Effective Data Centre control and management requires the development and ongoing maintenance of a diverse suite of integrated policies and processes.

The complexity and scope is often under estimated, resulting in lack of control and potential increased risk. Links to external best practices and regulatory requirements (ITIL, Information Security, Health & Safety) are also often ignored or not considered. Data Centre documentation is essential to:

• Support activity planning (Capacity and Configuration Management
• Manage growth / time to market (Change Management, Release and Deployment Management)
• Reduce error rates (Commissioning procedures, Quality Assurance, Checklists)
• Conform to Regulatory and Compliance requirements (SOZ, Health & Safety)
• Maintain Security Levels (Information Security, Access Management)
• Risk Reduction
• Operational activities (Event Monitoring, Incident Management, Request Management, Infrastructure Support)
• Knowledge Management (CMDB, Knowledgebase)
• Simplify access to information (online information and forms)
• Communication of effectiveness measures (CSFs, KPIs and Management Reporting)

This document highlights some of the key processes and procedures that might be considered when developing the web of Data Centre control documents.

 

Data Centre Policies

Policy documents are top level ‘umbrella’ documents (see Figure 1) providing guiding principles relating to Data Centres / Computer Equipment Rooms - CPRs.  

 Policy definition:

• A written statement, approved by the management board, stating the organization’s official position
• An organization wide set of rules governing operational procedures and activities, security patches etc.
• A statement of principles and / or values
•  An aid to setting organizational direction and decisions
• A high level summary of related processes and procedures

 

Key Data Centre Policies might include:

 

Access principles are critical for the maintenance of Data Centre Security. Access considerations should be considered at multiple levels e.g. building, suite, cabinet.

•  Permanent vs. temporary access controls
• Access reasons
• Associated requirements (approved Change or Incident ticket / activity
• Access times (may be restricted to known access windows
• Third party access management
• Emergency access
• Exceptions to policy

  

A comprehensive set of rules relating to commissioning, change and decommissioning. Content might include:

 

• Capacity Management considerations (cabinet space, device position, power, temperature, LAN / SAN availability etc.)
• Asset / Configuration management, unique numbering, labelling
• Production vs. non production considerations
• Cabinet access and installation windows
• Cabling (approved mediums, management arms and channels, cable routes, containment, fastenings, layering etc.)
• Monitoring requirements (access, power, heat, humidity, connections etc.)
• Connections to power, LAN, SAN etc.

  

Health & Safety Policy

Clearly linked to external Health & Safety regulations and requirements. The policy (associated with lower level procedures) covers a number of wide ranging considerations including:  

• Lone working
• Cleanliness
• Vermin control
• Data Centre signage
• Fire regulations

  

The Data Centre Code of Conduct

 

 

The Data Centre Code of Conduct should be a one page set of rules for all persons entering the Data Centre to abide by.

 

The regulations contained are included for the safeguard of the Data Centre and equipment items and asset contained and also for the well being of any employee entering the facility.

 

 

Access Passes: Each individual requiring access to the Data Centre must be in possession of their own pass or have gained temporary approval to enter the facility via the approved Access / Permit to Work processes. It is a disciplinary offence to lend an access pass to another individual or to ‘tailgate’ another individual’