Storage Soup

May 11 2007   7:33AM GMT

Is your data on fire?

Maggie Wright Profile: mwright16


Is your data on fire? In this case, I am not talking about how frequently your data is accessed or how great the information is contained in your data? I am talking about literally on fire.

Why do I ask? This week I am attending the PRISM International conference ( conference in Savannah, Ga., and one of the focuses of the conference is the lessons learned from last year’s Iron Mountain fire in London. In attending the first of two sessions on this topic, one of the questions asked was how many records management companies have had fires in their facilities. Out of about 200 -250 attendees in the room, 2 or 3 raised their hands. Sure, that’s only 1% of the total number in attendance but from my perspective, that is a lot. And from the soberness of those in attendance, their sentiments would seem to match mine and that the entire records management industry, and Iron Mountain in particular, are taking this occurrence very seriously and taking steps to prevent this from occurring again.

To their credit, one of the steps that Iron Mountain took was an attitude of full disclosure and cooperation with the public fire officials in the U.K. The results of the study by an outside independent consultancy were that Iron Mountain’s fire and security systems were properly maintained but their building services were not. That sounds worse than it is. That means items like pallets or a dumpster with flamable materials (cardboard, paper, etc) were too close to the building. In this circumstance, if a fire does get started, even with these other systems in place, the fire now has a source and a steady supply of oxygen which can overwhelm the other systems and lead to a catastrophic loss, as in Iron Mountain’s case.

What is most disconcerting is that in London, according to Mike Murphy, a director with Osborn Associated, Ltd., and the independent fire protection consultanting firm in the UK that assisted with the Iron Mountain investigation, 60% of the fires started are as a result of arson. Unfortunatly the statistics in the US are similar. According to the most recent statistics on the U.S. Fire Administration’s Web site, there were 31,500 intentially set fires in 2005 which caused 315 deaths and $664 million in structural losses.

So, what does this mean for the rest of us? One should not assume we are immune from something similar happening either to our records management provider or even our own facility. We need to make sure the grounds around our own company’s facilities are clear of flammable debris of any kind. While they obviously cannot catch on fire by themselves, with 50% of the fires in the US set by juveniles, why give them any temptation to do so? Also, be sure to ask your records management provider to do the same and maybe even occasionally drive by and check out their facility to be sure they are because their standards for protecting your offsite data should be no less than your own.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Larry Medina
    Rather interesting opinion and thanks for sharing the comments regarding this disastrous fire. Pay attention to the final suggestion in the opinion, and make sure you know how your assets are being protected. If you're storing in the US, buy a copy of NFPA232, and pay special attention to Chapter 4, and if you have a risk or insurance manager, have him tour the facility with you. I think the 1% comment is one that Iron Mountain seems to feel they can build some form of credibility on, as if 1% should be considered acceptable. When a commercial "service provider" is under contract to store and provide protection to the Information Assets of numerous clients, their ability to successfully discharge their duties should be their primary goal. Similar figures were cited when Time Warner's tapes that were being delivered were lost as well. This isn't the first time they've had a facility end up as a complete loss (never have seen the final reports on the losses at two facilities in New Jersey), and it probably won't be the last seeing as they aren't willing to comply with the NFPA Standard directed at their line of business. Over the past 4 years, with the assistance of PRISM and many of Recall, Archives One and Iron Mountain's vendors and suppliers of goods and services, much time and money was spent attacking and dismantling the protections afforded to individuals who store their assets with commercial service providers. The NFPA232 Standard issued in 2000 had substantially greater levels of protection than those included in the current 2007 revision, and a review of the Technical Committee ballots and proposals will clearly show who it was that developed the language to weaken the Standard and who it was that voted in a block against the existing protections. If their true interest was in protecting their clients assets rather than protecting their profit structure, maybe they would have spent more money on construction and fire protection and less on lobbying and legal opinions being written against existing Standards. And this is the same organization who attempted to have the Code of Federal Regulations 36CFR, Part 1229, Subpart K Standards changed, with the intent of forcing the issue of allowing for Federal Agency records to be stored in their less than adequately protected facilities. Granted the National Archives has some facilities that may not measure up to the specified standards (which is required by 2009), but NARA isn't lobbying to increase the size of storage compartments, weaken the requirements of firewalls to fire barrier walls, lower the burn ratings of walls, or explaining to the press and public why occasionally a facility will burn to the ground. I also found the comment about arson so common. In the New Jersey fires, the first thing to hit the press was "suspected arson" as the cause. And while a multi-point ignition fire generally IS a sign of an arsonist, the NFPA 232-2007 Standard still carries this language: Arson. Facilities shall implement precautions to prevent arson. And if it were caused by trash outside of the facility, it also includes this language: 4.5.1 The responsible party shall consider the potential for the records to be destroyed by a fire that initiates in an area external to the operations. 4.5.2 The building exterior and tenant separations shall meet or exceed the requirements of the local building code and this standard. Granted, the fire being discussed was in London, and facilities external to the US are not required to follow NFPA232, but there is BS5454, and I don't know how closely that was being followed. All the same, the argument we heard time and again in the NFPA232 Technical Committee meetings is it's possible to design a fire suppression system that can adequately protect records without the need for limiting the size of a compartment or the volume of records it holds, so why isn't it done? Do we need more courts to make decisions similar to what happened in the Diversified Records fire with judgments in excess of $60 million for the clients before storage providers start offering sufficient protection? DO review your existing contracts and find out what the limitations of liability are. DO make a visit to the facility storing YOUR organization's information assets, and verify they are ALL stored in that one facility, or how ever many facilities you've requested them to be stored in. ASK to see the fire protection plan and emergency management plan. VISIT the local fire protection facility and find out if they are aware of the occupancy type and volume of combustible materials stored in the facility they may be called on to defend. It may not have been the same occupancy type when they last inspected it. PAY ATTENTION to the adjacent businesses and find out if they pose a potential threat or hazard to your assets. There's a lot you can do to help protect yourself, you should do as much as you can while your assets are still intact.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: