Why Meeting ASHRAE’s Fresh Airflow Regulations isn’t as Easy as You Think

Both ASHRAE and the CDC have stated that one of the most important elements to ensuring a safe return to working in commercial office buildings after the COVID-19 shelter in place mandates have lifted is meeting their standards of fresh airflow. Unfortunately, there is no easy button in BMS systems to increase fresh airflow in commercial buildings, and simply increasing airflow can have negative effects throughout your buildings.

Here are three major categories where changes to airflow can create issues:

1. Tenant comfort

Too much airflow makes tenants feel like they’re in a wind tunnel – Too little and it gets stuffy – Where’s the middle ground? Airflow is supposed to be maintained ‘automatically’ by building automation systems (EMS, BMS, DDC, etc.) although they typically error towards sauna or hurricane due to improper tuning.

Under correct operation, building automation systems should maintain proper airflow to keep comfort <1-degrees from active space setpoint while ensuring proper air exchanges, preventing tenants from being stuck in an ‘airplane’ environment of recirculated air.

2. Indoor Air Quality (IAQ)

Does your office feel stuffy when it’s hot out? Or muggy when it’s cold? These obvious clues point to lack of proper air circulation or air exchanges in a building (ACH). Improper ACH typically occurs within 24-months post-installation resulting from:

  • Changes to minimum airflow settings to zones or individual offices.
  • Improper lockout sequencing to fresh air or economizer dampers
  • Improper control of airflow to zones

Most buildings suffer from a combination of the above three issues leading to 30-40% fresh air losses versus the ASHRAE minimum standard.

3. Energy Consumption

HVAC systems consume less than 50% of energy in most commercial buildings. Most of the energy loss is dictated by how much airflow is delivered throughout the building. Excessive airflow means running your fans too hard and tempering the air too much, leading to massive losses.

Most HVAC systems post-installation error heavily for comfort conditions often inadvertently sacrificing IAQ and energy savings. These setting adjustments typically include:

  • Economizer minimum damper position
  • Zone minimum airflow settings
  • Building pressurization setpoint

Merely adjusting these set points is extremely challenging and must be done on a seasonal basis, often eliminating any payback.

The proper balance between tenant comfort, indoor air quality, and energy savings is immensely challenging – often requiring constant tuning from onsite engineering staff. Additionally, The vast majority of buildings that suffer from one or two of the three listed symptoms are incapable of supporting an onsite, physical onsite engineer.

To combat these issues, Hank provides a true virtual engineer that is comparable to having a real engineer in every space constantly tuning for comfort, IAQ, and energy efficiency.  On average, Hank has been able to keep buildings at 1.5 times that of ASHRAE’s fresh air standard while lowering energy costs.  Click here to schedule a demo of our real-time IAQ dashboard and see for yourself how building owners are using advanced technologies to create healthy buildings.

Your commercial office is the next Target for hackers – Part: 2

What happens when hackers springboard from your building automation system to your tenants’ networks

By: Zach Denning


I’d like to preface this article by stating that during our research we reached out to every building owner that had vulnerabilities with details of information we discovered – All without cost to them and without the expectation of future work.

At no time did we attempt to login or ‘hack’ a building automation system – We simply tested these networks for vulnerabilities easily exploited by hackers.

It’s our initiative to secure sites where our HVAC Partners implement our software platform while educating owners of vulnerabilities relating to building automation.


In the last article  ‘Your building is the next Target for hackers’ we discussed how easy it is to penetrate building automation systems and even new ways to drop a virus payload to the network through open protocols like Bacnet IP.

We even found over +300 different buildings with the Bacnet IP port open to the Internet, screaming to get hacked.

Didn’t read it? No worries, this article is the one for you, as we explore what happens when your building becomes the target of a hacker!

Here are a few fun facts to peruse through if your building happens to become a hacker’s playground:

    • All of your files are now garbage: $80,000.00 in lost time/revenue per tenant

      A virus spreads throughout a network like cancer through a body, injecting its code into every file. If somebody attempts to wipe the virus they would have to clean every file.

      Virus removal is extremely time consuming and challenging as providers have to ensure complete removal or there’s a chance it will re-emerge at a later time.

    • You hire an IT security contractor to retrieve lost files: $30,000.00/month/tenant

      Unfortunately, cleaning files typically on retrieves 30% of files on average – Meaning the remaining files must be recreated from old archives – Because you’ve been backing up files for years…

    • You get sued: +$2M

      Every lease is different, but in some leases it’s the owner’s responsibility to maintain the building automation. When it becomes the spring-board for a major hack chances are you’re going to get sued.

      To make matters worse, your Internet Security Insurance Policy won’t cover anything because your existing security didn’t meet minimum requirements – Sorry!

    • You lose tenants: $90,000/lost tenant

      Unlike common HVAC issues and comfort calls, network breaches carry much more backlash that stretch the limits of your tenant relationships – Which makes sense figuring you may have cost them hundreds of thousands of dollars.

Half of those reading write off articles like this as a “doomsday” scare tactic – The remainder think it will never happen to them.

Our advice? Have someone on your staff or a provider search for your building automation system on the Internet and see what you find. If you happen to come across your IP-address you need to hire an IT provider to put your building automation system behind a secure firewall.

  • Total costs to secure your system: $4,000.00 – 5,000.00
  • Total costs if you get hacked: $500,000 – $3,000,000.00
May the odds ever be in your favor!

My name is Zach Denning and I’m the CEO and owner of EnerDapt, Inc. We’ve developed an HVAC AI software platform that strengthens relationships between service providers and property management, while reducing operating costs 18-22%.  You can reach me at zdenning@enerdapt.com or visit our website at www.enerdapt.com