Ensuring your data center facility is compliant

Written by Rakesh Dogra

Data centers are increasingly becoming ever more important in literally all walks of business, commerce and industry; having their presence felt in all fronts in these areas. Due to such a prominent place which they are achieving, their impact on the normal activities is increasing as well and any disruptions to these data centers could brings business and commercial activities to a standstill at least temporarily causing huge loss to the company, clients, reputation and most importantly the valuable and often confidential data and/or information which these data centers handle and process.

Therefore governments and regulatory bodies have been increasingly putting data centers under their scanner and there are increasing attempts to put more regulatory mechanisms in place to ensure that the data center comply to certain minimum standards across various platforms. This would help to ensure consistency and uniformity at least on the lower side of quality and efficiency across the entire data center industry.

What to Comply with?

Compliance has to be done by adhering to certain benchmarks which are defined as various regulations and directions set forth by the appropriate bodies. As far as data centers are concerned there are various benchmarks to which these centers should comply and these include several such regulations. It must be noted that all regulations may not apply to all types of data centers as we shall see below where some of these regulations have been listed:

Sarbanes Oxley Act – this is a US Federal Act which is applicable to all public companies and does not necessarily apply to privately held companies. This act has various sections which deal with different areas of compliance e.g. sections 302 and 404 are concerned with implementing internal security controls.

HIPAA - it is basically related to health care services and hence would effect data centers that process information related to hospitals and other medical facilities since this act also covers security of the electronically stored information related to the patients and their medical condition.

Similarly there are several other regulations to which data centers should comply. Some of them deal with safe operation of the electrical equipment while others ensure that safe working practices are followed in all areas of the data center.

Ensuring Compliance

It could be daunting task to comply to various regulations to which a data center is subject. Nevertheless this does not mean to say that there should be any lapse on the part of the management or staff to ignore or take these compliance issues lightly. The first step to ensure compliance would be to find out what all regulations does a data center need to comply to. This is necessary since as already mentioned, all regulations do not necessarily apply to all data center facilities but could vary with the type of data center, location and the services that it provides.

The data center management needs to find out the exact compliance requirements and it can take the help of professional third parties if they are not fully capable of doing such an analysis. Some of the regulations might need compliance at the very initial stages such as laying out the electrical system in compliance with relevant safety standards while others require compliance at later stages of the data center life.

After the various regulations have been found, the management needs to ensure compliance to every single regulation and take steps necessary to ensure that the data center adheres to the suggested guidelines. Again it might be necessary to take external professional help if the data center is small and short of resources and cannot do this own their own.

It must be remembered that one of the most important steps to ensure compliance is to ensure that the required documentation and paperwork are upto date, since compliance not only needs to be present in actual workplace but also needs to be documented and recorded for reference and regulatory purposes in order to ensure that everything is as it should be.

Procedures and Work Policies

There should be set procedures for carrying out all the important activities which could otherwise lead to serious damages due to slight negligence or mistakes. Experience has shown that minor human errors are one of the most important causes of failures in data centers which could have been avoided, had the management been little more careful in designing and laying out procedures for work.

A simple example which confirms this fact is an incident which was reported some time earlier that a data center simply got shut down because an employee pressed the emergency stop switch by mistake which cost the data center a lot of money apart from the loss of clients due to disruption of critical activities.

Laying down procedures is itself an elaborate task which needs to be done after careful consideration and in tune with the preferred practices set out in instruction manuals and other regulatory procedures combined with the experience of the personnel. These procedures are then tested before being accepted as a matter of work policy and then displayed at appropriate places across the data center and also training sessions could be conducted which aim to drill these procedures into the workers. Again this training can either be in-house or can be done by external vendors who cater to such professional training.

Summary

Hence we see that running a data center is not only about taking care of the purely technical subject matters but also the data center should comply to various policies, procedures, regulations and guidelines which have been laid out by different authorities relevant to their sphere of influence. The data center management should ensure that the maximum possible regulations are being adhered to so that there is least risk of downtime which is important for the data center industry.