Annex E - Public Sector Data Centre standard
Data centres that are used by public sector organisations should meet a minimum standard that is capable of delivering efficient, reliable and highly available services. Some of the standard you should consider when looking at hosting options are:
- Built to comply with ISO27001 Information Security Standards.
One aspect of data centres which is often implemented at a low standard in many public sector-built data centres and computer rooms is physical security. As organisations move to provide appropriate protection of security classified material, delivering this and other security and protection requirements is increasingly expensive and prohibitive on an organisation by organisation basis.
Any Scottish public sector data centres that continue to be used will be designed, constructed and operated to meet the security requirements as demanded by the classification of the information and infrastructure they are required to support.
Support for business continuity and disaster recovery capabilities
A number of data centres provide some level of internal resilience and fault tolerance and this is measured by a tier rating (see Annex D), However many existing public sector data centres are not of a sufficient standard to be considered capable of sustained continuous operation in the event of a disaster, major or otherwise.
Ensuring ICT systems can support continuous business operation is an area of increasing concern, any move to a new infrastructure must have disaster recovery capability built in from the outset.
- certified to the ISO14001 standard
- PUE rating - 1.8 or less