S 1.49 Technical and organisational requirements for the computer centre
Initiation responsibility: Top Management
Implementation responsibility: Planner
A computer centre should be designed as a single, closed, and secure area. When planning a computer centre or selecting suitable premises, the potential threats posed by the environment should be minimised to the greatest extent possible. Countermeasures for potential threats such as access by unauthorised persons, water ingress through flat roofs or in the basement must be implemented as well as regarding sources of electromagnetic interference such as mobile phone transmission towers or three-phase power generators.
Separate rooms should be planned for the "coarse" technology (electrical power supply, air conditioning technology) and the "fine" technology (computers) in the computer centre to avoid combinations of them in the same room. The technical infrastructure of the computer centre must be installed in separate rooms.
It must be taken into account that the protection requirements of active network components involved in communication with the outside world (such as routers and switches) are the same as the protection requirements of the core area of the computer centre. The security safeguards therefore must be equivalent and the telecommunication and communication components must be just as secure as the internal components. This applies to physical protection as well as to the processes of detecting, triggering, and sending alarms.
Therefore, it is recommendable to accommodate the services for
- communication technology,
- air conditioning and ventilation,
- power supply,
- warehouse, etc.
in a separate room in each case (optionally in a separate fire zone).
During planning, it should be ensured that the pipe routes for the supply pipes in the building, for example for water or gas (see S 1.24 Avoidance of water pipes), are not installed in the immediate vicinity or run through sensitive areas of the computer centre.
When planning structural alterations or new construction projects for a computer centre, the parameters described in the following must be taken into account.
In practice, length-to-width ratios ranging from 1:1 to a maximum of 2:3 have proven favourable for computer rooms. This division facilitates the structured layout of the IT components and their cables in the computer centre.
If permitted by the architectural design of the building, the installation of a raised floor is recommendable. The height of the raised floor depends on the technical equipment and purpose of the computer centre. If the raised floor will be used for air conditioning, it should have a clear height of at least 50cm. For high thermal loads of more than 1000 Watts per square meter, a clear height of 90-100cm is recommended.
When specifying the dimensions of IT rooms, the following dimensions are recommended as a guideline:
| Object | Height |
|---|---|
| Clear ceiling height from the raised floor | 3.00 m |
| Distance between supports | 6.00 m |
| Door width (in unfinished state) | 1.10 m |
| Door height (in unfinished state) | 2.10 m |
Ceilings and raised floors should be designed to bear a load of at least 1000kg/m².
The raised floor must fit very accurately and have a fire resistance class of F30 starting at a height of 20cm when completely covering the floor. In general, the relevant security policies should be followed (for example DIN EN 12825 "Raised access floors").
Note: The raised floors and suspended ceilings must cover the entire floor or ceiling in the IT room. Such structures should not create any insecure points of entry.
Corridors should be at least 1.80m wide and should be covered with smooth, non-slip floor coverings that are designed to withstand heavy loads.
Elevators used as vertical transportation routes in the computer centre should have a load-carrying capacity of at least 1500kg. The clear depth, width, and height of the elevator cabin should be at least 2.80m, 1.50m, and 2.20m respectively.
The entire computer centre security area should only have one or two entrance doors and no windows at all, because all possible points of entry must be monitored (see also S 1.10 Use of safety doors and windows). Access should be controlled by high-quality access control mechanisms (see also S 1.73 Protecting a computer centre from unauthorised entry).
Adequate architectural and technical protection against intrusion is absolutely essential for a computer centre. Additional recommendations in this regard can be found in safeguard S 1.19 Protection against entering and breaking.
A computer centre is a security-relevant area, and only the administrators of the IT systems installed there should have access to the computer centre. It must be ensured that the site access controls for such a security area ensure that the organisation's own employees and even more importantly the temporary employees, e.g. those performing maintenance work in the server room, do not have any access to systems not in their area of responsibility.
It should be prohibited to take portable IT systems, mobile telephones, or cameras into a computer centre when such systems are not under the control of the particular organisation. In general, operating mobile telephones should be prohibited in computer centres, since they can seriously interfere with the operation of the IT systems. Exceptions to this rule must be approved (see S 2.188 Security guidelines and rules for the use of mobile phones).
In many cases, high availability requirements are placed on the IT components operated in a computer centre. These requirements can be taken into account by designing redundancy into the infrastructural and technical equipment (see safeguard S 1.52 Redundancy, modularity, and scalability in the technical infrastructure).
Review questions:
- Are there technical and organisational requirements for the computer centre?
- Was the computer centre designed to be a closed security area?
- Is access to technology rooms and rooms containing IT components adequately controlled?
- Was the coarse technology adequately separated from the fine technology during the planning phase?