Spend a day in a data center and you will come away with a deep appreciation that indoor noise exposure is a priority safety consideration. (Digital Realty Trust, Inc. photo)

Data Center EH&S 101

Stakeholders' concerns range from asbestos and lead-based paint typically found in older and/or legacy data centers to fire-resistant clothing, contractor and construction management, elevated work such as portable and fixed ladders, and rooftop maintenance.

As of 2014, the data center colocation global market was valued at $25 billion1, with stable growth expected into the future. As the cloud continues to evolve, the data center market will continue to grow. I estimate that nearly half of information technology and facilities manager budgets go into this area. Primary market drivers include:

  • Data protection (e.g., Sarbanes-Oxley)
  • Disaster backup capabilities
  • Growing financial sections (e.g., Internet banking) and various other online companies
  • Student distance learning (e.g., online degrees)
  • Data security/storage/resilience for corporations

At its most basic level, a data center is a building, or portion of a building, with its primary function housing a computer room and its support areas. A data center has four basic requirements:

1. Location—a place to locate computer, storage, and networking devices

2. Power—power needed to operate and maintain the devices

3. Cabling—connectivity provided to other devices, both inside and out

4. HVAC—temperature-controlled environment to meet suitable operating requirements

The challenges of effective data center operations include:

  • Site location
  • Reliability and availability
  • Power
  • Rack space
  • Heating and cooling
  • Environmental, health, and safety (EH&S)

Data Center EH&S
I am a 20+ year EH&S professional, and I spend a lot of time discussing various rules and regulations with internal and external stakeholders. Their concerns tend to be local, their questions general, while the regulatory differences from state to state, country to country, and even region to region tend to be minimal. The environmental themes pertaining to data centers that dominate my conversations are, specifically:

  • Hazardous material use and waste management
  • Air emissions
  • Drinking water, stormwater, and wastewater
  • Energy use
  • Other regulations/topics

Let's take these one by one.

Hazardous material use and waste management
Diesel fuel storage tops the list for high-priority environmental considerations. It’s typically stored in aboveground storage tanks (ASTs), but underground storage tanks (USTs) are common in high-density locations such as Los Angeles, Chicago, and Philadelphia. Performing regular inspections and keeping monitoring records is critical because there are a variety of overlapping federal laws and regulations, and many states and local agencies have even stricter requirements.

If a data center stores diesel fuel for emergency generators in excess of 1,320 gallons in total above ground, 660 gallons above ground in a single container, or 42,000 gallons below ground, the owner of the data center is required to develop, implement, and maintain a Spill Prevention, Control and Countermeasure (SPCC) plan. The SPCC plan must include spill prevention and cleanup procedures, inspection protocols for containers/ASTs/USTs, recordkeeping, and training. It's often required that a professional engineer from the applicable state signs off on the plan.

EPA designed the UST program to be implemented by the states. States with approved programs have primary enforcement authority. The requirements for UST owners are extensive and include leak detection monitoring and integrity testing. In states without approved programs, UST owners and operators remain subject to federal standards, as well as any additional state and local regulations that may still apply.

Other small-quantity process chemicals such as cleaning solutions and solvents, used process piping, small batteries, and items such as fluorescent lamps need to be included in any pollution prevention, hazardous/universal waste management, and hazardous materials management plan. Generator fuel storage tanks and certain types of batteries (e.g., sulfuric acid) also may require reporting under the hazardous chemical inventory reporting requirements contained in SARA Title III Emergency Planning and Community Right-To-Know Act (EPCRA).

Air emissions
The air emissions from generators or uninterruptible power supply (UPS) systems common to data centers are another high-priority environmental consideration. Depending on the type of fuel combusted, the year of installation, and horsepower, generators may be subject to air regulations that include emission limits, operational restrictions, and maintenance and testing requirements. Be alert to the critical differences in federal, state, and local requirements regarding Major Source Thresholds, default generator usage limits, and other air emission requirements.

For example: A data center with a new or modified source with the potential to emit 10 tons per year (TPY) or more of an ozone precursor criteria pollutant in nonattainment in the "extreme" Los Angeles area would be considered a major source. In contrast, a data center with a new or modified source with the potential to emit 90 TPY of the same precursor pollutant in the state of Colorado, which is classified as a "marginal" nonattainment area for many ozone precursor pollutants, would be classified as a minor source.

