SIST EN 50600-2-5:2021

SLOVENSKI STANDARD
01-junij-2021
Nadomešča:
SIST EN 50600-2-5:2016
Informacijska tehnologija - Naprave in infrastruktura podatkovnih centrov - 2-5.
del: Varnostni sistemi
Information technology - Data centre facilities and infrastructures - Part 2-5: Security
systems
Informationstechnik - Einrichtungen und Infrastrukturen von Rechenzentren - Teil 2-5:
Sicherungssysteme
Technologie de l'information - Installations et infrastructures de centres de traitement de
données - Partie 2-5: Systèmes de sécurité
Ta slovenski standard je istoveten z: EN 50600-2-5:2021
ICS:
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 50600-2-5

NORME EUROPÉENNE
EUROPÄISCHE NORM
April 2021
ICS 35.020; 35.110; 35.160 Supersedes EN 50600-2-5:2016 and all of its
amendments and corrigenda (if any)
English Version
Information technology - Data centre facilities and infrastructures
- Part 2-5: Security systems
Technologie de l'information - Installations et infrastructures Informationstechnik - Einrichtungen und Infrastrukturen von
de centres de traitement de données - Partie 2-5: Systèmes Rechenzentren - Teil 2-5: Sicherungssysteme
de sécurité
This European Standard was approved by CENELEC on 2021-03-22. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 50600-2-5:2021 E
Contents Page
European foreword . 5
Introduction . 6
1 Scope . 9
2 Normative references. 9
3 Terms, definitions and abbreviations . 10
3.1 Terms and definitions . 10
3.2 Abbreviations . 11
4 Conformance . 11
5 Physical security . 12
5.1 General . 12
5.2 Risk analysis and management . 12
5.3 Designation of data centre spaces: Protection Classes . 13
6 Protection against unauthorized access . 13
6.1 General . 13
6.1.1 Data centre configuration . 13
6.1.2 Protection Classes . 14
6.1.3 Protection Classes of specific infrastructures . 16
6.1.4 Levels for access control . 16
6.2 Access to the data centre premises . 17
6.2.1 Premises with external physical barriers . 17
6.2.2 Premises without external physical barriers . 18
6.2.3 Roofs . 19
6.2.4 Access routes . 19
6.2.5 Parking . 19
6.2.6 Employees and visitors . 20
6.2.7 Pathways . 20
6.2.8 Cabinets, racks and frames . 21
6.3 Implementation . 21
6.3.1 Protection Class 1 . 21
6.3.2 Protection Class 2 . 22
6.3.3 Protection Class 3 . 22
6.3.4 Protection Class 4 . 23
7 Protection against intrusion to data centre spaces . 24
7.1 General . 24
7.2 Level for the detection of intrusion . 24
7.3 Implementation . 24
7.3.1 Protection Class 1 . 24
7.3.2 Protection Class 2 . 25
7.3.3 Protection Class 3 . 26
7.3.4 Protection Class 4 . 26
8 Protection against fire events igniting within data centre spaces . 27
8.1 General . 27
8.1.1 Protection Classes . 27
8.1.2 Fire compartments and barriers . 28
8.1.3 Fire detection and fire alarm systems . 28
8.1.4 Fixed firefighting systems . 28
8.1.5 Portable firefighting equipment . 30
8.2 Implementation . 31
8.2.1 Protection Class 1 . 31
8.2.2 Protection Class 2 . 31
8.2.3 Protection Class 3 . 31
8.2.4 Protection Class 4 . 31
9 Protection against environmental events (other than fire) within data centre spaces . 31
9.1 General . 31
9.2 Implementation . 32
9.2.1 Protection Class 1 . 32
9.2.2 Protection Class 2 . 32
9.2.3 Protection Class 3 . 32
9.2.4 Protection Class 4 . 32
10 Protection against environmental events outside the data centre spaces . 33
10.1 General . 33
10.2 Implementation . 34
10.2.1 Protection Class 1 . 34
10.2.2 Protection Class 2 . 34
10.2.3 Protection Class 3 . 34
11 Systems to prevent unauthorized access and intrusion . 34
11.1 General . 34
11.2 Technology . 35
11.2.1 Security lighting . 35
11.2.2 Video surveillance systems . 36
11.2.3 Intruder and holdup alarm systems . 37
11.2.4 Access control systems . 37
11.2.5 Event and alarm monitoring . 37
Annex A (informative) Pressure relief: Additional information . 38
A.1 General . 38
A.2 Design considerations . 38
Bibliography . 40

Figures
Figure 1 — Schematic relationship between the EN 50600 standards . 7
Figure 2 — Risk analysis and management concepts . 13
Figure 3 — Protection Classes within the 4-layer physical protection model . 15
Figure 4 — Protection Class islands . 15
Figure 5 — Connections between Protection Class islands . 16
Figure 6 — Example of Protection Classes applied to data centre premises with external barriers18
Figure 7 — Example of Protection Classes applied to data centre premises without external barriers

Tables
Table 1 — Protection Classes against unauthorized access. 14
Table 2 — Options for access control . 17
Table 3 — Options for intrusion detection . 24
Table 4 — Protection Classes against internal fire events . 27
Table 5 — Protection Classes against internal environmental events . 31
Table 6 — Protection Classes against external environmental events . 33
Table 7 — Elements of systems for the prevention of unauthorized access . 35
European foreword
This document (EN 50600-2-5:2021) has been prepared by CLC/TC 215 “Electrotechnical aspects of
telecommunication equipment”.
