A quick and concise guide to selecting a co-location provider in 2020
With so many data center co-location providers to choose from, how can customers quickly evaluate which colocation providers are meeting the performance standards and risk tolerance level acceptable by the business? A search on the internet returns a long list of articles recommending questions to ask your colocation provider.
They range from 5 questions to 25 or more, and their approaches are vastly different whereby if we combine them into one checklist, we would end up with hundreds of questions, adding even more confusion instead of providing clarity.
Some checklists are written by colocation providers which could present the risk of conflict of interest as they could potentially be biased to the provider who wrote the “checklist” leading to the provider miraculously meeting all the requirements listed while their competitors fail to tick all the boxes.
In this editorial, we will provide a simple guide with questions which are vendor-neutral, and could have a profound impact on your business.
Selecting a colocation provider boils down to three key areas – the physical data center facility, how they run the operations with competent/certified staff, and compliance with required and desired standards.
The problem is that colocation providers use a lot of technical jargon and diverse descriptions to impress customers and sell their services.
This creates a problem for the customers/clients where they cannot evaluate/benchmark the different colocation providers without a standard baseline.
So, what are the benchmarks?
# 1 | Data Center Facility
Firstly, let’s look at benchmarks for the data center facility.
- What are the available data center facility benchmarks?
There are currently four well-known rating systems (standards and guidelines) in the market – ANSI/TIA-942 standard, BISCI-002 standard, EN-50600/ISO-TS-22237 standard, and the Uptime Institute Tier guideline.
- Which standards cover all critical areas required of a colocation facility?
In a colocation facility, there are in total 10 critical areas – electrical, mechanical, architectural, telecom, site location, (fire) safety, physical security, maintenance, and monitoring.
Only three standards meet this criterion, the ANSI/TIA-942, BICSI-002, and the EN-50600/ISO-TS-22237. The Uptime Institute Tier guideline only covers electrical and mechanical systems.
- Do the standards have regulated/accredited assessment schemes?
It is important to ensure that a chosen standard has an audit/certification process which is regulated. Without regulations and oversight, one cannot evaluate the competence of the auditors nor the authorisation, quality and processes of the certificate issuing company.
A regulated assessment scheme will provide validation of the competences of the auditors where it requires the auditors to be trained and qualified for the relevant version of the standard, and the conformity certificate to be issued by an accredited certification body.
Currently, only ANSI/TIA-942 standard has a regulated assessment scheme.
- What is the certified rating level of the data center facility?
The standards each have their own rating levels and are ranging from level 1 to 4. For example, the ANSI/TIA-942 certification scheme has 4 rating levels, anyone with a level 1 rating has basic site infrastructure, level-2 rated sites include the redundant capacity component, level-3 rated facilities are concurrently maintainable, and level-4 rated facilities offer full fault-tolerant site infrastructure.
For more information about the rating levels, refer to www.tia-942.org (link http://www.tia-942.org/content/162/289/About_Data_Centers). BICSI-002 uses the term Class ranging from F0 to F4. EN-50600/ISO-TS-22237 also uses the term Class with ratings of 1 to 4 aligned in terms of definition with TIA-942.
- Is the data center certified for design or facility?
It is important to ensure that the physical facility of a data center is certified, and not its design. There is a certain element of risk if only the design is certified because, during the build, certain part(s) of the facility might have been changed or adapted, increasing the risk level of the data center’s final build.
Unfortunately, there are quite a few data center co-location providers who only undertake design certification. This is highly questionable and leaves customers potentially at great risk as there is no guarantee that the design used for the certification conforms with the built of the physical data center.
- Is the conformity certificate still valid and did they complete the surveillance audits?
Certificates issued following proper accreditation schemes as imposed by ISO have a 3-year validity. However, this validity is only legitimate if, during the 3-year period, the data center undertakes the required yearly surveillance audits. Co-location providers might make changes to their facilities during the course of business. The surveillance audits will validate whether or not the data center still conforms to the rated level it was originally audited for.
# 2 | Data center operations
Even if a data center facility has been built to the highest resilience level, failing to manage its operational processes and maintenance might cause the data center to accrue unknown risks due to human error. Therefore, in this section, we will review the benchmarks for data center operations, which are just as important as the facility itself.
- What are the available data center operations benchmarks?
There are currently 3 quality benchmarks that are more specifically written for data center operations compared to the more generic ISO standards such as ISO-9001, ISO-27001, etc. These are DCOS, EN-50600/ISO-TS-22237, and Uptime M&O Stamp of Approval.
- Which benchmarks have publicly available audit criteria?
Transparency is a key criterion to look for. A benchmark that is transparent is paramount because one would want to know what criteria are being evaluated and how the auditors derived the audit outcome. Only DCOS and EN-50600/ISO-TS-22237 have publicly available audit criteria.
- Which benchmarks cover the complete critical areas of data center operations?
Only DCOS covers the complete operational domains of the data center.
- Does the standard allow for progressive improvements and assign different weights based on business considerations?
DCOS allows for weight-based benchmarking with the aim of progressive improvements based on an ISO process maturity model. The others only have a pass/fail criterion.
# 3 | Compliance with required standards
Every data center type has to comply with a range of codes and standards. Some of these standards are code compliances, which means, they are regulatory standards which a data center must comply with.
A good example is the code used when dealing with water treatment to avoid legionnaires disease in mechanical installations.
There may also be specific requirements based on the industry the data center is serving.
For example, a data center that has credit card processing facilities is required to comply with PCI-DSS. Other compulsory standards may apply to data handling, data residency, and data privacy as well.
- WatchGuard Passport bundle protects remote workers from cybersecurity threats, wherever they are
- Complex regulations and evolving digital payment landscape require financial services to rethink eKYC
- Protecting the humans in the business makes business sense: Aussie cybersec today
- Announcing the all-online Cisco Live Virtual Event APJC
- The data center is thriving and still powering the APAC enterprise: why?