Explaining the new family of ISO Data Centre Standards

Barry Elliott, director at Capitoline, unpacks the nine families of ISO standards that look at data centre requirements

For many years we have been relying on Telecommunications Cabling Standards to guide us in data centre design. Some of these such as EN 50173-5 Information technology – Generic cabling systems – Part 5: Data centres make no mention of power and cooling systems, and others such as TIA942 Telecommunications Infrastructure Standard for Data Centers discuss power and cooling infrastructure but mainly in the appendices which are “Informative Only” and not actually part of the requirements of the standard.

There is the commercially promoted document from The Uptime Institute which helpfully focuses on power and cooling, sustainability and resiliency. But it was refreshing when the EN 50600 Series of data centre standards was published back in 2014. The EN50600 family now provides comprehensive coverage for best practice for data centres from design standards including Power, Cooling, Telecommunications and Security (including security against Fire) to Operations and Management standards and even recommendations for energy use reduction and sustainability.

Global standards

The EN 50600 Series of standards are developed by CENELEC, the European Committee for Electrotechnical Standardization and the European Union’s principal electrical standards authority.

You might assume that because this is a European standard its application is confined to European data centres. However, the principles of design and management of data centres are the same wherever you are. Also, the European standards are less prescriptive than other national standards as they need to work for all of the many different European nations. This means that the key elements of these standards can be applied globally.

It is because of this that ISO, the International Standards Organisation, has published many of the EN 50600 series documents as Technical Specifications. This is the first step in the development of a full ISO Data Centre Standard.

Currently, the following ISO Technical Specifications have been published;

• ISO/IEC TS 22237-1:2018 — Data centre facilities and infrastructures — Part 1: General concepts
• ISO/IEC TS 22237-2:2018 — Data centre facilities and infrastructures — Part 2: Building construction
• ISO/IEC TS 22237-3:2018 — Data centre facilities and infrastructures — Part 3: Power distribution
• ISO/IEC TS 22237-4:2018 — Data centre facilities and infrastructures — Part 4: Environmental control
• ISO/IEC TS 22237-5:2018 — Data centre facilities and infrastructures — Part 5: Telecommunications cabling infrastructure
• ISO/IEC TS 22237-6:2018 — Data centre facilities and infrastructures — Part 6: Security systems
• ISO/IEC TS 22237-7:2018 — Data centre facilities and infrastructures — Part 7: Management and operational information

At the time of writing, the ISO/IEC TS 22237 documents are direct copies of EN50600 documents of the same title but they are currently in the ‘CD’ stage or Committee Draft stage from which they will become full ISO/IEC standards and will take on their own character and personality. One example of this is ISO/IEC 22237-40 which looks at earthquake risk analysis for data centres.

ISO is also looking at data centre energy metrics in detail and for this we have ISO/IEC 30134 Data centres — Key performance indicators. For the first time then we have an agreed ISO standard on what terms such as PUE, Power Usage Effectiveness, really mean. This standard also covers nine KPIs in total to include parameters such as Energy Re-use Factor (ERF)  and Water Usage Effectiveness (WUE). It also looks at IT efficiency metrics such as IT Equipment Utilization for Servers (ITEU_SV).

Happy family

Altogether there now nine families of ISO standards that look at data centre requirements including ISO 11801 which specifically looks at structured cabling for data centres. There is also ISO/IEC CD TR 21897.2 which looks at the relationship between data centres and the ISO 52000 standards for energy performance of buildings.

The ISO/IEC family of standards is without doubt becoming the largest repository in the world for best practice in data centre design and management but it is also worth considering how these specialised standard fit in with more generic management standards. By this I specifically mean ISO 9000 and ISO 27000 families.

ISO 9000 is the generic management standard that can apply to any kind of organisation. It has a lot to say about the management of documentation which is a major problem in many of the data centres we audit.

ISO 27000 is a family of information security standards. Many data centres quote their certification to ISO 27001 and believe that covers them for all facilities management circumstances, but this is not the case. ISO 27001 and its partner ISO 27002 Security techniques — Code of practice for information security controls, ask some very basic questions about power, cooling and cabling reequipments within a data centre.

Two such questions are Supporting utilities – Equipment shall be protected from power failures and other disruptions caused by failures in supporting utilities. Also, Availability of information processing facilities – Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements.

How on earth do you prove these two requirements, apart from just ticking a compliance box?  The answer is ISO/IEC 22237. Parts one to eight contain everything a data centre manager needs to know to demonstrate compliance to ISO 27001.

ISO/IEC 22237 has an availability rating system of Classes one to four, which are analogous to Tiers and Ratings in other standards. A Class 3 or 4 rating would demonstrate the availability and redundancy requirements of ISO 270001.

• Barry Elliott is Director at Capitoline data centre consultancy