The following dates are fixed:
• latest date by which this document has to be (dop) 2022-03-22
implemented at national level by publication of
an identical national standard or by
endorsement
• latest date by which the national standards (dow) 2024-03-22
conflicting with this document have to be
withdrawn
This document supersedes EN 50600-2-5:2016 and all of its amendments and corrigenda (if any).
This document includes the following significant technical changes with respect to EN 50600-2-5:2016:
a) technical update to all clauses in response to user feedback;
b) new Clause 7 on Protection Classes against intrusion to data centre spaces added and Clause 6
restructured accordingly;
c) references to relevant provisions of EN 50600-2-1:2021 added to highlight the respective links to
constructional requirements;
d) various editorial updates.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CENELEC by the European Commission and
the European Free Trade Association.
Introduction
The unrestricted access to internet-based information demanded by the information society has led to an
exponential growth of both internet traffic and the volume of stored/retrieved data. Data centres are housing
and supporting the information technology and network telecommunications equipment for data processing,
data storage and data transport. They are required both by network operators (delivering those services to
customer premises) and by enterprises within those customer premises.
Data centres usually provide modular, scalable and flexible facilities and infrastructures to easily
accommodate the rapidly changing requirements of the market. In addition, energy consumption of data
centres has become critical both from an environmental point of view (reduction of environmental footprint)
and with respect to economical considerations (cost of energy) for the data centre operator.
The implementation of data centres varies in terms of:
a) purpose (enterprise, co-location, co-hosting, or network operator);
b) security level;
c) physical size;
d) accommodation (mobile, temporary and permanent constructions).
The needs of data centres also vary in terms of availability of service, the provision of security and the
objectives for energy efficiency. These needs and objectives influence the design of data centres in terms of
building construction, power distribution, environmental control, telecommunications cabling and physical
security as well as the operation of the data centre. Effective management and operational information is
important in order to monitor achievement of the defined needs and objectives.
Recognizing the substantial resource consumption, particularly of energy, of larger data centres, it is also
important to provide tools for the assessment of that consumption both in terms of overall value and of
source mix and to provide Key Performance Indicators (KPIs) to evaluate trends and drive performance
improvements.
At the time of publication of this document, the EN 50600 series is designed as a framework of standards,
technical specifications and technical reports covering the design, the operation and management, the key
performance indicators for energy efficient operation of the data centre as well as a data centre maturity
model.
The EN 50600-2 series defines the requirements for the data centre design.
The EN 50600-3 series defines the requirements for the operation and the management of the data centre.
The EN 50600-4 series defines the key performance indicators for the data centre.
The CLC/TS 50600-5 series defines the data centre maturity model requirements and recommendations.
The CLC/TR 50600-99-X Technical Reports cover recommended practices and guidance for specific topics
around data centre operation and design.
This series of documents specifies requirements and recommendations to support the various parties
involved in the design, planning, procurement, integration, installation, operation and maintenance of
facilities and infrastructures within data centres. These parties include:
1) owners, operators, facility managers, ICT managers, project managers, main contractors;
2) consulting engineers, architects, building designers and builders, system and installation designers,
auditors, test and commissioning agents;
3) facility and infrastructure integrators, suppliers of equipment;
4) installers, maintainers.
