KÜS in general:
The "Motor Vehicle Monitoring Organization of Freelance Motor Vehicle Experts" (in German KÜS) contributes to safety on German roads nationwide. In the field of legally regulated vehicle monitoring with regular examinations and appraisals of motor vehicles, in the field of accident prevention and occupational safety, the engineers of the KÜS are always concerned with the highest quality.
In line with this corporate philosophy, KÜS DATA GmbH, as the IT service provider of the KÜS testing organization, must always meet the highest standards.
IT must be secure!
Information technology is the pillar of companies. The success of a business or company is fundamentally dependent on its fault-free and, above all, permanent functionality.
KÜS DATA GmbH can make a valuable contribution to IT security in your company. It stands for competent, individual, target-oriented and highly effective solutions!
Not least because, as a colocation provider, KÜS DATA also wants to make this quality available to external customers. For them, the highest requirements apply to the quality and security of the structural and technical components used, and they achieve this with a round-the-clock service for monitoring the systems.
For this reason, those responsible decided early on to use EN 50600 as the basis for planning and building the new data center in Losheim.
Meaning of EN 50600
For the first time, EN 50600 provides a generally recognized standard for the planning, construction, management and operation of data centers that is valid throughout Europe. The topics of availability, protection requirements and energy efficiency of data centers are regulated here for the first time uniformly and according to the current state of the art. The previous contradictions between different data center certifications and guidelines are now a thing of the past. For the first time, EN 50600 comprehensively covers all data center-relevant infrastructure topics in one standard: from building construction (part 2-3), power supply (part 2-2) and air conditioning technology (2-3) to telecommunications cabling (part 2-4) and security technology (part 2-5). The subsequent operation with the associated key figures for monitoring the data center is also uniformly regulated in parts 3 and 4 of EN 50600.
Experiences during the implementation
The process:
The process began with a detailed risk analysis. In addition to the standard event risk analysis for the new data center location, our consultants also conducted a comprehensive business risk analysis. First, the external and internal risks with their concrete effects on KÜS DATA's business operations were examined and mapped here. Among other things, the business risk analysis was based on ISO 27001.
The result was a comprehensive risk matrix showing the probability of occurrence and the corresponding extent of damage for over 25 different potential threats. Among other things, the probability of a fire in the data center environment was determined, along with the resulting downtime costs for IT.
A failure of the IT components has a massive impact on the work of KÜS. A standstill of the processes would be the consequence. The strong integration of IT into all business processes necessitates the need for absolute security and availability of the IT systems.
Based on this risk analysis, the availability class (VK), the protection requirement (protection class, SK) and the granularity level (GN) for energy efficiency were then defined. The VK3, SK4 and GN3 data center categories were selected as the planning basis for the new data center building at KÜS DATA. In the subsequent planning and implementation during construction, the Data Center Group was guided by the various requirements of EN 50600 in the individual areas of building construction, power supply, cooling, telecommunications cabling and security systems (parts 2-1 to 2-5). The fact that the Data Center Group and the client KÜS DATA proceeded in a structured manner on the basis of the standard specifications was a significant advantage in their coordination.
The audit according to EN 50600 by the certification body of DIQ Zert GmbH was an essential part of the final acceptance of the data center construction. The audit itself took a total of just under four weeks, including two days of intensive on-site testing. With the necessary rework for various deviations, a greater effort was again associated, in total about 5 months until the award of the certificate.
Challenges and opportunities:
Planning and building the first data center in accordance with EN 50600 was a major challenge, since no data center previously existed that was certified in accordance with EN 50600-1 and -2. Bringing the business risk analysis according to ISO 27001 and the event risk analysis for the concrete data center operation to a common denominator turned out to be an exciting task. It became apparent that the special qualities of an ECB-S room were necessary for KÜS DATA's concrete IT security requirements. And the power connection of the new data center also had to meet the highest availability requirements (VK4). This is where a major advantage of EN 50600 quickly became apparent: In contrast to most other data center certifications, EN 50600 allows various combinations of different VK, SK and GN to be meaningfully mapped for the individual data center subareas. A greater challenge was to reconcile the requirements for modularity for the various data center expansion stages, the security requirements for protection zones 1-4 and the demands for high energy efficiency. An intensive coordination process between DATA CENTER GROUP and the client KÜS DATA was necessary, especially with regard to the planning of the floor plan and the room layout.
Not least, the demanding inspection process by DIQ Zert GmbH proved to be an extensive challenge for all involved. The current inspection catalog of DIQ Zert GmbH comprises more than 400 individual inspection criteria, which were reviewed according to the 4-eyes principle with an additional veto auditor. But for KÜS DATA GmbH, the effort was worth it.
Conclusion:
Tested quality and safety for the new data center construction at the highest level according to EN 50600 (parts 1 and 2)! Certification for data center operation and management in accordance with EN 50600 Parts 3 and 4 will be sought as early as next year.
