Due to the confusing landscape of data centre certifications globally, the Data Centre Alliance has, since 2015, provided an independent certification based upon the EN50600 series, the EUCOC and recognised best practices. John Booth, Chairman of the Data Centre Alliance – Energy Efficiency steering committee, explains the status of data centre certification.
What is certification?
The global data centre sector is critical to the modern world. Virtually all our lives are impacted by the use of Information and Communications Technology (ICT). We use it for banking, commerce, health, navigation, news gathering and consumption entertainment, travel – almost every aspect of life is now inextricably linked in some way with a data centre and yet it is an almost hidden part of the human ecosystem.
A data centre is a system of systems which process, store and transmit data around the world, supported by electro-mechanical equipment that uses vast amounts of energy, both during construction and final use. They are complex to build and operate. Every organisation will have a data centre in some form – they are critical to our modern lives.
It is surprising then, that given their criticality to the modern world, there is not a minimum legislation or regulation (for both the facility and the personnel who work within them) to ensure that the facility can remain available for use 24 hours a day, seven days a week and 365 days a year.
The reasons for this are historical. Most enterprise data centres (owned and operated by the same organisation) have total control of their own facilities and it is within the remit of the senior management team and board to shape the service wrap around the data centre and provide the funding to ensure that the data centre continues to support the business. The notion of becoming certified by an external body is seen as something to be feared. Data centre managers are scared that the audit will highlight shortcomings in their own management or skills, poor onboarding processes or a lack of routine maintenance etc.
The same applies to colocation facilities, there is some level of arrogance within the professional classes that their facility is better managed than enterprises, because they are ‘professional’ – it is their business and they are good at it, and mostly they are correct.
However, there is now a growing external need for both types of organisations to seek external accreditation to provide comfort to customers that the facility has been designed and is operated to provide the extremely high services levels the public demand for their ICT systems and this applies to business and consumer customers.
So, what accreditation should a data centre (enterprise or colocation facility) be certified to?
Surprisingly enough, the notion of a global data centre certification programme is a relatively recent concept. Prior to this date, the only real certification that a data centre could seek to be compliant with was a US private companies grading system.
It wasn’t until 2010 that a truly comprehensive multi-disciplined data centre standard was started by the European Committee for Standardisation, the European Committee for Electrotechnical Standardisation and the European Telecommunications Standards Institute also known as CEN/CENELEC/ETSI with the EN50600 standard.
There had been other certifications such as the US Telecommunications Industry Association with their TIA942-A, although this was primarily focused on the network cabling topologies, with only brief details on the electro-mechanical elements.
There was also the EU Code of Conduct for Data Centres (Energy Efficiency) aka EUCOC and its focus was clear, based on the forecast that data centres in Europe would use some 104TWh of electricity in 2020, from a baseline of 56TWh in 2007.
Using the EUCOC and KPI Metrics developed by the Green Grid, the Certified Energy Efficient Data Centre Award (CEEDA) has assessed over 60 Data Centres globally since 2011. A list can be accessed online at ceedacert.com
There are of course other International Organisation for Standardisation (ISO) management standards that data centres can be certified to, such as the ISO9001 Quality Management, ISO14001 Environmental Management, ISO22301 Business Continuity, ISO27001 Information Security and finally ISO50001 Energy Management.
These require a rigorous assessment of the who, what, where and how you conduct business in these areas, they take approximately six to 12 months to implement, depending on the size of the organisation and require day to day management, the costs to implement each standard is variable and depends on the size of the organisation and the complexity of the management system
The EN50600 series is under continual development but the core standards have been published and some are in their 2nd edition, the full suite is as follows:
EN50600-1 – General concepts
EN50600-2-1 Building construction
EN50600-2-2 Power distribution and supply
EN50600-2-3 Environmental control
EN50600-2-4 Telecommunications cabling infrastructure
EN50600-2-5 Security systems
EN50600-3-1 Management and operational information
There are also the EN50600-4-X series which relate to data centres’ key performance indicators (KPI’s) covering PUE, REF and others.
There are also three technical reports (TR’s) covering energy efficiency, TR99-1 and Sustainability (TR99-2) and guidance (TR99-3)
These standards have ‘conformance’ sections and it is possible to be assessed using these criteria but the official stance of CEN/CENELEC/ETSI is that there is no official certification programme authorised by them, but that they recognise that there are external certification bodies that can provide a certificate that states that the conformance criteria have been met, their recommendation is that if you seek to be certified then your certifying body should be themselves assessed to ISO17021 and ISO17065 and be a member of an official national accreditation service. In the UK this body is United Kingdom Accreditation Service (UKAS).
Due to the confusing landscape of data centre certifications globally, the Data Centre Alliance has, since 2015, provided an independent certification based upon the EN50600 series, the EUCOC and some additional requirements. This is explained in more detail below:
The objectives of the DCA certification programme
The purpose of the DCA certification scheme exists to provide an industry led, widely adopted recognition of a data centre’s designed purpose, its operational integrity, energy efficiency practices and site access security.
These four pillars represent the focus area for users and customers of colocation, hosting and outsourcing service providers. The programme ultimately aims to improve decision making and reassure consumers and stakeholders of a data centre’s ability to meet its business role in terms of reliability, environmental impact and management culture.
The aim of the DCA certification scheme is to maintain and deliver a scheme which is:
· Independent – The customer may select the firm of their choice to carry out and coordinate their data centre certification application. The firm chosen must be pre-approved by the DCA which has been supplied with the required information and tools to participate in the scheme.
The DCA uses its own staff and an ‘Accreditation Board’ of individuals who are free of any (real or perceived) conflicts of interest with data centre industry vendors, owners or operators to deliver certification services.
· Affordable – The DCA is a non-profit trade association and will charge a fixed rate designed to cover the administration as scheme owners. Pre-auditing assessment work is carried out by pre-approved assessors and the final review and award of certification is carried out by a UKAS approved certification body.
· Unified – The DCA certification scheme aims to unify and align to industry recognised best practices such as the EU Code of Conduct and the European EN50600 Suite of Standards. The DCA scheme aims to provide unbiased industry wide clarity to minimise subjectivity and by so doing ensure the industry forges a more trusted relationships with data centre customers and wider community of digital service users, financers and policy makers.
The DCA certification scheme is not designed to replace a customer’s tendering process or recreate or replace any recognised international or regional standards, as it is recognised that the customer’s needs are unique in virtually every case. Nor can the DCA certification scheme guarantee that un-planned outages will not still take place; however, to mitigate the risk, the DCA certification scheme will provide the customer with clear identification of the resilience goal and an assurance that this resilience goal is backed up by a valid strategy that is deployed and maintained through a process of independent inspections and annual surveillance checks by a third party internationally recognised and approved certification body.
Conclusion
In conclusion, all standards are voluntary but, if implemented, should provide any customer with a level of reassurance and comfort that their equipment and data is being kept safe and secure in a mission critical environment, together with all the policies, processes and procedures to ensure that in an emergency situation, systems remain available.
We, at the DCA, believe that some sort of regulation is inevitable. It may be at national level or wider, but it is coming and it is better to prepare now and have all the elements in place. The DCA certification has been designed to comply fully with the CEN/CENELEC/ETSI requirements and we recommend that all data centre operators consider the certification.