Datacenter Star Audit

In addition to attesting security, the DCSA has the overriding goal of creating more transparency in the market and making the services of the data centers comparable with one another through a clear design. When selecting the test criteria, it is based on questions that potential customers put to the data center in their tenders .

A benchmark situation is sought for the data center operator, which offers the possibility of comparison with other operators and the corresponding detection and elimination of their own weak points .

Versions

The certification was first presented in March 2005 at CeBIT .

An extensive revision of the audit (DCSA 2.0) took place on October 1, 2009. The basic focus on the four main categories of technology , buildings, processes and personnel was retained. A consistent shell model was used as a basis for questions of building security, from securing the outdoor system to access to the individual racks .

In addition , protection zones are defined and checked , from the environment ( hazardous substances , floods, etc.) to the spatial conditions for the technology and fire protection systems. In the field of technology, the granularity of the details considered is increased. Redundancies are not only measured internally, but also based on the number of available electricity providers and the connected substations .

Version 2.0 introduced different weighting criteria for colocation and hosting providers as well as self-operators. Technical advancements, e.g. B. in the area of ​​fire protection (Oxyreduct, Permatec) have been incorporated into a revised questionnaire.

Version 3.0 of the DCSA has been available since summer 2013, and in particular the “Green Special Star” was added, which is awarded for special energy efficiency .

Test criteria

The auditing is carried out using a questionnaire ( Request for Information ). Certified auditors check the information in the questionnaire through an on-site inspection. When evaluating the tested criteria, the auditors are closely tied to the Guide for Inspection developed by eco . This document specifies which facts are to be checked and how the certification results recorded for these facts are to be assessed. The questionnaire includes the following criteria areas:

Degree of fulfillment

The results from the verified questionnaire and on-site inspection are incorporated into the DCSA evaluation mechanism. There is a fixed and objective classification in a point system. Each category and sub-category is weighted differently using a key. According to the determined degree of performance (%), the result can be assigned to one of the five degrees of fulfillment (DC Stars).

Degree of fulfillment 1 ★

Degree of fulfillment 2 ★★

Deviating from 1 ★ (deviations in italics ):

• 8 min. Bridging time to shut down the operating systems
• Minimal physical access protection with intellectual identification (steel doors / security locks / windowless room or secured windows) and an alarm / burglar protection
• Stable network connection ( 2 providers, 2 independent network feeds)
• Observation period 1 year:
  • Limited operation due to maintenance, 2 downtimes over 12 hours
  • Data center availability: 99.671  % per year, annual downtime 28.8 hours
  • 2–3 failures per year with 4 hours of downtime each

Degree of fulfillment 3 ★★★

Deviating from 2 ★★ (deviations in italics ):

• Redundant power supply ( n + 1 )
• Diesel generator
• Cooling power: 430–800 W / m²
• Process of user-related authentication ( biometrics or intellectual identification feature)
• ITIL process maturity level 2 (mostly documented and based on the ITIL model)
• Physical access protection with logging (steel doors / security locks / windowless room or secured windows) and alarm / burglar protection
• Observation period 2 years:
  • Limited operation due to maintenance, 3 downtimes over 12 hours
  • Data center availability: 99.671% per year, annual downtime 22 hours
  • 2 with 4 hours of downtime each

Degree of fulfillment 4 ★★★★

Deviating from 3 ★★★ (deviations in italics ):

• Simple air conditioning (n + 1) + UPS connection
• Redundant power supply (n + 1) and 2 house path entries
• Heat dissipation: 430- 1400 W / m²
• Access to the data center via at least 2 door systems
• Observation period 5 years:
  • Limited operation due to maintenance, 2 downtimes over 4 hours
  • Data center availability: 99.982  % per year, annual downtime 1.6 hours

Degree of fulfillment 5 ★★★★★

• Simple air conditioning ( redundancy (technology) # subdivision of the redundancy design n + 2 ) + UPS connection (n + 1)
• Redundant power supply (n + 2) and 2 house routes (n + 2 can be implemented in terms of interconnection through proven service level agreements )
• 2 diesel generators
• Uninterruptible power supply (smoothed quality current, overvoltage protection etc.) designed with (n + 1) minimum
• 20 min. Bridging time to shut down the operating systems
• Devices for detection (smoke detectors) and fire fighting (fire extinguishers), smoke aspiration system
• Several fire compartments in the data center are necessary
• Cooling performance: > = 1500 W / m²
• Isolation system (customer access) or lock system
• ITIL process maturity level 4 (fully documented and based on the ITIL model)
• ISO 27001 , ISO 20000 , ISO 9001
• Stable network connection ( 5 providers, 2 independent network feeds)
• Double supply routes
• Observation period 5 years:
  • No restricted operation due to maintenance
  • Data center availability: 99.991  % per year, annual downtime 0.8 hours
  • 1 failure with a maximum of 4 hours of downtime