Default generator usage limits is another area where differences are defined by the location of the data center. The limits are based on 12-month rolling emissions calculations, engine use logs, run meters, opacity, fuel receipt records, and posting of air permits and legal notices, and they all create variability.

For example: In Maricopa County, Ariz., a data center operating in Chandler is subject to Maricopa County Rule 324 engine use requirements. Engines at or below 1,000 brake horsepower (BHP) are limited to 200 hours per year per generator (hrs/yr/generator), while engines above 1,000 BHP are limited to 100 hrs/yr/generator. In comparison, engines in the state of South Carolina are only limited to 500 hrs/yr/generator.

Data centers use HVAC systems to maintain a cool environment for servers. Some have fire-suppressant systems that use halons. Both cooling and fire-suppression systems may employ chemicals regulated under EPA’s Ozone Depleting Substance (ODS) rules. As a result, generators, UPS systems, and equipment containing ODSs may require the development of management plans and hazardous inventory reports to comply with the Clean Air Act and EPCRA.

Under Section 608 of the Clean Air Act, EPA has established regulations (40 Code of Federal Regulations Part 82, Subpart F) that:

  • require service practices that maximize recovery and recycling of ODS—both chlorofluorocarbons (CFCs) and hydrochlorofluorocarbons (HCFCs) and their blends— during the servicing and disposal of air-conditioning and refrigeration equipment
  • set certification requirements for refrigerant recycling and recovery equipment, technicians, and refrigerant reclaimers
  • restrict the sale of refrigerant to certified technicians
  • require persons servicing or disposing of air-conditioning and refrigeration equipment to certify to EPA that they have acquired refrigerant recovery and/or recycling equipment and are complying with the requirements of the rule
  • require the repair of substantial leaks in air-conditioning and refrigeration equipment with a refrigerant charge greater than 50 pounds
  • establish safe disposal requirements to ensure removal of refrigerants from goods that enter the waste stream with the charge intact (e.g., motor vehicle air conditioners, home refrigerators, and room air conditioners)

The State of California and other state and local ODS regulations tend to mirror the federal ODS regulations (e.g., certified technician, legislative action dates, etc.). In fact, it appears that the California rules—both state and local, in some cases—supersede the federal rule only in reference to various time-to-comply dates, leak rate triggers, and other general references.

For example: Different leak rate triggers can be found in EPA, State of California, and South Coast Air Quality Management District (SCAQMD) regulations. According to EPA requirements, leaks must be repaired within 30 days with a mandatory initial verification check when the leak rate exceeds 35 percent; extensions are possible in certain cases. On the other hand, the California Air Resources Board and SCAQMD require repair for all leaks within 14 days, with verification check. There's no mention of the 35 percent annual leak rate trigger allowed by EPA.

Drinking water, stormwater, and wastewater regulations
While typically of minimal concern in data center operations, water regulations are a common discussion topic. Drinking water for data center operations comes from local municipalities in most instances similar to a normal office building environment. No special requirements need be considered.

Excluding some minor exceptions that exist in places such as Chandler, Ariz., data center operations with SIC code 6798 (Real Estate Investment Trusts) and NAICS code 518210 (Data Processing, Hosting, and Related Services) and ASTs and associated transfer activities are typically exempted from stormwater regulations. Special circumstances at a location are often covered in the SPCC Plan, for example, ASTs are mostly regulated via SPCC requirements.

No federally regulated wastewater processes are associated with data center operations. Because data centers typically discharge less than 25,000 gallons per day and don’t have the potential to discharge pollutants that could interrupt or pass through local wastewater treatment plants, operations typically fall under local wastewater agency general rules and regulations. Data centers are usually not required to obtain a wastewater discharge permit.

The most likely possibility for an out-of-specification or toxic discharge from data centers to the local wastewater system is in chiller blowdown. The concerns with the chemicals contained in the blowdown would include high alkalinity from sodium hydroxide and/or the toxicity of the bromine antimicrobial ingredient, which is based on a mixture of sodium hypochlorite and sodium bromide. Alkalinity is an unlikely concern because a data center only discharges a small, highly diluted volume of the product during blowdown, and blowdown in this volume and concentration is typically not a toxicity concern to local wastewater regulatory agencies.

