5.28.21 – SSI – Shane Clary
Risk identification should be done at the beginning of a project, but also throughout a project and in the case of an MNS, for the duration of the system.
My discussion this month will be on one of the key components that need to be considered when designing any mass notification system (MNS), and that is the risk analysis. Before any design is laid out, shop drawings produced, equipment ordered or a system is installed, a risk analysis needs to be executed. The size and complexity of the occupancy will in the end dictate the size of the risk analysis.
The concept of a risk analysis is not new, nor is it found only within NFPA 72, National Fire Alarm and Signaling Code. There are many books on the topic, as well as courses that are taught at the graduate level within engineering, finance and management. At the highest levels, it does involve very complex mathematics and several Nobel Economic Prizes have been awarded on aspects of this topic.
By definition, risk analysis is identifying and analyzing future events that may have a negative impact on individuals, property, assets and the environment. Within NFPA 72, it is described as “a process to characterize the likelihood, vulnerability, and magnitude of incidents associated with natural, technological, and manmade disasters and other emergencies that address scenarios of concern, their probability and their potential consequences.” It is the “probability” that at an extreme level mathematics comes into play, but not at the level found within NFPA 72.
Risk analysis involves a number of basic steps, and this should not vary between the design of an MNS or the siting of strategic warheads. What is the risk, what is the potential impact of the risk, how can the risk be handled and how is the risk to be monitored?
The user of the occupancy must be part of this process. A risk analysis for an MNS can simply not be done without the input of those that will be operating within the premises that is to have an MNS system installed within.
In identifying risks, some may be more apparent than others. Risk identification should be done at the beginning of a project, but also throughout a project and in the case of an MNS, for the duration of the system. Occupancies change over time, both in use and hazards that may be present both internally and externally. Once an MNS is installed, that should not be the end of identification of risks.
Once the risks have been identified, what is the potential impact of each risk? One method is to look at the impact as being high, medium or low. A high impact would be an event that may be catastrophic to the business or occupancy. A medium impact would be critical and a low risk would be marginal. In looking at the impact that a particular identified risk may have, the probability should also be looked at.
A high-risk impact with a high probability would have more weight than that of a low-risk impact with a low probability. There are of course a variety of combinations to this, and they are best to be placed into a matrix such as high impact and then high, medium or low probabilities.
The next step is how is the risk to be handled? For an MNS, this would be the means of notification and who should be notified. Is this to be for an event that may occur within a portion of the premises, the entire premises, or outside of the premises?
If outside, is the event on the property of the premises or outside of the property? Is the notification to go to those inside, outside or both? Is notification to be provided to those that are not on the property?
If this is determined to be required, is this in the general vicinity, community, city, county? How shall this notification be made, and is this to be in stages as a situation develops or all at once? During the formation of the risk analysis, these questions and resolutions should be placed within a matrix. Within the matrix would be each risk, such as fire, hazardous substance release, active shooter and so forth.
The final part is how is the risk to be monitored? By this I mean before an event occurs. This returns to the point that I mentioned above that a risk analysis does not end with the MNS system being installed. Over time, there needs to be a reassessment of the risks.
Some may no longer be as high as before, while others that were not even present at the time of the original risk analysis may now be present and at a critical state. New risk that may be identified will need to be planned for. Risk reviews should be planned for and clearly stated within the original risk analysis.
The specific requirements for a risk analysis within the 2019 edition of NFPA 72 is found in Section 24.3.12. A tool to use when preparing a risk analysis for an MNS is found in Table A.7.3.6, Risk Analysis Checklist. As I mentioned above, the user of the MNS is to be involved with the completion of the checklist.
In closing, the risk analysis for an MNS does not need to be overly complex but does need to take into consideration identification of the risks, impact of the risks, handling of the risks and ongoing monitoring of risks.