At the time of publication of this document, the EN 50600-2 series comprises the following documents:
EN 50600-2-1, Information technology — Data centre facilities and infrastructures — Part 2-1: Building
construction;
EN 50600-2-2, Information technology — Data centre facilities and infrastructures — Part 2-2: Power supply
and distribution;
EN 50600-2-3, Information technology — Data centre facilities and infrastructures — Part 2-3: Environmental
control;
EN 50600-2-4, Information technology — Data centre facilities and infrastructures — Part 2-4:
Telecommunications cabling infrastructure;
EN 50600-2-5, Information technology — Data centre facilities and infrastructures — Part 2-5: Security
systems;
CLC/TS 50600-2-10, Information technology — Data centre facilities and infrastructures — Part 2-10:
Earthquake risk and impact analysis;
The inter-relationship of the documents within the EN 50600 series is shown in Figure 1.

Figure 1 — Schematic relationship between the EN 50600 standards
EN 50600-2-X documents specify requirements and recommendations for particular facilities and
infrastructures to support the relevant classification for “availability”, “physical security” and “energy efficiency
enablement” selected from EN 50600-1.
EN 50600-3-X documents specify requirements and recommendations for data centre operations, processes
and management.
EN 50600-4-X documents specify requirements and recommendations for key performance indicators (KPIs)
used to assess and improve the resource usage efficiency and effectiveness, respectively, of a data centre.
This document addresses the physical security of facilities and infrastructure within data centres together
with the interfaces for monitoring the performance of those facilities and infrastructures in line with
EN 50600-3-1 (in accordance with the requirements of EN 50600-1).
This document is intended for use by and collaboration between architects, building designers and builders,
system and installation designers and security managers among others.
This series of documents does not address the selection of information technology and network
telecommunications equipment, software and associated configuration issues.
1 Scope
This document addresses the physical security of data centres based upon the criteria and classifications for
“availability”, “security” and “energy efficiency enablement” within EN 50600-1.
This document provides designations for the data centres spaces defined in EN 50600-1.
This document specifies requirements and recommendations for those data centre spaces, and the systems
employed within those spaces, in relation to protection against:
a) unauthorized access addressing organizational and technological solutions;
b) intrusion;
c) fire events igniting within data centres spaces;
d) environmental events (other than fire) within the data centre spaces which would affect the defined level
of protection;
e) environmental events outside the data centre spaces which would affect the defined level of protection.
NOTE Constructional requirements and recommendations are provided by reference to EN 50600-2-1.
Safety and electromagnetic compatibility (EMC) requirements are outside the scope of this document and
are covered by other standards and regulations. However, the information given in this document can be of
assistance in meeting these standards and regulations.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
EN 3 (all parts), Portable fire extinguishers
EN 54 (all parts), Fire detection and fire alarm systems
EN 54-20:2006, Fire detection and fire alarm systems — Part 20: Aspirating smoke detectors
EN 12845, Fixed firefighting systems — Automatic sprinkler systems — Design, installation and maintenance
EN 13565-2, Fixed firefighting systems — Foam systems — Part 2: Design, construction and maintenance
CEN/TS 14816, Fixed firefighting systems — Water spray systems — Design, installation and maintenance
CEN/TS 14972, Fixed firefighting systems — Watermist systems — Design and installation
EN 16750, Fixed firefighting systems — Oxygen reduction systems — Design, installation, planning and
maintenance
EN 50131 (all parts), Alarm systems — Intrusion and hold-up systems
EN 50136 (all parts), Alarm systems — Alarm transmission systems and equipment
EN 50518, Monitoring and Alarm Receiving Centre
EN 50600-1, Information technology — Data centre facilities and infrastructures — Part 1: General concepts
EN 50600-2-1:2021, Information technology — Data centre facilities and infrastructures — Part 2-1: Building
construction
EN 50600-2-2, Information technology — Data centre facilities and infrastructures — Part 2-2: Power supply
and distribution
EN 50600-2-3, Information technology — Data centre facilities and infrastructures — Part 2-3: Environmental
control
EN 50600-2-4, Information technology — Data centre facilities and infrastructures — Part 2-4:
Telecommunications cabling infrastructure
EN 60839-11-1, Alarm and electronic security systems — Part 11-1: Electronic access control systems -
System and components requirements (IEC 60839-11-1)
