Safety and Crisis Management

Safety and Crisis Management

Data centers should provide safe working environments. RackBank, as the data center investor/owner/operator, is legally and ethically obliged to ensure that the facilities incorporate safety design principles compliant with statutory regulations, industry standards, and best practices. Work-related injuries can have a high impact on the well-being of staff as well as being very costly for the organization, so it is vital to invest adequate time, money, and planning to ensure a comfortable and safe work environment.

Ultimately, safety is everybody’s responsibility; therefore, appropriate management processes and training programs should be implemented. Customers, visitors, contractors, and vendors should also be made aware of specific safety measures and rules applied to the data center, which should be described in the Service Level Agreements and contracts governing the service delivery.

1 Company Safety Policies and Regulations

RackBank Follows occupational health and safety (OH&S) policies. OH&S is also often referred to as WHS (Work Health Safety) or EH&S (Environmental Hazards & Safety). The OH&S policies should be at least similar to or better than the regulatory and industry-specific requirements. The policies should at least:

  • Be appropriate to the nature and size of the data center/organization.

  • Be approved and signed off by senior management.

  • Include a regular review and continuous improvement plan.

  • Be readily available to relevant individuals within RackBank, its customers, visitors, and suppliers.

  • Be communicated on a regular basis.

Hazard Assessment

Potential hazards in the data center may be physical or health-related, and a comprehensive hazard assessment should identify hazards in both categories. Examples of physical hazards include moving objects, fluctuating temperatures, high-intensity lighting, rolling or pinching objects, electrical connections, and sharp edges. Examples of health hazards include overexposure to harmful levels of dust, chemicals, or radiation. The outcome of the assessment should be documented to be used as input to a comprehensive safety and health program.

Government/Statutory/Industry Regulations and Best Practices

RackBank familiar with and comply with any government-imposed regulations and codes. RackBank maintain a registry of all applicable regulations and codes. Where feasible, RackBank should retain at least the latest copies of applicable regulations and codes so that reviews can be undertaken to ensure compliance. Alternatively, RackBank could use qualified experts who should provide evidence of possessing the latest version of the applicable regulations and codes.

Where industry regulations apply, similar requirements are applicable.

A regular review should be conducted to ensure that any changes to the regulations and codes are reviewed, and appropriate and timely action is taken to ensure continuous compliance.

Occupational Health and Safety (OH&S) Objectives Program(s)

RackBank establishes and maintains occupational health and safety objectives that are documented and communicated within the organization.

The objectives should be:

  • Realistic and measurable (where applicable).

  • Relevant to the department and/or function.

  • Part of or referenced in departmental goals and/or job descriptions.

RackBank established a program supporting the objectives set. Examples of such programs could include training and communication plans, reward/penalty schemes, and other ways of driving towards achieving the objectives.

Safety Committee and Staff

RackBank should appoint a safety committee and staff.The safety committee should meet on a regular basis. The committee should address at the minimum:

  • New/changed safety regulations.

  • Newly reported safety incidents and their root cause.

  • Recommendations for appropriate corrective action.

  • Systems for reporting incidents and ‘near misses’.

  • Availability and correct functioning of PPE (Personal Protective Equipment), first-aid accessories, and other general safety equipment and measures.

Appointed safety staff could be a dedicated or shared function depending on the size of RackBank. Where a shared function is appropriate, it should not create a conflict of interest. Safety staff should have clearly defined roles, responsibilities, and authorization levels. At a minimum, the following functions should be appointed:

  • Risk Manager: responsible for risk assessments.

  • Safety Manager: responsible for the overall safety policies and procedures.

  • First Aid Officer(s).

  • Emergency Warden/Floor Warden: safeguards life and property in an emergency.

Appointed staff should be fit for duty at all times. Where the code permits, RackBank should regularly review the physical and mental health of the appointed staff so that they are ready if called upon.

The Safety Manager should be part of the senior management team to ensure an appropriate level of attention to safety-related matters.

OH&S/WHS Manual

RackBank has an appropriate minimum set of policies, procedures, and work instructions covering occupational health and safety-related matters. They should cover at least the following areas:

  • Site safety:

    • Signage.