Energy use
Data centers by definition are energy intensive because of the power required to both operate the equipment and cool the equipment. Energy, in and of itself, is one of the top two cost components of data center operations. Equipment operation expenses can be mitigated by designing increasingly power-efficient computers and storage systems.2 Data center designers have turned to natural means of cooling equipment to bring down cooling costs, in some instances locating in arctic terrain. To more efficiently manage the equipment, many data centers locate near good fiber connectivity, power grid connections, and populated areas.

Other environmental regulations/topics
These topics come up from time to time:

  • Toxic Substances Control Act. According to federal regulations contained in 40 CFR 763, polychlorinated biphenyl (PCB) transformers are those which contain PCBs at concentrations greater than 500 parts per million (ppm). PCB-contaminated transformers contain between 50 and 499 ppm PCBs. PCBs are used in electrical transformers because of their fire retardant composition. Since PCB transformers were manufactured between 1929 and 1977, they are basically a concern only in data centers constructed before 1978.
  • Travel Reduction Programs. Although mobile sources of air emissions from vehicles commuting to/from work are a major contributor to air pollution and associated climate and human health impacts, individual data centers typically fall outside the requirements of travel reduction programs. These are not buildings with the requisite large numbers of employees.
  • Light pollution. Outdoor light fixtures are commonly required to be fully or partially shielded. Example, Arizona Revised Statutes 49-1102—outdoor light fixtures are commonly required to be fully or partially shielded, except for incandescent fixtures of 150 watts or less and other sources of 70 watts or less.
  • Outdoor noise. Data centers must comply with local codes and correlate with operating times of cooling equipment and diesel engine operation while maintaining perimeter noise performance levels.

Prevention Is the Best Safety Technology
Numerous safety topics dominate my conversations with stakeholders, the topics ranging from asbestos and lead-based paint typically found in older and/or legacy data centers to fire-resistant clothing, contractor and construction management, elevated work such as portable and fixed ladders, and rooftop maintenance. These are all important concerns, but four safety topics dominate my conversations defining the greatest threats to mission data center operations:

1. Fire protection, prevention, and suppression
2. Electrical safety
3. Confined spaces
4. Indoor noise exposure

Fire protection, prevention, and suppression
Of the businesses that close due to a major crisis such as fire, 43 percent never reopen; 29 percent of the businesses that do reopen fail within two years.3 So it’s essential that data centers prepare for the unseen disaster.

National Fire Protection Agency (NFPA) 75 is the standard that applies to the protection of computer and data processing equipment. One notable revision to NFPA 75 in 1999 allows data centers to continue to power electronic equipment upon activation of a gaseous agent totally flooding the system. This exception was made for data centers that meet the following risk considerations:

  • economic loss resulting from loss of function or loss of records, loss of equipment value, and loss of life
  • risk of fire threat to the installation, occupants, or exposed property within that installation

There are three system objectives to fire protection in data centers:

1. Fire detection (detect the presence of fire)
2. Communication (communicate the existence of a fire)
3. Suppression (contain and extinguish the fire)

Typically, two types of suppression agents are used in data centers: fire extinguishers and total flooding fire extinguishers. The two agents commonly used in suppression systems are inert gas or Inergen, and fluorine-based compounds such as FE 200 and FE 227ea.

The best fire protection method is prevention. This is true of most EH&S issues.

Electrical safety
The consequences of an electrical event in a data center can be just as dangerous as fire. The estimated minimum cost of an electrical accident is $750,000, while other consequences include regulatory oversight, legal proceedings, and loss of human life.4

Electrical standards for data centers include, but are not limited to:

  • Institute of Electrical and Electronic Engineers (IEEE) Standard edition 1584-2002: Guide for Performing Arc Flash Hazard Calculations
  • NFPA 70 edition 2014: National Electrical Code
  • NFPA 70E edition 2015: Standard for Electrical Safety in the Workplace
  • OSHA 29 CFR Part 1910 Subpart S
  • Applicable state and local requirements

On the surface, the key to avoiding an electrical event in a data center is relatively straightforward: De-energize "live" equipment before working on or near it. However, in reality, the demands of time and budget, along with the challenges of implementing change, as well as customer demands and other stakeholder "involvement," make it a challenging road for the EH&S professional. But there is a solution. Specifically, OSHA prohibits work on live electrical parts operating at more than 50 volts unless the employer can demonstrate that de-energizing introduces additional or increased hazards or is infeasible due to equipment design or operational limitations.