EN 60839-11-2, Alarm and electronic security systems — Part 11-2: Electronic access control systems -
Application guidelines (IEC 60839-11-2)
EN 62305 (series), Protection against lightning (IEC 62305 series)
EN 62676-1-1, Video surveillance systems for use in security applications — Part 1-1: System requirements
— General (IEC 62676-1-1)
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 50600-1 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
3.1.1
authorized person
person having been assessed and subsequently provided with access credentials to specific areas within the
data centre
3.1.2
forcible threat
threat exhibited by physical force
3.1.3
frame
open construction, typically wall-mounted, for housing closures and other information technology equipment
[SOURCE: EN 50174-1:2018, 3.1.21]
3.1.4
free-standing barrier
wall, fence, gate, turnstile or other similar self-supporting barrier, and their associated foundations, designed
to prevent entry to a space of a given Protection Class
[SOURCE: EN 50600-2-1:2021, 3.1.2]
3.1.5
hold time
time during which a concentration of fire extinguishant is maintained at an effective level with the space
being protected
3.1.6
information technology equipment
equipment providing data storage, processing and transport services together with equipment dedicated to
providing direct connection to core and/or access networks
3.1.7
make-up air
air introduced into a data centre space to replace air that is exhausted through ventilation or combustion
processes
[SOURCE: CLC/TR 50600-99-1:2020, 3.1.18]
3.1.8
rack
open construction, typically self-supporting and floor-mounted, for housing closures and other information
technology equipment
[SOURCE: EN 50174-1:2018, 3.1.34]
3.1.9
residual risk
remaining risk(s) posed to the data centre assets requiring protection following the deployment of appropriate
countermeasures
3.1.10
surreptitious attack
compromise of an asset via logical or physical means with the objective that the attack remains undetected
3.1.11
surreptitious threat
threat of a surreptitious attack by entities via logical or physical means leading to the compromise of that
asset
3.2 Abbreviations
For the purposes of this document, the abbreviations given in EN 50600-1 and the following apply.
I&HAS intruder and holdup alarm systems
VSS video surveillance system
4 Conformance
For a data centre to conform to this document
1) the required Protection Classes of Clause 5 shall be applied to each of the spaces of the data centre
according to the risk analysis of 5.2;
2) the requirements of the relevant Protection Class of Clauses 6, 7, 8, 9 and 10 shall be applied;
3) the systems to support the requirements of Clause 6 shall be in accordance with Clause 11.
5 Physical security
5.1 General
The degree of physical security applied to the facilities and infrastructures of a data centre has an influence
on both the availability of function of, and the integrity/security of the data stored and processed within, the
data centre.
Subclause 5.3 provides minimum requirements for the data centres spaces defined in EN 50600-1. The
requirements and recommendations for those data centre spaces, and the systems employed within those
spaces, address protection against:
a) unauthorized access (see Clause 6);
b) intrusion (see Clause 7);
c) fire events originating within data centres spaces (see Clause 8);
d) environmental events (other than fire) within the data centre spaces which would affect the defined level
of protection (see Clause 9);
e) environmental events outside the data centre spaces which would affect the defined level of protection
(see Clause 10).
Constructional requirements for walls and penetrations are provided in EN 50600-2-1 and relevant cross-
references are provided from this document.
5.2 Risk analysis and management
The requirements for security should be determined:
— by the organization responsible for data centre assets;
— following a risk assessment based on the threats posed to the data (and the “classification” of that data)
and the processes hosted by the data centre. See EN 50600-1 for further information regarding risk
assessment methodologies.
Figure 2 illustrates the concept of the risk analysis and management and is described as follows:
a) asset value analysis: a classification (“native”, or “raised” due to the effects of data aggregation) of the
assets should be determined at an early stage, so that it is possible to deploy appropriate protection
countermeasures;
b) likelihood analysis: the probability of some form of attack against the protected assets;
c) threat (forcible or surreptitious) analysis: for example, posed by unauthorized access to the assets
resulting in loss or unavailability of the assets;
d) vulnerability analysis: for example, inadequate physical security or technical controls of the hosted data.
Figure 2 — Risk analysis and management concepts
These four items are analysed to identify the baseline risk posed to the data centre. Management of the
identified baseline risk employs appropriate technical, physical and procedural countermeasures or a
combination thereof at the appropriate security level.