    • Fire safety equipment (e.g., fire extinguishers, fire hose reel, sprinkler systems, flashlights).

    • Medical safety (e.g., first aid kit, AEDs).

    • Emergency lighting.

  • General staff well-being:

    • Heavy lifting.

    • Indoor air quality.

    • Exposure to electromagnetic fields and other radiation sources.

    • Ergonomics.

    • Adequate lighting.

    • Noise in the workplace.

    • Fire risk assessment.

    • Trip hazards.

    • Disability access.

    • Medical tests.

    • PPE – Personal Protective Equipment.

    • Mail/goods handling.

  • Use of equipment and tools:

    • Safe use of equipment and tools.

    • Arc flash studies.

    • Calibration.

    • Testing of equipment.

    • Lock-Out Tag-Out (LOTO) procedures.

  • Emergencies:

    • Fire.

    • Power blackout.

    • Medical.

    • Pandemic.

    • Unrest (e.g., strike/industrial action, demonstrations).

The descriptions in the manual should be short, to the point, and concise to ensure effectiveness and efficiency in its usage.

The list above serves as an example; RackBank should perform a thorough safety risk assessment to determine the applicable areas under scope, which should include location-specific safety risks (e.g., earthquake).

Safety Awareness Training

RackBank conducts safety awareness training for new hires. It should also conduct regular, planned safety refresher training for its existing staff at planned intervals and after any major change.

The safety awareness training should comprise at least the following programs:

  • General safety awareness program: to be conducted for all staff to include at a minimum:

    • Evacuation procedures.

    • First aid.

    • Fire extinguisher handling.

    • Medical emergencies.

  • Specific safety awareness program: to be conducted for relevant staff:

    • Cardio-Pulmonary Resuscitation (CPR).

    • Automatic External Defibrillator (AED).

    • Emergency Response Team (ERT).

Specific training programs should cover at a minimum topics such as the usage of PPE (Personal Protective Equipment), safety shutdown/startup procedures of equipment, and/or how to operate specific equipment and machines where appropriate.

The safety awareness training should be concluded with a written exam and, where possible, a practical exam, which might be on a sampling basis (e.g., one person activating and using a fire extinguisher).

Safety awareness training programs should be reviewed regularly to ensure they remain relevant and adequate.

Vendor/Supplier Briefing

Vendors/suppliers should be briefed on the relevant safety policies and procedures. Briefings may occur in several forms and should take place well before the actual activity undertaken by the vendor/supplier. Evidence should be present that such briefings took place.

Vendors should at least sign an acknowledgment that safety policies and procedures have been conveyed, understood, and accepted by the individual.

It is advisable to conduct a test where applicable and desirable to ensure that the briefing is clearly understood by those who attended.

Where vendors/suppliers are deployed for longer-term considerations, they should be given refresher briefings.

Communication, Participation, and Consultation

RackBank follows procedures that enable two-way communication between the staff writing and maintaining the policies, procedures, and work instructions related to occupational health and safety and those who use them daily. Such two-way communication, participation, and consultation should include:

  • Procedures for users to provide feedback, which will be recorded and evaluated regularly.

  • Procedures that allow reviews of proposed changes by subject matter experts and one or more users to whom the procedures will apply.

Operational Procedures and Control

RackBank regularly assesses which operational and maintenance activities have a risk profile, for which appropriate controls need to be established.

1. PTW – Permit To Work Procedures

RackBank should create policies and procedures for a PTW - ‘Permit To Work’ process. The PTW policies and procedures aim to ensure that proper planning and consideration are given to the risks of a particular activity. The PTW process should ensure that appropriate resources are allocated, that all risks and backup plans are reviewed and approved, and that all upcoming changes are communicated to the relevant parties.

The PTW process should be applied to both routine (e.g., maintenance) and non-routine activities, which may require safety analysis before work commences. PTW should also apply to any work conducted by infrequent users of the facility, e.g., 3rd party carriers, vendors, and others where there is a perceived risk to the staff or operation of the data center facility.

