INTERVIEW: data centers will soon get their own ISO standard to prove security, reliability and sustainability

In the middle of December, Greenergy Data Centers, was recognised with the EN 50600 certification, which is unmatched by any other data center in the Baltics or Finland. The audit lasted over two and a half years and resulted in another milestone in Estonia’s success story as an IT country.

The value of the EN 50600 certificate lies in the assurance it provides to the customer of the data center. As it is the highest standard in Europe that a data center can meet, it simply means the highest reliability, security, and energy efficiency.

Joachim Faulhaber, Head of the Data Center Assessment Department of TÜVIT, personally presented the high recognition during his visit to Estonia. We looked at the future of EN 50600 and why such certificates are needed at all.

Why do data centers need a separate certificate?

In recent years, the market for data centers has grown by 20% every year. In the past, information security certifications such as ISO 27001 were applied, but these do not take into account the reliability and energy efficiency of infrastructure that is key to such data centers.

A modern digital society needs a foundation – and these are the data centers. This is why, nearly 10 years ago, work started on the development of the EN 50600 certification, which focuses on the physical part of data centers.

Is there an ISO certificate focusing on the physical part of data centers?

There soon will be. When Greenergy started their EN 50600 certification project the ISO 22237 was still under development. As of late three out of seven parts of the ISO 22237 have been published, with more to follow in the upcoming years. However, since the ISO 22237 is based on the EN 50600, Greenergy will have in future a smooth transition to the ISO 22237.

What are the trends in the certification industry? Has holding a certificate become more important for companies in recent years?

Definitely. There is an increasing demand for such certificates in the market, especially from governmental and regulatory bodies that require them. The private sector is also showing more interest in certificates.

Is EN 50600 a strictly European standard or does it also carry weight in other parts of the world?

National standards are often not internationally recognised. But if a standard is accepted by a whole region – like Europe – then, of course, it will be taken into account in Asia or America. If the EN 50600 certification is incorporated into the ISO world (recognised by the International Organisation for Standardization – editor), there is no doubt that this certification will carry global weight.

What does it take to make EN 50600 an ISO standard? Do we need to reach an agreement with American or Asian organisations?

Exactly. That is an ongoing process. For some parts, agreements have already been reached. I do know that only minor changes have been made to the current EN 50600 requirements. When it comes to the mechanical infrastructure and the electrical system of data centers, the EN 50600 certification is practically identical to the ISO standard. I suppose that the same goes more or less for other parts, and no severe changes are needed.

So, if you have the EN 50600 certificate now, you will be able to easily get the ISO certificate in the future?

I believe so. I am quite confident that the transition from EN 50600 to ISO will be very smooth. This is a major advantage of the current certificate for businesses.

What does the certification process currently look like?

This is well illustrated by the example of Greenergy Data Centers. I remember well the first workshop we had with GDC in April 2020. The aim was to get in sync, so that GDC could understand what our requirements are and we could understand what kind of facility is planned to be built on the outskirts of Tallinn.

Then came the phase where we were sent piles of documents, graphs, and plans, so that we could review them and make our assessments. This phase lasted nearly half a year. We sent a very detailed report in response that gave GDC the certainty it needed for the construction phase. Essentially, this means that if everything is done as written in the documents, the certificate will be issued. However, the EN 50600 certification covers not only the construction, but also the operation of the data center.

After the construction phase, in April 2022, we started the first audit. We went through the data center and checked everything. The second audit was in autumn 2022. Afterwards, we collected all the information, prepared a report, and sent it to the certification body. They check that all the requirements have been met, that the assessors are impartial, etc. The certification body decided to issue the certificate and we are now in Estonia to hand it over.

It took two and a half years from start to finish to get the certificate, but it is not really that long, as there was construction in between. We have had longer projects.

Is certification different in other parts of the world, for example in America? Or do the certificates differ in name only?

The Uptime Institute, which is also known around the world, operates in the US. They also certify data centers based on mission-critical infrastructure – so the objective is very similar to EN 50600.

The difference is that they are a private company, so their working process is different from that of European certification bodies. Our activities are monitored by an accreditation body and everything has to comply with the ISO 17065 standard (standard for accreditation bodies to certify products, services, etc.). Uptime, on the other hand, operates on its own.

So, in essence, you are auditing companies and at the same time, you are being audited by other bodies to make sure everything is compliant?

That’s right. It ensures our credibility and reputation.

Are there any other bodies in Europe that issue EN 50600 certificates?

There are, but we are pleased to say that about 70 per cent of all certificates issued to data centers are issued by us. We are well known in this field and have over 21 years of experience, so we have a good foundation.

Now that Greenergy Data Centers has the certificate, what must be done to not lose it in the future?

EN 50600 certification is valid for two years, after which recertification can be applied for. Fortunately, most of the work has already been done for the initial certificate. Assuming that neither the building itself nor the technical side of things has changed in the two years, the recertification process is shorter and simpler because we focus on the operational side – the staff and how they operate the facility. We check to make sure nothing has changed in two years or we have to assess whether these changes might have an impact on the security and availability.

In general, the recertification process requires about 30–40 per cent of the effort compared to the first certification.

Finally, what are the main benefits of such high recognition for the company?

One important benefit is for the company itself – you do not have to worry every day about whether everything has been done right. Thanks to the EN 50600 certification, you know that you have done everything right from the start – the precautions are in place, so even if one of the systems fails, the center keeps on working.

Another benefit is for customers. This certificate guarantees reliability. Customers will see that a separate, impartial party has confirmed that their data center meets all the conditions which ensure that their data is kept securely.