UL 3223: New Data Center Certification Standard introduced
Underwriters Laboratories (UL), a certification company in the field of safety engineering, introduced a new standard for assessing the reliability of data centers - UL 3223. It describes the criteria that compliance will allow data center owners to reduce the risk of enterprise malfunction. More information about the standard - we describe below.
/ photo Christina Xu CC
UL 3223 aims to ensure the reliability and security of the data center and contains parameters for evaluating key components of the IT infrastructure of companies. The developers of the standard note that it is applicable to both small firms and organizations with complex hybrid infrastructure.
')
Paul Schlattman (Paul Schlattman), senior vice president of ESD Consulting (the company that helped UL develop the standard), explains : “To prevent or mitigate the consequences of data center failures, providers need to eliminate the most common causes of their occurrence: problems with software, network downtime and server hardware failure. ”
It is assumed that UL 3223 will encourage the use of advanced technologies in data centers and will contribute to the optimization of infrastructure. At the same time, UL and ESD hope that the new standard will reduce the time for data center audits from several months to several weeks.
Certification is carried out voluntarily, but is valid for only one year. For the audit, from 10 to 12 people are sent to the data center, each of which checks the individual components of the data center. Evaluation subject to :
For successful certification , the following requirements must be met:
After the audit is completed, the team of auditors assesses the compliance of the data center with the mentioned criteria and marks the Pass or Fail. The standard does not imply any levels, the data center is either being tested or not. In case of failure, the regulations provide for the re-audit after making the necessary changes and correcting deficiencies.
/ photo NTNU CC
The first test for UL 3223 was QTS data center in Chicago. The object was examined by representatives of the companies UL and ESD Consulting. Nabon Marsico, Site Director of QTS Chicago, said that obtaining a certificate from UL allowed the data center to earn the trust of customers.
However, not everyone sees the point in certification for the new standard. Edward van Leent, CEO of EPI (which certifies the data center), believes that the new standard is not very different from the existing ones. In his opinion, UL 3223 evaluates the data center according to the same criteria as, for example, ANSI / TIA-942, ANSI / BICSI-002 or EN-50600.
In addition, van Leent is not sure about the advisability of inviting a large number of auditors (10-12 people). According to him, such an “army” can become a “nightmare” for any owner of the data center due to the cost of travel and accommodation. The validity period of the certificate also seems insufficient to van Leen: “to be audited once a year is too often” (compared to an ISO audit every 3 years). For these reasons, the expert recommended that UL join the development of already released standards, rather than create new ones.
Nevertheless, the UL plan to continue work on the standard. In the future, the company will add additional areas of verification related to training and accreditation of personnel, as well as categories of objects (depending on the purpose): cloud, state data centers, and so on. Moreover, for each category of data centers in UL they plan to develop separate technical requirements.
Underwriters Laboratories Inc. - company for standardization and certification in the field of safety engineering. The company's offices are located in 104 countries of the world, the main of which is in the United States. Underwriters Laboratories mainly issues standards related to the safety of equipment and materials.
PS What else do we write in the First blog about corporate IaaS:
PPS A couple of articles from the blog "IT-GRAD" on Habré:
/ photo Christina Xu CC
UL 3223 aims to ensure the reliability and security of the data center and contains parameters for evaluating key components of the IT infrastructure of companies. The developers of the standard note that it is applicable to both small firms and organizations with complex hybrid infrastructure.
')
Paul Schlattman (Paul Schlattman), senior vice president of ESD Consulting (the company that helped UL develop the standard), explains : “To prevent or mitigate the consequences of data center failures, providers need to eliminate the most common causes of their occurrence: problems with software, network downtime and server hardware failure. ”
It is assumed that UL 3223 will encourage the use of advanced technologies in data centers and will contribute to the optimization of infrastructure. At the same time, UL and ESD hope that the new standard will reduce the time for data center audits from several months to several weeks.
Data Center Evaluation Criteria
Certification is carried out voluntarily, but is valid for only one year. For the audit, from 10 to 12 people are sent to the data center, each of which checks the individual components of the data center. Evaluation subject to :
- Structural and architectural features of the building;
- Key infrastructure facilities (ventilation, water supply, sewage, etc.);
- Fire protection systems;
- Control systems;
- Network and communication systems;
- Security systems;
- Certificates of installed equipment and acts of putting it into operation.
For successful certification , the following requirements must be met:
- Repair and maintenance of all infrastructure components should be carried out without any downtime.
- Critical data center support systems must have an optimal (for their tasks) level of reliability due to redundancy schemes: 2N or N + 1.
- Compliance with the requirements for the physical protection of engine rooms (fire protection, security and video surveillance), including those related to personnel access (use of biometric cards, key cards, etc.), is required.
- The data center should have a PUE not higher than 1.5 and use free-cooling systems.
- To pass the certification, already working data centers must submit acts on the commissioning of all systems, and new ones - to invite a representative of the certifying organization to the first launch of data center systems.
After the audit is completed, the team of auditors assesses the compliance of the data center with the mentioned criteria and marks the Pass or Fail. The standard does not imply any levels, the data center is either being tested or not. In case of failure, the regulations provide for the re-audit after making the necessary changes and correcting deficiencies.
/ photo NTNU CC
Industry opinion on the standard
The first test for UL 3223 was QTS data center in Chicago. The object was examined by representatives of the companies UL and ESD Consulting. Nabon Marsico, Site Director of QTS Chicago, said that obtaining a certificate from UL allowed the data center to earn the trust of customers.
However, not everyone sees the point in certification for the new standard. Edward van Leent, CEO of EPI (which certifies the data center), believes that the new standard is not very different from the existing ones. In his opinion, UL 3223 evaluates the data center according to the same criteria as, for example, ANSI / TIA-942, ANSI / BICSI-002 or EN-50600.
In addition, van Leent is not sure about the advisability of inviting a large number of auditors (10-12 people). According to him, such an “army” can become a “nightmare” for any owner of the data center due to the cost of travel and accommodation. The validity period of the certificate also seems insufficient to van Leen: “to be audited once a year is too often” (compared to an ISO audit every 3 years). For these reasons, the expert recommended that UL join the development of already released standards, rather than create new ones.
Nevertheless, the UL plan to continue work on the standard. In the future, the company will add additional areas of verification related to training and accreditation of personnel, as well as categories of objects (depending on the purpose): cloud, state data centers, and so on. Moreover, for each category of data centers in UL they plan to develop separate technical requirements.
About Underwriters Laboratories
Underwriters Laboratories Inc. - company for standardization and certification in the field of safety engineering. The company's offices are located in 104 countries of the world, the main of which is in the United States. Underwriters Laboratories mainly issues standards related to the safety of equipment and materials.
PS What else do we write in the First blog about corporate IaaS:
- PCI DSS Certification: Frequently Asked Questions
- Choosing a cloud PCI DSS hosting service: what to look for
- Pitfalls for PCI DSS certification: CVV and telephone recording
PPS A couple of articles from the blog "IT-GRAD" on Habré:
Source: https://habr.com/ru/post/353124/
All Articles