The permit is a written document that authorizes certain people to carry out specific work at a specified time and place and sets out the main precautions needed to complete the job safely. The issue of a permit does not by itself make a job safe, as that can only be achieved by those preparing the job at hand and carrying out the actual activities in a professional and safe manner.

PTW procedures should be categorized by at least the following:

  • Hot work permit (e.g., cutting, welding, grinding).

  • Cold work permit (e.g., toxic/corrosive chemicals, erecting/dismantling structures).

  • Energy work permit (e.g., electrical, pneumatic, pressure).

  • Confined space entry permit (e.g., risers, cellar).

  • Ground disturbance permit (e.g., digging, trenching).

PTW procedures should describe at least the following stages:

  • Initiation.

  • Approval.

  • Preparations.

  • Commencement.

  • Work in progress.

  • Work delay.

  • Work completed.

  • Emergency suspensions/cancellations/roll back plan.

A standard PTW form should be available for usage across all parts of RackBank related to the data center. RackBank could consider having different forms for different types of risk (e.g., hot works, cold works, confined space works). The form should list at a minimum the following:

  • Initiator/requestor and submission date of the PTW.

  • Emergency contact details.

  • Title of the planned activity/task.

  • Planned start and end date.

  • Work restriction period (e.g., out of office hours, weekend).

  • Description of the exact location.

  • Detailed description of work (Method Statement).

  • Fall-back plan.

  • List of documents required (e.g., diagrams).

  • Details of potential risks, hazards, and precautions.

  • Details of potential security risks and precautions.

  • Details of potential risk on service availability.

  • Details of qualifications required.

  • Approvals required (e.g., local codes, corporate policies).

  • Details of equipment/tools to be used, including PPE (Personal Protective Equipment).

  • Parties to be notified.

  • Persons to sign off the PTW:

    • Departments directly involved in the activities.

    • Safety manager.

    • Security manager.

    • Appropriate level of management.

    • 3rd parties (where applicable).

The sign-off procedures should include at a minimum the following functions:

  • Safety manager.

  • Department manager who will be affected by the work.

  • Security manager.

The PTW should be submitted well ahead of time so that the review and approval are not put under undue pressure, as this introduces a risk.

RackBank have procedures to review the risks associated with potentially executing multiple PTWs at the same time to ensure that these concurrently executed PTWs are not creating additional risks (e.g., a battery replacement of a UPS whilst at the same time servicing the standby generator might in some cases create additional risks).

The original and approved PTW should be filed appropriately in line with document management policies and procedures. A copy of the approved PTW should be displayed at the site of works during the execution.

Where possible, PTW activities should not overlap with a shift change. Where it does, appropriate plans should be made to minimize the potential risks.

2 Facility Safety Equipment, Tools, and Signage

RackBank deploys appropriate types and levels of safety equipment, tools, and signage such as fire extinguishers, EXIT signs, etc. The amount and type of equipment, tools, and signage deployed should meet at a minimum the local regulatory codes and strongly consider other standards and best practices.

RackBank has a process to ensure that all equipment, tools, and signage are well maintained and in optimum working condition.

3 Measurement and Test Equipment (M&TE)

RackBank defines and maintains a list of controlled measurement and test equipment (M&TE). The M&TE list should include at least the following:

  • Brand/Model.

  • Identification label (e.g., serial/asset tag number).

  • Name/details of the calibration institute.

  • Date of last calibration and/or certification.

  • Calibration/certification expiry date, which should not exceed more than one year from the date of last calibration/certification unless otherwise specified by the manufacturer.

Optionally, the list could contain detailed information such as department/owner, location of storage, service contract reference, date of purchase/deployment, expected retirement, and other info based on the principles of equipment life cycle planning.

M&TE equipment should bear a label indicating either the calibration/certification date and/or expiry date.

4 Calibration/Certification

All controlled M&TE should be calibrated/tested regularly to ensure the accuracy and precision of data recorded and the decisions made based on that data. Calibration/testing should be performed by a certified institute and according to the recommendations of the equipment manufacturer. A process should be in place that triggers a regular check of the list to ensure M&TE (re)calibration/certification is undertaken before expiration.

