compliance for data center, Compliance policies and procedures followed in data centers, policies and procedures in data center, standards in data center, data center standard policies
Compliance policies and procedures followed in data centers
1. Compliance policies and procedures followed in data centers
Along with the growth of information technology the amount of data accumulated is
also rapidly grown. The biggest threat that existing on these days is to make sure
these data are secure. In order to make sure the high availability of data without
cyber any attack or loosing chances it’s necessary to take necessary steps in every
possible ways.
Compliance typically involves adherence to standards set by government regulatory
agencies. There are a significant number of regulations in effect worldwide related to
protecting private and sensitive data. For many businesses, regulatory compliance is
a topic that simply cannot be ignored. Handling confidential customer data in all its
varied forms has become a routine, even essential, task in almost every industry, and
companies that ignore the legal obligations they have to keep that data secure do so
at significant peril. In 2018, for instance, the health insurance giant Anthem Inc.
was fined a record $16 million by the US government for failing to comply fully with
HIPAA standards in the wake of the data breach that occurred in December 2014-
January 2015.
Have you ever thought where does all these data are existing? Simply we may say on
internet or in any applications that you are using. Let’s take the example of
Facebook, we are all having a Facebook account and many things related to us is
2. available(photos, videos, personal information etc)on Facebook. You can see all
these data from anywhere in the part of world just with an internet connection.
There is a massive IT infrastructure is available in background to support your
activity. Where does these IT infrastructures existing? The answer is nothing but on
data centers. The biggest security threat that can affect your data is nothing but the
insecurities in a location where it resides. Now you can imaging the necessity of
complying with policies, procedures and standards in a data center.
For a data center, providing compliance assurances is a matter of transparency and
security. By providing infrastructure that meets compliance standards for data
security, a facility can help their customers to better mitigate business risks and
enhance reporting procedures. The best facilities build their infrastructure from the
ground up with compliance in mind rather than viewing it as a “bolt-on” service to be
incorporated after the fact. Some are focused on protection of specific industry
information, where others are more concerned with proper disclosure of data loss
incidents and general privacy attributes. Most of today’s standards and compliance
regulations are concerned largely with the protection of private data at rest, during
transactions, and while it traverses network connections.
The compliance rules and regulations within a data center environment can be based
on two things which are,
• Data related
• Non-Data related
What does it mean is Remember these two terms where we will segregate different
compliance standards based on this two types.
There are three things which are said to be the pillars of compliance and namely
• Codes & Regulations - These are usually enforced by national law and
compliance is mandatory.
3. • National/International standards – This is an agreed set of minimum
requirements, conformance with which ensures quality and operational
performance.
• Industry guidelines and best practices – Commonly published by
manufactures to describe installation procedures for equipment. Have also
been published to describe process in the absence of an appropriate standard.
Let’s have a deep look into each of these pillars.
4. Codes & Regulations
Codes and regulations are usually enforced by national law and compliance is
mandatory. We know that the laws has to be obeyed by every citizens without any
exceptions. Depending on the region where data centers resides there will be
regulations law by government entities which is mandatory to be followed. Laws are
usually created to protect,
• The safety and health of people
• The rights and freedoms of individuals
• National infrastructure
• National security
• Personal data
And many more things. Some of the codes and regulations within the data centre
you are governed by is as below,
If anybody would like to know more about above codes and standard, do let me
know and I can catchup more details for you.
5. National/International standards
What is a standard? A standard is a published document that contains a technical
specification or other precise criteria designed to be used consistently as a rule,
guideline or definition. In simple standards are designed for voluntary use and do not
impose any regulations. However, laws and regulations may refer to certain
standards and make compliance with them compulsory.
So in a data center we would have international standards, national standards and
regional standards. But as you know adoption of all standards is not compulsory
unless they are mandated in contract. Let me give you an example, when you are a
data center co-location provider and one of the health customer want to lease the
space. It is a standard that the data center should follow the Health Insurance
Portability and Accountability Act (HIPAA) when they want to lease the space for this
health related customer. As you can see this is just a standard and it’s not necessary
for data center to operate. They can still lease their co-location space to customers
of other industry without any issues. But following HIPPA standard will become part
of a regulation law when you want to host the data of this health industry based
customer.
Always remember that your regional and national standards are having higher
priority than international standards. Because the regional standards will be defined
by understanding local conditions whereas international standards are general.
Some of the major international initiatives for standardizations are ISO(International
organization for standardization), BSI(British standards), CENELEC (French: Comité
Européen de Normalisation Électrotechnique; English: European Committee for
Electrotechnical Standardization), ANSI(American National Standards Institute) and
TIA(Telecommunications Industries Association).Some of the data center specific
standardization by these bodies are as below,
• BS EN 50600 – Information Technology- Data center facilities and
infrastructure.
6. • BS EN 50173-5 - Information Technology-Generic cabling systems
• BSEN 50174-2 - Information Technology-cabling installation
• TIA 942- Telecommunications Infrastructure Standard for Data centers
• ISO/IEC 24764 – Information Technology-Generic cabling systems for data
centers.
• ANSI/BICSI 002 – Data center design and implementation best practices.
• ANSI/ASHRE standard 90.4-2016 standard for data centers.
Industry guidelines and best practices
There are many organizations that contribute to the data center industry through
the publication of industry best practices and codes of conduct. They do provide the
certifications also based on their criteria which is considered as a standard measures
to prove the operation, design and facilities capabilities.
7. Some of the bodies who provides the guidelines for data centers are as following,
- Uptime institute – Provides guidelines for improving the performance ,
efficiency and reliability through innovation, collaboration and independent
certification.
- European Commission – In 2007 EU has developed a code of conduct in
response to the increasing energy consumption in data centers and need to
reduce the related environmental, economic and energy supply security
impacts.
- US Department of energy – They have partnered with industry to create the
data center energy practitioner program. It is reinforced proven best practices
as well as introduce new tools and techniques in key areas such as IT
department, air management, cooling systems and electrical systems.
- The Green Grid – The green grid association is a non-profit, open industry
consortium of information and communications technology(ICT) industry end
users, policy makers, technology providers, facility architects and utility
companies that works to improve IT and data center resource efficiency
around the world.
8. - BREEAM – It’s an international scheme that provides independent third party
certification of the assessment for sustainability performance of individual
buildings, communities and infrastructure projects.
- U.S Green building council – They have developed the national certification
for leadership in energy and environmental design(LEED) to encourage the
construction of energy and resource efficient buildings that are healthy to live
in.
As a summary of this article we have discussed the necessity of compliance at data
centers and various ways that data is protected through data center facilities.
9. Have a comment or points to be reviewed? Knowledge is power let’s grow
together. Feel free to comment.