These exceptions include:

  • Testing of equipment that can only be performed energized (i.e. thermal scanning). Under the OSHA "testing of equipment" exception, energized testing such as troubleshooting or diagnostics, thermal scanning, testing to verify de-energization, and meter readings must be performed energized to obtain meaningful test data.
  • Work on equipment that is part of a continuous industrial process.
  • Work on equipment supporting life safety and/or illumination for an area.
  • Work where de-energizing presents an increased hazard (i.e., shutdown of hazardous location ventilation equipment).

If it has been determined that de-energizing a circuit is not feasible and the work must be done "live," the employer shall enforce the following practices as applicable, including but not limited to:

  • Work to be performed by a "qualified person" as defined by OSHA
  • Use of an Energized Electrical Work Permit
  • Use of PPE per arc flash labeling/information
  • Adherence to company safety program

As a best-in-class electrical safety practice and to reduce the risk of electrical hazards in data centers, companies such as Digital Realty now invest in two new technologies:

  • Finger safe panel-boards. These systems utilize circuit breakers with long insulated connectors on the line side to reduce exposure.
  • Overhead busways. These systems utilize pre-installed busways and prefabricated junction boxes that connect to the bus.

These state-of-the-art safety devices help prevent personnel exposure to live parts. Workers can maintain systems without the risk of electrocution and without the need to de-energize large portions of the data center.

Confined spaces
While fire protection and electrical hazards get the most attention from a safety perspective, confined spaces are also a significant safety concern. Water storage tanks, electrical vaults, HVAC systems, and other confined spaces found at data centers are not intended for continuous occupancy. They are difficult to exit in an emergency. Data center workers and contractors face life-threatening hazards within them, including but not limited to asphyxiation. Workers and contractors must be trained about the hazards, the work environment needs to be continuously evaluated, and communication requirements need to be implemented to ensure everyone’s safety.

Indoor noise exposure
Finally, spend a day in a data center and you will come away with a deep appreciation that indoor noise exposure is a priority safety consideration. Noise from generators, electrical rooms, power rooms, etc. may exceed OSHA and NIOSH guidelines in a workplace. Specifically, the permissible exposure limit, OSHA's limit, for noise is 85 dBA or above over a 16-hour day, while NIOSH's recommended exposure limit is 85dBA over an 8-hour day. The simple fact that the NIOSH recommended exposure limit is less than the regulatory limit should raise a few eyebrows in the EH&S community. There is no cure for noise-related hearing loss. Prevention, by implementing an effective and proactive hearing conservation program, is the best course of action for your workers’ safety.

Conclusion
The unique EH&S hazards in data centers create a dangerous environment if not managed correctly, particularly in lieu of the demands of 24/7/365 mission-critical operations. Today's data centers operate more proactively by identifying the standards and regulations, having multiple and parallel options available, and with processes in place to protect the environment and keep workers safe.

References
1. Global Data Center Colocation Market Reaches $25B; Sverdlik, Yevgeniy; Data Center Knowledge; http://www.datacenterknowledge.com/archives/2014/12/23/multitenant-colocation-data-center-market-reaches-25b; 2014
2, Power Management Techniques for Data Centers: A Survey, Sparsh Mittal, Future Technologies Group; http://www.academia.edu/6982393/Power_Management_Techniques_for_Data_Centers_A_Survey; Oak Ridge National Laboratory
3. So You Think You Have a Good Business Recovery Plan?—Steps an Asset Management Company can take to Recover from a Major Disaster; Elrod, Roger; Asset Management Support Services Engineer; http://www.infosecwriters.com/text_resources/pdf/Good_Business_Recovery_Plan.pdf
4. White paper—Ten ways to ensure the safety of data center employees; ABB; www.abb.com; https://library.e.abb.com/public/9c63a82c61558d3285257c0f0058aac6/ABB-797-WPO_Data_Center_safety_11-8-13.pdf

This article originally appeared in the April 2016 issue of Occupational Health & Safety.

Featured

Artificial Intelligence