5 Lock-Out/Tag-Out (LOTO)

Energy sources, including electrical, mechanical, hydraulic, pneumatic, chemical, thermal, or other sources in equipment, can be hazardous to staff. During the servicing and maintenance of machines

and equipment, the unexpected startup or release of stored energy could cause injury to staff. RackBank should therefore have proper lockout/tagout procedures for all areas, machines, and equipment.

The lock-out/tag-out policies and procedures should address at least the following:

  • Employer and employee responsibility:

    • Should comply with local regulations.

    • All employees must comply with the policies and procedures.

    • Supervisors of work should enforce the policies and procedures.

  • Lock-out/tag-out should follow the PTW procedures.

  • Lock-out and tag-out devices:

    • Should be able to work under the environmental conditions they are exposed to.

    • Should be strong enough and have proper locking mechanisms so that it is not possible to inadvertently be removed.

    • Should have designated color/shape/size. Any text/number should be printed at an appropriate size.

    • Should indicate who has applied it.

    • Where feasible, lock-out devices should have a unique key/combination.

  • Exposure survey:

    • Hazardous energy survey.

    • Propose lockout or tag-out procedure.

  • Energy control procedures:

    • Notification to affected users.

    • PTW process.

    • Shutdown/isolating/blocking/securing of equipment.

    • Removal of any potential (stored) energy where applicable.

    • Procedures for placing/transferring/removing lock-out devices and tag-out should be based on the four-eyes principle.

    • Re-energizing of equipment.

    • Specialized control procedures for energized testing.

  • Training.

  • Review of effectiveness:

    • Analysis of incidents.

    • Updates.

Where practically possible, the individual locking out the equipment should also remove the lockout to increase safety levels.

Where lock-out devices use two keys, RackBank should consider having each key with a different person to increase safety levels.

Where the responsibility is handed over to another individual, it should be adequately documented and signed off.

6 PPE - Personal Protective Equipment

The purpose of the PPE policies is to protect individuals from exposure to workplace hazards and the risk of injury through the use of personal protective equipment (PPE), at a minimum, adhere to local regulations and codes.

The PPE policies should at least cover the following:

  • Responsibilities of staff and suppliers.

  • Hazard assessment.

  • PPE selection.

  • Training and retraining.

  • Safety disciplinary policies.

  • Cleaning and maintenance of PPE.

  • Regular testing and (re)certification.

  • Review and update of PPE policies.

8.10.7 Electrical Test and Tagging of (Portable) Equipment

RackBank policies and procedures to test and tag at regular and planned intervals (portable) electrical equipment and electrical extension cords. Tests should include:

  • Visual inspection.

  • Electrical testing:

    • Insulation resistance.

    • Leakage current testing.

    • Polarity.

    • Earth resistance.

Equipment tested should be tagged. The tag should at a minimum indicate:

  • The individual who conducted the test.

  • Date of the test.

  • Result of the test.

  • Date before which the next test needs to be conducted.

Where the equipment did not successfully pass the test, it should be labeled immediately and taken out of service.

Emergency Preparedness and Response

Despite RackBank’s best efforts, accidents and other emergency situations can occur. Therefore, RackBank should have policies, plans, and procedures to deal with them effectively and efficiently to reduce potential injuries, prevent or minimize environmental impacts, protect employees and neighbors, reduce asset losses, and minimize downtime.

The emergency preparedness and response (EP&R) program should include at a minimum the following:

  • Risk assessment for potential accidents and emergencies under different scenarios (e.g., accidents, emergencies out of office hours).

  • Preventive measures and/or countermeasures to avoid incidents and their associated (environmental/business) impact.

  • Response to incidents (i.e., emergency plans and procedures).

  • Training.

  • Regular testing of emergency plans and procedures.

  • Mitigation of impacts associated with accidents and emergencies.

  • Review policies and procedures (regular as well as incident-based).

The EP&R should at least cover the following potential emergencies:

  • Power failures / blackouts.

  • Fire.

  • Gas/chemical spills.

  • Computer room / ICT shutdown.

  • Safety/Medical emergencies:

    • Accidents.

    • Pandemics.

    • Health issues.

  • Extraordinary threats/events:

    • Bomb threat.