Following the deployment of baseline countermeasures, further decisions shall be taken relating to the
residual risk(s) as follows, driven by the acceptance of risk of the asset owner:
1) toleration - the remaining risk(s) are accepted and no additional countermeasures deployed;
2) treatment - additional measures are deployed to counter the remaining risk(s);
3) transferral - the risk(s) are transferred to another party, for example obtaining additional insurance cover
to mitigate the risk(s);
4) termination - the activity posing the risk is terminated.
5.3 Designation of data centre spaces: Protection Classes
A data centre space can be accommodated in buildings or other structures, external to buildings, and can be
dedicated to a particular data centre infrastructure e.g. generator space or transformer space.
There is no concept of a data centre of a given Protection Class.
Each data centre space, independent of the size or purpose of the data centre, is designated as being of a
particular Protection Class with reference to each of the aspects in a) to e) of 5.1.
The Protection Class of a given space does not need to be the same for all aspects. For example, a
generator within an isolated structure does not need a fire compartment but requires protection against both
unauthorised access and intrusion.
In addition, the risk analysis of 5.2 together with the construction and configuration of the data centre
described in 6.2 will require the spaces of the data centre to be defined in terms of Protection Class for each
aspect of security.
The Protection Class system operates horizontally and vertically (e.g. risers, lift shafts, stair wells, atriums,
light-wells) for the buildings and structures.
6 Protection against unauthorized access
6.1 General
6.1.1 Data centre configuration
The facilities and infrastructures of the data centre may be accommodated in part, or all, of a single building
or structure within the premises or may be distributed across several buildings or structures.
The implementation of barriers between areas of different Protection Classes in terms of protection against
unauthorized access is based on their physical construction. The protection can be supplemented by
technical and organizational measures. For example, free-standing barriers, external or internal walls of
buildings, together with doors and other ducts, may be equipped with appropriate technical security systems
(see Clause 11) and supplemented by appropriate organizational processes.
6.1.2 Protection Classes
This document defines four Protection Classes in relation to access to spaces accommodating the elements
of the different facilities and infrastructures as detailed in Table 1.
Table 1 — Protection Classes against unauthorized access
Type of Class 1 Class 2 Class 3 Class 4
protection
Area restricted to
Area restricted to specified
specified employees and
employees and tenants who have
Area that is
tenants(visitors an identified need
accessible to all
and other persons to have access
Protection against authorized
Public or semi- with access to (visitors and other
unauthorized persons
public area. Class 2 shall be persons with
access (employees,
accompanied by access to Class 2
tenants and
persons or 3 areas shall be
visitors).
authorized to accompanied by
access Class 3 and authorized to
areas). access Class 4
areas).
The Protection Classes feature increasing levels of access control. The areas of the data centre requiring the
greatest physical protection against unauthorized access will be accommodated in spaces with the highest
Protection Class. Further guidance can be found in the EN 60839-11 series.
As a fundamental principle:
a) authorized persons have access to specific areas (or groups of areas) of a given Protection Class;
b) authorized persons able to access specific areas (or groups of areas) of a given Protection Class do not
have automatic access to all areas of a lower Protection Class.
This clause defines the rules for implementing such Classes.
The access to spaces and systems shall be limited to the inevitable necessary operative minimum. This
applies to the aspects of spaces, time, personnel and knowledge. The implementation of physical security
shall be effected according to the philosophy shown schematically in Figure 3, referred to as the “Onion
Skin” or “Defence in Depth” approach/model.
Figure 3 — Protection Classes within the 4-layer physical protection model
In order to be applicable to more general implementations of data centres, the simplistic model of Figure 3
can be visualized as a series of Protection Class islands as shown in Figure 4.

Figure 4 — Protection Class islands
Subclause 5.3 provides examples of the Protection Classes applied to data centre spaces but the
technological solutions to the control of unauthorized access vary across the particular data centre spaces
within a Protection Class.
All elements of the border/barrier of an area with a given Protection Class shall have the same level of
resistance to unauthorized access. Where the data centre infrastructures specified in EN 50600-2-1 to
EN 50600-2-5 cross boundaries from one Protection Class to another, they shall be provided with protection
suitable to the lower Protection Class interconnected as shown in Figure 5.
