Data centre security: Further resources

Cyber Essentials is an NCSC-backed self-assessment scheme ensuring that organisations are protected against a wide variety of the most common cyber-attacks

IT Service Management (ISO 20000): a global standard that describes the requirements for an information technology service management (ITSM) system. 

Information Security (ISO 27001): an information security standard, providing a set of standardised requirements for an information security management system (ISMS).

International Standard for Assurance Engagements (ISAE 3402): an assurance standard for internal financial reporting controls. In SOC terms, an ISAE 3402 is a SOC1 (see below). 

SSAE 16: a US standard (mirroring ISAE 3402) consisting of two different reports (see below). Note that from May 1 2017, SSAE 16 was superseded by SSAE 18.

A SOC 1 type 1 report: an independent snapshot of an organisation’s internal financial reporting controls on a given day.

A SOC 1 type 2 report: shows how controls have been managed over time. 

Quality management (ISO 9001): an international standard that specifies requirements for a quality management system.

Business continuity management (ISO 22301): an international standard for business continuity management covering disruptive events such as natural disasters, environmental accidents, technology mishaps and manmade crises. 

The Telecommunications Industry Association standard TIA942: a US standard that specifies the minimum requirements for telecommunications infrastructure of data centres and computer rooms including single tenant enterprise data centres and multi-tenant internet hosting data centres.

The uptime data centre tier standards are a standardised methodology used to determine availability in a facility. The standards are comprised of a four-tiered scale, with Tier 4 being the most robust.