How is Electronic Equipment Affected by the Environment?
Everyone realizes that the early detection of disease through a physical examination is a highly successful method for the prevention of catastrophic illness. The same can also be true for the prevention of a catastrophic loss when a physical risk assessment is applied to a building or facility on behalf of a building owner or insurer.
Pioneered to protect network reliability in the telecommunications industry, physical risk assessment has been applied in recent years to a variety of facility types, including administrative facilities, electrical utilities, manufacturing plants, data centers and medical centers. Picking up where an “insurance audit”, “safety inspection” or “code compliance inspection” leaves off, a physical risk assessment provides a holistic approach to determining vulnerabilities by combining standards and codes (i.e., what must or must not be done) with the knowledge capital available from past disasters (i.e., past disaster causes and contributing factors).
What is a Environmental Assessment?
The goal of a physical risk assessment is to prevent or minimize the impact of a disaster to the facility contents, including both personnel and equipment, by determining the risks to a facility, its contents and systems through a brief (often 1 day or less per facility) visual inspection and personnel interview process. Once identified and prioritized, recommendations and their anticipated cost-effectiveness for alleviation from risk should be evaluated based on the assessment. Depending upon the type of facility, a physical risk assessment may include the review of up to 300 individual risk items within the following categories:
a) Equipment – evaluates factors such as compliance of equipment (electronic or machinery) to appropriate standards, physical diversity of key systems (utilities and communications), equipment and systems reliability, ESD protection programs for electronics, bonding and grounding, corrosion issues (actual and/or potential), cleanliness and other equipment reliability and safety issues.
b) Personnel – assesses potential personnel hazards, environmental health and safety and electrical safety issues, often with a focus on back-up power systems.
c) Facility – the risks associated with the facility usage and maintenance are often assessed in this category, along with the vulnerability of a building to external factors such as flood, tornado, earthquake, lightening and other natural factors. Vulnerabilities to man-made risks such as sabotage, vibration, and neighbors (facility usage) are also commonly addressed. Roof maintenance and plumbing leakage history are key risk component in this category.
d) Disaster Recovery – addresses the adequacy of backups, equipment replacement prioritization, vendor lists, emergency response planning, plan exercising and additional disaster recovery procedures.
e) Fire Safety – the key category in “learning before burning”, the assessment focuses on fire safety systems (e.g., detector spacing and appropriate usage), hazards (e.g., paper and flammables storage), evacuation procedures, fire suppression, and fire department relationships (e.g., response time, access and familiarity with the facility).
f) Security & Alarming – assesses the adequacy of both security and equipment alarming, facility accessibility, security breach rates, alarm center routing and alarm response procedure issues.
g) Environment – evaluates settled and airborne contamination, HVAC (Heating, Ventilating and Air-Conditioning) system, outdoor air ventilation rate and source, air filtration, environmental impact on equipment, occupant comfort level and overall cleanliness issues.
h) Power – determines the adequacy of back-up power systems, surge suppression, primary power source reliability, power routing diversity, connector systems and many other factors are evaluated for power systems.
The purpose of a physical risk assessment is to evaluate vulnerabilities that are known to have contributed to, or added to the impact of past catastrophic losses. Therefore, the experience level of the assessor in the industry or facility type being evaluated will play a critical role in the value received from the risk assessment project.
Unlike code, safety or insurance audits, the provider of the physical risk assessment must be flexible in the final evaluation of the prioritization, recommendations and cost-effectiveness of reducing the risks that were identified. There is often no “right answer” as to how or even if an individual risk should be addressed, as long as the risk is recognized and appropriately accounted for in the disaster recovery / business contingency planning process.