Data centers are facing a number of challenges with respect to reliability, availability, security or continuity of power supply. For this reason, first CENELEC and then ISO developed standards for confirming these key elements that guarantee "quality" in a Data Center.
EN 50600 and ISO/IEC 22237 certifications confirm that the level of DC security, availability and energy efficiency meets customer expectations.
ISO/IEC 22237 Information technology – Data centre facilities and infrastructures
Data centers house IT equipment, hardware, cabling and other network infrastructure for processing, storing and transporting data. External data centers are set up by network operators delivering their services to customers, while internal data centers are set up directly by companies themselves. Data centers must provide modular and flexible facilities and infrastructures to easily adapt to rapidly changing market requirements.
ISO/IEC 22237 is an international equivalent of the European EN 50600 and provides requirements and guidelines for data centers. ISO/IEC 22237 specifies guidelines for individual facilities and infrastructures, defines general concepts for the design and operation of data centers, includes an analysis of business risks and operating costs, as well as a system for classifying data centers in terms of availability, physical security and energy efficiency.
The ISO/IEC 22237 series provides requirements and guidelines to support the various parties involved in the operation of data center facilities and infrastructure. These parties include, but are not limited to: facility owners and managers, prime contractors, consultants, architects, system/installation designers, auditors, equipment suppliers, installers and maintainers.
The ISO/IEC 22237 series of requirements currently comprises 7 basic documents:
- ISO/IEC 22237-1 – General concepts
- ISO/IEC TS 22237-2 – Building construction
- ISO/IEC 22237-3 – Power distribution
- ISO/IEC 22237-4 – Environmental control
- ISO/IEC TS 22237-5 – Telecommunications cabling infrastructure
- ISO/IEC TS 22237-6 – Security systems
- ISO/IEC TS 22237-7 – Management and operational information
Parts: 1, 3 and 4 have already been published as international standards. The remaining documents, for the time being, are available as technical specifications (TS) and will be successively revised and published as international standards.
Relation to ISO/IEC 27001 and ISO/IEC 27002
ISO/IEC 22237 and the ISO/IEC 27000 family of standards complement each other. ISO/IEC 27001 focuses on the organizational and process level, while ISO/IEC 22237 requirements concentrate on the physical security of the data center. In addition, ISO/IEC 22237 specifies requirements for demonstrating compliance with ISO/IEC 27001 and ISO/IEC 27002 for data center powering, cooling and cabling.
ISO/IEC 22237 classification system
For the purposes of the ISO/IEC 22237 series, data center facilities and infrastructures are designated with respect to:
- Availability class – Based on the business risk analysis, 1 of 4 availability classes should be chosen for the following infrastructures: power supply, power distribution; environmental control; telecommunications cabling. High availability data centers (class 4) are among the most secure and state-of-the-art in the world.
Infrastructure: Availability class 1 Availability class 2 Availability class 3 Availability class 4 Power supply Single-path supply to the basic distribution equipment
Single sourceSingle-path supply to the basic distribution equipment
Redundant componentsMulti-path supply to the basic distribution equipment
Entire system redundantMulti-path supply to the basic distribution equipment
Multiple sourcesPower distribution Single-path Single-path with redundancy Multi-path with solutions for maintenance and operation Multi-path with failure-resistant solutions, except maintenance periods Environmental control Single-path Single-path with redundancy Multi-path with solutions for maintenance and operation Multi-path with failure-resistant solutions, except maintenance periods Telecommunications cabling Single-path
Direct connections or fixed infrastructure with a single connection of access networkSingle-path
Fixed infrastructure with multiple connections of access networkMulti-path
Fixed infrastructure with diversified paths with multiple connections of access networkMulti-path
Fixed infrastructure with diversified paths and redundant distribution zones and multiple connections of access network - Protection classes – Each data center space, regardless of its size or purpose, is designated as belonging to one of four classes of protection. The required protection classes must be identified for each of the physical security purposes, i.e. protection against:
- unauthorised access
- intrusion
- internal environmental events
- external environmental events.
- Energy efficiency rating – The energy efficiency level should be determined at the data center design stage. The desired energy efficiency level can be determined by means of:
- operational cost analysis
- resource and energy management processes
- choosing and applying one or more appropriate KPIs for resource management
- external regulatory or legislative requirements
- principles defined by the user.
