I think the 1% comment is one that Iron Mountain seems to feel they can build some form of credibility on, as if 1% should be considered acceptable. When a commercial “service provider” is under contract to store and provide protection to the Information Assets of numerous clients, their ability to successfully discharge their duties should be their primary goal. Similar figures were cited when Time Warner’s tapes that were being delivered were lost as well.

This isn’t the first time they’ve had a facility end up as a complete loss (never have seen the final reports on the losses at two facilities in New Jersey), and it probably won’t be the last seeing as they aren’t willing to comply with the NFPA Standard directed at their line of business. Over the past 4 years, with the assistance of PRISM and many of Recall, Archives One and Iron Mountain’s vendors and suppliers of goods and services, much time and money was spent attacking and dismantling the protections afforded to individuals who store their assets with commercial service providers. The NFPA232 Standard issued in 2000 had substantially greater levels of protection than those included in the current 2007 revision, and a review of the Technical Committee ballots and proposals will clearly show who it was that developed the language to weaken the Standard and who it was that voted in a block against the existing protections. If their true interest was in protecting their clients assets rather than protecting their profit structure, maybe they would have spent more money on construction and fire protection and less on lobbying and legal opinions being written against existing Standards.

And this is the same organization who attempted to have the Code of Federal Regulations 36CFR, Part 1229, Subpart K Standards changed, with the intent of forcing the issue of allowing for Federal Agency records to be stored in their less than adequately protected facilities. Granted the National Archives has some facilities that may not measure up to the specified standards (which is required by 2009), but NARA isn’t lobbying to increase the size of storage compartments, weaken the requirements of firewalls to fire barrier walls, lower the burn ratings of walls, or explaining to the press and public why occasionally a facility will burn to the ground.

I also found the comment about arson so common. In the New Jersey fires, the first thing to hit the press was “suspected arson” as the cause. And while a multi-point ignition fire generally IS a sign of an arsonist, the NFPA 232-2007 Standard still carries this language:

4.8.4.3 Arson. Facilities shall implement precautions to prevent arson.

And if it were caused by trash outside of the facility, it also includes this language:

4.5.1 The responsible party shall consider the potential for the records to be destroyed by a fire that initiates in an area external to the operations.

4.5.2 The building exterior and tenant separations shall meet or exceed the requirements of the local building code and this standard.

Granted, the fire being discussed was in London, and facilities external to the US are not required to follow NFPA232, but there is BS5454, and I don’t know how closely that was being followed. All the same, the argument we heard time and again in the NFPA232 Technical Committee meetings is it’s possible to design a fire suppression system that can adequately protect records without the need for limiting the size of a compartment or the volume of records it holds, so why isn’t it done? Do we need more courts to make decisions similar to what happened in the Diversified Records fire with judgments in excess of $60 million for the clients http://www.law.com/jsp/article.jsp?id=1125318963669 before storage providers start offering sufficient protection?

DO review your existing contracts and find out what the limitations of liability are. DO make a visit to the facility storing YOUR organization’s information assets, and verify they are ALL stored in that one facility, or how ever many facilities you’ve requested them to be stored in. ASK to see the fire protection plan and emergency management plan. VISIT the local fire protection facility and find out if they are aware of the occupancy type and volume of combustible materials stored in the facility they may be called on to defend. It may not have been the same occupancy type when they last inspected it. PAY ATTENTION to the adjacent businesses and find out if they pose a potential threat or hazard to your assets.

There’s a lot you can do to help protect yourself, you should do as much as you can while your assets are still intact.