NOTE National or local regulations can prevent security measures being applied to pathways (e.g. maintenance
holes, etc.) for infrastructures external to the premises.
Figure 5 — Connections between Protection Class islands
Access control systems of a given Protection Class should be managed from areas with the same or higher
Protection Class.
Pathways of the data centre infrastructures (e.g. power supply, environmental control and
telecommunications cabling) shall be designed to prevent unauthorized passage between areas of different
Protection Class.
Data centres and their complementary functions of technical infrastructure shall be organized in areas which
mirror the needs of security, safety and availability of the data centre which match the assumed risks and
protection goals.
The risk bearing elements of the data centre should be located as far from the public or other unauthorized
personnel as possible. Where this is not practicable, additional protection measures can be required as
determined by the output of the risk assessment process or the site security assessment.
6.1.3 Protection Classes of specific infrastructures
The requirements for the Protection Class to be applied to the elements of the following facilities and
infrastructures within the data centre are defined in:
a) EN 50600-2-2 for the power distribution system;
b) EN 50600-2-3 for the environmental control system;
c) EN 50600-2-4 for the telecommunications cabling infrastructure.
6.1.4 Levels for access control
Table 2 describes four levels for access control to data centre spaces. The appropriate solution shall be
specified to allow the crossing of the boundary of each Protection Class. Information in 11.2.4 provides
details of the functionality options which can be applied.
———————
This will be implemented in the future second edition of EN 50600-2-4.
Table 2 — Options for access control
Security Access control Examples
level intensity
1 (low) Manual access control Mechanical key and lock plus manual access log
(no automation)
2 (medium) Automated access Using an electronic ID medium (e.g. card or other ID token)
control with single plus electronic access log
Factor authentication
3 (high) Automated access Using an electronic ID medium (e.g. card or other ID token)
control with two Factor together with another factor (e.g. PIN or biometry) plus
authentication electronic access log
4 (very high) Enforced automated Solutions to enforce the prevention of unregistered or
access control unauthorized access or piggy-backing in additional to security
level 3
NOTE  Wearing a visible badge is possible for all security levels.
6.2 Access to the data centre premises
6.2.1 Premises with external physical barriers
If the premises are provided with an external physical barrier that provides a demarcation of Protection
Class 1 then, as shown in the example of Figure 6:
1) the number of penetrations of the boundary of Protection Class 1 for personnel and vehicular access
shall be minimized;
2) the boundary of Protection Class 2 would represent the exterior walls and associated entrances of the
buildings and other structures comprising the data centre and its associated spaces;
3) the boundary of Protection Class 3 would represent the barrier between any entrances of buildings or
structures comprising the premises and the areas comprising the data centre and its associated spaces
(these spaces may be in separate buildings or structures of Protection Class 2);
4) the boundary of Protection Class 4 would represent the barrier between the entrance to the area
requiring Protection Class 3 and the area requiring Protection Class 4.
Figure 6 — Example of Protection Classes applied to data centre premises with external barriers
6.2.2 Premises without external physical barriers
If the premises enable full and unrestricted public access to the boundaries of the building(s) or other
structures, the exterior walls (or other defined internal barrier) of the building(s)/structures(s) represent the
boundary of Protection Class 1. In such a case, as shown in the example of Figure 7:
1) the number of penetrations of the boundary of Protection Class 1 for personnel and vehicular access
shall be minimized and these should be considered as points of surveillance and access detection;
2) the boundary of Protection Class 2 would represent the barrier between any entrances of buildings or
structures comprising the premises and the areas comprising the data centre and its associated spaces
(these spaces may be in separate buildings or structures of Protection Class 1);
3) the boundary of Protection Class 3 would represent the barrier between the entrance to the designated
data centre space and the area requiring Protection Class 3;
4) the boundary of Protection Class 4 would represent the barrier between the entrance to the area
requiring Protection Class 3 and the area requiring Protection Class 4.
Figure 7 — Example of Protection Classes applied to data centre premises without external barriers
6.2.3 Roofs
Appropriate barriers will be required to prevent unauthorized access to roof-top structures which
accommodate facilities or infrastructure requiring a higher Protection Class.
Where possible, access routes to the roof, for purposes of maintenance and repair of the roof, roof-top
structures and, where relevant, to infrastructure elements, shall be from within areas of Protection Cla
...