    • Unrest (political, internal, etc.).

    • Strike.

    • Sudden loss of company executives/officers.

    • Natural events/disasters.

1 Quick Reference Handbook (QRH)

RackBank develops a quick reference handbook that contains all the procedures applicable for emergency conditions in an easy-to-use format. Information included should be time-critical and may be checklist-based (e.g., response to severe accidents involving people and/or facility and/or equipment).

2 Emergency Coordinator

Throughout the duration of any emergency, the Emergency Coordinator will be responsible for making command decisions and/or coordinating decisions. RackBank should appoint an Emergency Coordinator who has full management support, including appropriate levels of backup. The Emergency Coordinator should be able to invoke business continuity and disaster recovery procedures or, where not empowered to do so, be able to directly communicate with the individual with this level of decision-making authority.

3 Emergency Communication Coordinator

It is important that all relevant parties are informed and kept up-to-date during an emergency. The Emergency Coordinator should work with the Emergency Communication Coordinator. These functions should ideally be separated to ensure the Emergency Coordinator remains focused on the emergency at hand.

Crisis Management and Communications

RackBank has an adequate and effective crisis management team and communication plan, including roles and responsibilities. The plan should address at a minimum the following:

  • Pre-crisis:

    • Signal/symptom detection.

    • Prevention/preparation.

  • Crisis:

    • Actual response to a crisis.

    • Containment/damage limitation.

  • Post-crisis:

    • Recovery (e.g., immediate, short/medium/long term).

    • Learning and improvement.

1 Crisis Management Team

RackBank established a crisis management team consisting of members representing various key departments. The objectives of a crisis management team are to respond immediately to warning signals of a (potential) crisis and execute plans to overcome crisis situations.

For the crisis team to be adequately prepared, meetings and desktop simulations should take place at regular, planned intervals and after any major change.

2 Crisis Control Center

RackBank has the capability to facilitate a pre-designated crisis control center to gather and manage the crisis situation. An alternative site should be identified in case a crisis control center cannot be established at the data center during a crisis.

3 Crisis Communication

RackBank establishes policies and procedures on how communication methods and channels should be used during and after a crisis. These policies should also cover how and who is allowed to communicate. This should include communication through any means, including social media.

These policies should at a minimum address but not be limited to:

  • Identification of (a) spokesperson(s) and providing media training.

  • Providing spokespersons with appropriate levels of access so that they are well informed.

  • Pre-drafting messages for the most common/expected type of crisis events.

  • Ensuring that the news media focuses on known facts and RackBank’s positive actions.

  • Communicating directly and effectively with employees and key communities of interest.

  • Demonstrating RackBank as a caring and responsible organization.

  • Maintaining trust and confidence in RackBank’s ability to effectively manage the crisis.

Media messages should be quick, accurate, and consistent to ensure trust and transparency.

Reporting of Safety Issues

RackBank establishes and publishes how safety-related issues should be reported. Reporting of safety-related matters should not have a negative impact on the person reporting it. Where feasible, the implementation of a reward program with recognition of those who deliver a positive contribution could enhance the commitment to safety. Additionally, RackBank should include an option to report safety issues anonymously.

Disciplinary Program

RackBank develops and publishes a disciplinary program for safety-related matters.

Reviews/Internal Audit

RackBank implements an SMBWA (Safety Management By Walking Around) procedure.

The workplace should be periodically reassessed for any changes in conditions, equipment, or operating procedures that could affect occupational hazards. This periodic reassessment should also include a review of injury and illness records to spot any trends or areas of concern and take appropriate corrective action. The suitability of existing PPE, including an evaluation of its condition and age, should be included in the reassessment.

The review should be documented and signed off by the appropriate stakeholders.

A safety scorecard process could assist in creating more awareness within RackBank, while at the same time providing transparency and visibility on the safety performance.

Where feasible, reviews/internal audits should be conducted by individuals not directly involved in data center operations.

External Audit

Over and above any regulatory requirements, RackBank should undergo a periodic 3rd party safety audit to have an impartial audit report that should be used to further improve safety measures

PreviousProject ManagementNextSecurity Management