loss-history data.
Moreover, even though the insurance firms may have meaningful data, it too is still limited and is generally unavailable to outsiders except on a most generic basis. The real problem with the quantitative approach is that much of the data on these events is rarely obtained, as most of them are never reported. Owners and equipment vendors, for understandable reasons, often prefer to keep the incidents or their causes private. And when truly relevant incident data becomes available, it usually only represents a small slice of the industry (e.g., a few percent or less). So whether owing to the lack of relevance, validity or availability of data, fire risk analyses are often driven toward a more qualitative approach. Nonetheless, the analysis, especially on a qualitative basis, can still be a useful tool for developing facility fire-protection schemes.
Fire Risk Analysis
The fire risk analysis involves developing reasonable fire scenarios for each area or room, assessing the likelihood or probability, and determining their potential event consequences. This analysis is intended to be performed by a qualified professional and, ideally, for each and every area in a given facility to develop a comprehensive protection scheme for the facility. Fire scenarios are to be based on a review of the equipment, process and facility hazards and the expected fire behavior under such conditions. The likelihood of the various fire scenarios is also assessed by the fire-systems designer according to fire-protection-engineering principles and relevant industry data. Scenarios deemed worthy of greater attention because of severity, probability or vulnerability are selected for a further scenario development. The potential consequences of each event are determined from a consideration of the internal and external aspects of risk. Last, the outcomes of the selected events are then ranked according to definition seven of risk and prioritized accordingly. The purpose of the study is to ensure that the protection schemes provided for each area of the facility are commensurate with the risk level from the fire risk analysis.
In excursus, a brief overview of the internal- and external-consequences analysis is presented here for clarity. Internal consequences refer to those associated mainly with the facility. These items of concern usually include a) direct fire harm to individuals, b) life-safety impact, c) loss of records, d) loss of equipment, e) loss of facility controls and f) facility or site harm or contamination. The external consequences refer to those associated mainly with the services provided. These items of concern usually include a) economic impact of downtime, b) life-safety impact of downtime, c) liability impact of record loss, d) regulatory impact or downtime or loss of records, and e) reputation impacts. The various consequences for each fire scenario are then brought together to determine the overall synergistic impact. The findings of the scenario analyses are often expressed in monetary and qualitative severity levels. This information is then used to inform the stakeholders of the risks present and explain the basis for the recommended facility-protection scheme. This approach is very appealing to those desiring a comprehensive analysis of a facility’s risks and loss potential exposure, but it may come at a premium.
There are also other approaches that may be considered risk-based solutions. They are less rigorous than the fire risk analysis but use similar concepts and principles. These approaches are based on hazard level and loss history of the facility type or industry. They reflect a more traditional risk-analysis methodology that uses a simpler and in some regards more practical perspective. The concept behind them is the identification of critical information on a facility to enable stakeholders (e.g., owners and insurers) to quickly assess the main risks in it and the overall facility risk level.
In the hazards-based analysis, the hazards in the facility are ideally identified and assessed by a qualified industry professional. The hazards included typically refer to the materials, equipment and process and cover interior and exterior areas. The rooms or areas are then ranked according to fire hazard level and provided with protection accordingly. For instance, the generator room with the associated fuel systems would ordinarily be the highest hazard, the battery rooms with the evolving flammable gases may be next, and so on. In this approach, the data center (i.e., data hall) would rank relatively low, as computer systems are not considered a significant fire threat. This approach is somewhat different than the fire risk analysis because the emphasis is more on the inherent hazard level of the materials, equipment and process. In other words, regardless of any presumed fire scenario, the item itself is rated for its combustibility, heat capacity, heat-release rate, explosion potential and related characteristics that could contribute to a significant event, should anything go amiss.
In the loss-based analysis, information on the loss history of these facilities or specific rooms in the facility is sought out for guidance on hazard severity and probability. The source of loss data may be a code or standards body, insurance firms, industry associations or the corporation itself. Sometimes data is from news reports, studies or anecdotal sources, such as private discussions or personal incident knowledge. However gathered, the data is examined for any insight it can provide on the facility risks and particular rooms in the facility. The insight can include pattern recognition, critical risk factors, and likely event development. From this data, interpolations, extrapolations and other risk estimations are made and employed to formulate a protection scheme for a facility. This approach is especially appealing to those who think empirical data is the most sensible way to address risk.
As this brief review shows, the risk-based solutions range from the very detailed technical analysis to a more rudimentary and perhaps practical analysis. This solution category encompasses what can be considered the classical approach, as its methods hail back to the earliest days of the fire-protection industry. Nonetheless, the three other solution categories, which we will examine later, have since eclipsed these approaches in popularity. The various reasons for this shift, some good and some not so good, will be the subject of future articles in this series.
About the Author
Robert O’Neill, P.E., is a consulting engineer with degrees in chemical engineering and fire protection engineering. He has worked in fire protection engineering for over 25 years with experience in over 350 projects in the areas of insurance, government, consulting and architecture/engineering. His work has included the design, construction and/or review of fire alarm, detection, suppression and extinguishing systems for over 100 mission-critical facilities totaling over 4.4 million square feet.