DIN EN 50600 | Data center Compliance & Certification

In 2011, the development of DIN EN 50600 laid the foundation for a European standardization for the planning and operation of data centers. The first parts of the standard, which is divided into various individual standards and topics, were published as early as 2012. In 2014 and finally in 2016, almost all topics were covered and in 2019, the standard underwent a significant revision and adaptation to the state of the art.

From the point of view of certification bodies and auditors, DIN EN 50600 is a real enrichment, since in the past there were - and in some cases still are - many different national or international systems for assessing data centers, which were not always comparable in detail. DIN EN 50600 has now created a comparable standard. The holistic approach is in the foreground. This makes certification and integration into existing management systems such as DIN ISO/IEC 27001 much easier.

The standard is currently structured as follows:

  • DIN EN 50600 Part 1: General concepts
  • DIN EN 50600 Part 2-1: Building construction
  • DIN EN 50600 Part 2-2: Power supply and distribution
  • DIN EN 50600 Part 2-3: Environmental control
  • DIN EN 50600 Part 2-4: Telecommunications cabling infrastructure
  • DIN EN 50600 Part 2-5: Security systems
  • DIN EN 50600 Part 3-1: Management and operational information
  • DIN EN 50600 Part 4-1: Overview of and general requirements for key performance indicators
  • DIN EN 50600 Part 4-2: Power Usage Effectiveness
  • DIN EN 50600 Part 4-3: Renewable Energy Factor
  • DIN EN 50600 Part 4-6: Energy Reuse Factor
  • DIN EN 50600 Part 4-7: Cooling Efficiency Ratio
  • DIN CLC/TR 50600 Part 99-1: Recommended practices for energy management
  • DIN CLC/TR 50600 Part 99-2: Recommended practices for environmental sustainability
  • DIN CLC/TR 50600 Part 99-3: Guidance to the application of EN 5060

 

Back in 2015, I reported on the development of the standard, its use in planning, and the options for conformity assessment and certification based on a catalog of requirements of DIN EN 50600 with its risk classes, protection classes, and energy and resource efficiency, among other things, in an RZ-Fibel published by Prior 1 GmbH. Since then, there have been many further developments in this area. Not only has the standard been revised and adapted to the current state of the art, but acceptance has also spread enormously. Just a few years ago, statements that certification could be required by lawmakers were laughed at. With the introduction of legal and regulatory requirements1 from the General Data Protection Regulation (GDPR), the IT Security Act2 or the EnWG3 (Energy Industry Act), such legal requirements have become real. Companies have to face such certifications and also extend them to their suppliers by obligation. Because only if the supplier chain is also subject to the same normative requirements is effectiveness ensured for the obligated company.

DIN EN 50600 follows a process-oriented design approach that is intended to safeguard business processes and secure core processes. The risk analysis begins with a holistic view of the data center based on these business processes. Subsequently, a comprehensive security concept is developed. It should be noted that DIN EN 50600 has the holistic view of the data center at its core. This is not a holistic approach for IT operations or the company. Other standards and certifications are used here that certify management systems in the company, above all information security with DIN ISO/IEC 27001.

Certification according to DIN EN 50600 is voluntary, i.e. there is currently no legal or regulatory requirement for certification. However, in various industries or sectors of the economy, regulatory measures of the legislator (e.g. CRITIS – Critical Infrastructure) may indirectly or directly result in the need for proof of compliance with certain requirements, which is supported by the certification of the data center.

A devastating fire broke out in a data center in Strasbourg on March 10, 2021. It could no longer be brought under control and led to the five-story data center with over 10,000 servers burning out completely. Neighboring data centers were partially destroyed or had to be isolated and were temporarily inoperable4. The outages affected more than 3.5 million websites and almost half a million domains. In view of this major fire in several data centers at one of Europe's largest Internet service providers5, which resulted in considerable data loss (in some cases total loss, as backups were also affected) and massive outages, the demand for security in data center operations and thus for suitable certifications is increasing significantly.

When carrying out certification, attention must also be paid to the industry-specific qualifications of the certification body and the experience of the auditors used, because each industry has different requirements and priorities when it comes to assessing risks and security scenarios, which is particularly evident in the case of CRITIS companies. This is also of immanent importance when selecting a suitable data center, as requirements can differ in the details. In the case of commercially operated data centers and their service offerings, attention should also always be paid to the other clientele that operate their services or store data there.According to the IT security company Kaspersky Lab, hackers and criminal groups used 140 servers in the burned-down data center6.

Based on DIN EN 50600, the experts of the certification bodies created requirement catalogs that map the requirements from the DIN EN 50600 standard. Existing requirement catalogs, which already take into account many years of experience, best practices and other relevant criteria, were expanded accordingly and compared with DIN EN 50600. Business and risk analysis, protection classes and availability classes were considered according to the criteria of the standard INTERCERT GmbH - Group of MTIC - has been certifying data centers on the basis of sustainably resilient requirement catalogs for almost ten years and offers certification of the criteria of DIN EN 506007 in accordance with the regulations of INTERCERT GmbH on the basis of its own requirement catalog.

In the startup to certification, an accompanying audit should be carried out by the certification service provider at an early stage, ideally at the start of planning. In the past, this has proven time and again to be advantageous for ensuring compliance with the previously selected requirements from DIN EN 50600 as part of the implementation of data center projects and avoids subsequent, usually cost-intensive, rectifications to achieve conformity. The certification audit then represents the logical conclusion of the implementation phase. Optimal operation and regular recertification audits ensure that the level of quality and security is maintained over the long term.

Proof of conformity to DIN EN 50600 via a recognized certification creates customer confidence in the assurance of their requirements, especially in the legally regulated area, and thus represents a clear competitive advantage. This demonstrates appropriate quality and is proof of the security of the data center to customers and partners. Proof of certification in accordance with DIN EN 50600 is an essential feature for professional data center operators, cloud providers and Internet service providers, as well as being increasingly required in supply chain certification, especially in the CRITIS industries8. 

The high level of satisfaction and long-term cooperation of customers who have had their data centers certified by INTERCERT GmbH - Group of MTIC - speaks for itself.

 

 

Dr. Joachim Müller

INTERCERT GmbH - Group of MTIC -

Quality Lead Auditor Data Center

 

 

1 Koreng/Lachenmann, Kap. E I, in: Formularhandbuch Datenschutzrecht, C.H. Beck, 2018
2 ebd.
3 ebd.
4https://www.storage-insider.de/ovh-grossbrand-hat-gravierende-folgen-a-1008399/
5https://www.heise.de/news/OVH-Feuer-zerstoert-Rechenzentrum-in-Strassburg-ein-weiteres-beschaedigt-5076320.html
6https://www.faz.net/aktuell/wirtschaft/digitec/brand-bei-cloud-betreiber-millionen-von-webseiten-betroffen-17238989.html
7 Weiterführend/ Further: https://intercertgmbh.mtic-group.org/de/zertifizierung/sektoral/rechenzentrumszertifizierung
8 Energie, Pharmazie, Medizin-Technik und -Produkte, Lebensmittel, Automotive, Aviation, u.a.

Related Services

Management System

Testing

Inspection

Certification 

 

Ask for a Quote 

Go to form

 

 


Service provided by InterCert GmbH.

Contact our offices in Bonn to request a quote.

t. +49 228 62 9750-0 - m. info@mtic-group.org