Self Checking Safety in Fire Safety
If the business end of a fire safety system is pretty much failure-proof, does that make the whole system safe by nature? The rest of a sprinkler system is just plumbing, and outside a freak pipe burst or gross negligence, we should be completely safe, right? Not quite.
Sabotage and Operator Error
The hardware in fire safety is built to last. There is some necessary maintenance, but in large part it’ll stand the test of time like few other pieces of equipment. The greater challenge arises from mistakes and arsonists. Let’s take a look at the logistical side of a sprinkler system.
We have a few dangerous places here. If the main valve is turned off, no water. If the water pump is switched off, no water. There needs to be a system to prevent tampering. On a shoe-string budget, we might use locks, chains, and access control. This isn’t enough to prevent a tragedy. No matter what locking or control system we use, we still have one inherent problem: Insider Sabotage.
A disgruntled employee or even a forgetful employee could disable the fire safety equipment, intentionally to cause a problem or as part of their work on maintenance. If it’s intentional, no one’s going to know until there’s a pile of ashes where a building once stood. If it’s negligence, no one’s going to know until there’s a pile of ashes. Not to mention there’s always someone sufficiently stubborn to break past any locking mechanism we can devise.
This calls for an Active, Persistent, and Inescapable security system that will not shut up or stand to be silenced entirely.
Modern electronics have brought us the exact nanny our equipment calls for. We use fire alarm panels, which are wired to insane numbers of sensors. We can detect dozens of gasses, temperatures, and smoke; control the elevators for fire station over-ride, and more completely autonomously through these panels. We just need to add another sensor to the building, a tamper-sensor.
The exact implementation of tamper protections will vary by manufacturer and installation. In general, we want equipment that monitors and tests a few things. We want to know the status of every critical valve, which can be accomplished with a sensor mounted to the valve. Then we also want pressure sensors to detect if someone has punctured the piping to relieve pressure slowly. A flow-switch might not measure an extremely small pressure loss. Lastly, we need to test the sprinkler supply pump at regular intervals. This could be an automated start up and pressure test, it could even be configured to throw an alarm if communication is lost with the pump at any time.
This technology can broadly fall under the category of a Tamper Switch. We want to know if anything’s been messed with, regardless of cause, rhyme, or reason. Then the challenge becomes reacting to it. How do we treat these events. We can’t just empty the building every time we inspect the sprinkler system.
Alert Levels & Monitoring
This will vary by manufacturer but you can broadly say an alarm system has a few levels of error. Let’s say these are: “Error”, “Master Error”, and “Alarm.” In reality, there’s probably a dozen or two levels, but this is good enough to understand detecting and responding to problems.
We might treat a kitchen smoke detector tripping as only an “Error” level event. We don’t want to evacuate because someone burned their brownies. The system however does need to alert the dispatch and monitoring center and keep a record that something happened. It’s probably just a hiccup in the system.
If a tamper switch is moved however, that needs to be a little louder. That’s a master error. The building won’t be evacuated yet, but we’re going to scream at dispatch to get down here and fix it. We might even ring a loud buzzer at the alarm panel just to make sure someone notices and gets it fixed. On the one hand, if dispatch knows there’s work going on, they can suppress the alert and it can badger them every few hours to confirm the issue is still being worked on. If there isn’t work going on, then we can investigate and manually evacuate the building.
Lastly, you have your alarm state. This could be triggered by any number of conditions. If more than one detector are triggered, evacuate. If the tamper switch is triggered and an detector is going off, evacuate. If any pull station is activated, alarm. There’s no ignoring this stage of trouble.
Just Disable the Panel?
We’ve now traded a dozen individual safe guards for one big weakness, haven’t we? If the sprinkler valve on the 14th floor is shut, at least the rest of the building is still protected. Now however, someone could just target the fire alarm panel and ruin it all. That could be true in some circumstances, except these panels usually talk to a monitoring center.
A saboteur could somehow steal the necessary logins (yep, these panels have password protection), break into the area of the building housing the panel, and either turn the whole thing off or put it in test mode, but it’s not going to sit there quietly while you do that. The panel’s going to scream to dispatch that someone’s poking it. If there’s unauthorized access, the cops will be waiting for you at the door. No other security mechanism, whether’s it’s a locked door, chains, or redundancy is going to actively patrol itself in this manner.
We’ll say it again: when you build a fire safety system, and you do it right, it will take an act of every deity, from every religion, or significant negligence for it to fail. We use hair-triggers and precise engineering to ensure consistent safety.