Three levels of measurement detail have been defined:
- Level 1: a measuring system which provides simple global information for the entire data center
- Level 2: a measuring system, which provides detailed information on specific facilities and infrastructure in the data center
- Level 3: a measuring system, which provides detailed data for systems in the data center spaces.
EN 50600 Information technology – Data centre facilities and infrastructures
The European EN 50600 standard consists of a series of standards containing best practices for data centres, from design standards including power supply, cooling, telecommunications and security (including fire safety) up to operational and management standards, as well as recommendations for sustainability and energy reduction.
EN 50600 covers all areas related to the construction, operation and use of data centers and is therefore referred to in many guidelines, including the announcement by the Polish Financial Supervision Authority on cloud computing by supervised entities, or Resolution No. 97 of the Council of Ministers of September 11, 2019 on the "Common State IT Infrastructure" (WIIP) initiative.
The EN 50600 series of standards was developed by CENELEC (the European Committee for Electrotechnical Standardization) and subsequently recognized by the European Commission and EU member states. The Polish edition of the standard was published as PN-EN-50600.
Scope of EN 50600
The standard comprises four parts and includes the following:
Part 1: EN 50600-1 – General concepts
Part 2:
- EN 50600-2-1 – Building construction
- EN 50600-2-2 – Power supply and distribution
- EN 50600-2-3 – Environmental control
- EN 50600-2-4 – Telecommunications cabling infrastructure
- EN 50600-2-5 – Security systems.
Part 3: EN 50600-3-1 – Management and operational information
Part 4:
- EN 50600-4-1 – Overview and general requirements for key performance indicators
- EN 50600-4-2 – Power usage effectiveness
- EN 50600-4-3 – Renewable energy factor
- EN 50600-4-6 – Energy reuse factor
- EN 50600-4-7 – Cooling efficiency ratio.
Currently, certification is only possible according to part two and is referred to as design certification.
EN 50600 classification system
The standard defines:
- Four availability classes
Infrastructure: Availability class 1 Availability class 2 Availability class 3 Availability class 4 Power supply Single-path
No specific requirementsSingle-path
Redundancy of componentsMulti-path
Redundancy of systemsMulti-path
Fault tolerant even during maintenanceEnvironmental parameters No requirements Single-path
No requirements – no redundancySingle-path
Redundancy of componentsMulti-path
Redundancy of systems – allows maintenance during operationTelecommunications cabling Point-to-point single connections Single structural connections Multiple structural connections Multiple-path connections using diverse pathways - Four classes of security
- Three energy efficiency levels
Benefits of ISO/IEC 22237 and EN 50600 for data centers
- Reduced number of failures translates into reduced revenue loss and an unshakable reputation of DCs in the marketplace
- Lower energy consumption reduces costs and carbon footprint
- Customers of certified data centers can rely on quality tested to uniform standards worldwide
- The entire infrastructure is mapped in a single certificate, which simplifies DC comparability and provides a reliable basis for contracts
- Obtaining certification increases customer trust and translates into effective business contracts (certification is a key, non-financial factor in choosing a DC facility).
Comparison of ISO/IEC 22237 with EN 50600
The requirements of EN 50600 have been practically completely integrated into the international ISO/IEC 22237 standard, making it possible to plan, build and operate data centers worldwide based on uniform principles and proven quality.
Below, the two standards are compared.
| ISO/IEC 22237 family of standards | EN 50600 family of standards | Area |
| ISO/IEC 22237-1 | EN 50600-1 | General concepts |
| ISO/IEC TS 22237-2 | EN 50600-2-1 | Building construction |
| ISO/IEC 22237-3 | EN 50600-2-2 | Power supply and distribution |
| ISO/IEC 22237-4 | EN 50600-2-3 | Environmental control |
| ISO/IEC TS 22237-5 | EN 50600-2-4 | Telecommunications cabling infrastructure |
| ISO/IEC TS 22237-6 | EN 50600-2-5 | Safety and security systems |
| ISO/IEC TS 22237-7 | EN 50600-3-1 | Management and operational information |
How can SGS help?
We provide certification and compliance assessment services for ISO/IEC 22237 and EN 50600, as well as other standards and regulations regarding cybersecurity in all industries.