Data Center Certifications

As organizations move from on-premises data centers to cloud environments, choosing the right cloud services provider is vital. When evaluating potential providers, the certifications that they hold are an important consideration.

These certifications measure how well a data center can meet the needs of an organization. Industry standards like those from the Telecommunications Industry Association (TIA) and the Uptime Institute exist to assist in the design, construction and maintenance of data centers. This is important to businesses who rely on data center facilities to provide shared access to critical applications and data.

2021 Security Report Download Gartner Report

Data Center Certifications

Data center ownership varies from wholly owned and managed by a company to one owned and operated by a Managed Service Provider. When considering using a managed service, it’s important to understand what industry data center ratings mean and how data center audit processes work. Data center certifications like the TIA ANSI/TIA-942-B specification and Uptime Institute certifications outline requirements for data center architecture elements including:

 

  • Network architecture
  • Electrical design
  • Mechanical systems
  • System redundancy for electrical, mechanical and telecommunication
  • Fire safety
  • Physical security
  • Efficiency

 

For each of these components, a standard may define varying rating levels that a data center service provider may work to achieve. Within both the ANSI/TIA-942 and UI specifications, four different data center rating levels are defined as Tiers 1-4.

 

Tiers 1 and 2 are primarily intended for services providing off-site data storage without real-time data access, while Tiers 3 and 4 provide built-in redundancies designed to ensure real-time access to mission-critical services.

 

Tier 1 and 2 are mainly used for companies who do not want real time access to their data, are mainly used for off-site storage, while Tiers 3 and 4 have built-in redundancies to ensure real time access to mission critical services.

 

The four Tiers have the following requirements:

 

  • Basic Site (Tier 1): The data center has limited protection against physical events.
  • Redundant Capacity Component Site Infrastructure (Tier 2): The data center has redundant capacity components so that air handlers, generators, uninterruptible power supplies (UPS), and similar components can be shut down for maintenance or failure without affecting capacity. It also provides improved protection against physical events.
  • Concurrently Maintainable Site Infrastructure (Tier 3): The data center has redundant capacity components and multiple distribution paths that serve computer equipment. Concurrently maintainable means that capacity components and distribution paths can be removed/replaced/serviced without disrupting IT capabilities to the end user. This design provides protection against most physical events.
  • Fault Tolerant Site Infrastructure (Tier 4): At the highest level, a data center has redundant capacity components, multiple distribution paths to serve computer equipment, and protection against almost all physical events. It also is concurrently maintainable and fault tolerant, meaning that any single fault anywhere doesn’t cause downtime.

What To Look For in a Data Center Certification

While TIA and UI certifications have certain similarities, they also have their differences. When evaluating the certifications that a data center services provider holds, consider the following questions:

 

  • Is the certification current?
  • How much downtime can you tolerate?
  • Have they been audited for SSAE 16 in North America or ISAE 3402 in Europe, PCI DSS or HIPAA?
  • Do they meet or exceed your needs, i.e. how critical are your assets, are you paying for more than you need?

Other Relevant Data Center and Service Provider SLAs

UI and TIA are not the only certifications governing data center operations, especially if you’re considering outsourcing to a cloud service provider. Some other certifications that you may want to look for include:

 

  • LEED: One of the more popular green building certification programs.
  • PCI DSS: Requirements for safely processing, transmitting or storing cardholder data.
  • ISO 27000: Requirements for managing the security of intellectual property, employee details, financial data, or information provided by third parties.
  • ISO 9001: Criteria for quality management systems, including customer focus, the motivation of top management, the process approach, and consistent improvement.
  • SOC1 and SOC2: SOC1 ensures services are designed, operated and controlled effectively, while SOC2 is an audit of technology companies focused on 5 trust principles: security, processing integrity, availability, privacy and confidentiality.
  • Open IX: Self-regulated standards for data centers to support Internet Exchange Providers (IXPs)
  • NABERS: National Australian Built Environment Rating System (NABERS) measures the environmental performance of buildings including energy efficiency, carbon footprint, water usage, waste management and indoor environment quality.

Data Center Security Evaluations

When evaluating a data center service provider, data center security should also be a primary consideration. Data center security includes physical security (camera, access controls etc.) and digital security (data and the IT infrastructure). Additionally, as organizations are moving on-premises IT systems to cloud service providers, cloud infrastructures, cloud data storage and cloud applications, it’s important to maintain security during the migration.

 

Check Point is a trusted partner and can help with any of your data center needs. To learn more about how Check Point can help, you’re welcome to contact us.

Recommended Resources



×
  Feedback
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO