R&M Data Center Handbook

Recommendations

Info

www.datacenter.rdm.com • Basel II The term Basel II refers to the entire set of directives on equity capital that were put forward by the Basel Committee for Banking Supervision in the past years. These directives apply to all banking institutions and financial service providers. In Switzerland, its implementation was carried out by the FINMA and in Germany the rules were implemented through the German Banking Act (KWG), the Solvency Regulation (SolvV) and the Minimum Requirements for Credit Management (MaRisk). Basel II primarily relates to internal banking regulations. Banks apply credit-risk-related standards to their customers that are the same as the ones with which they have to comply. This means that in the private sector as well, loan conditions and credit risks are directly dependent. • Basel III The term Basel III refers to the rules and regulations adopted by the Basel Committee at the Bank for International Settlements in Basel (Switzerland) as an extension of the existing equity capital regulations for financial institutions. These supplementary rules and regulations are based on the experiences with Basel II, issued in 2007, and on knowledge gained as a result of the global financial crisis of 2007. The provisional end version of Basel III was published in December 2010, even though individual aspects are still under discussion. Implementation within the European Union is achieved by amendments to the Capital Requirements Directive (CRD) and expected to come into effect gradually starting in 2013. • Solvency II Solvency II is the insurance industry's equivalent of Basel II. It is scheduled to come into effect in European Union member states in the first quarter of 2013. • Federal Data Protection Act (BDSG, Germany) / Data Protection Act (DSG, CH) Data protection acts regulate the handling of personal data. From a data center perspective, the technical and organizational measures that might be necessary are of primary relevance, especially those concerning regulations on access control and availability control. In addition to national legislation, there are state-specific and canton-specific data protection laws, in Germany and Switzerland respectively. 2.3.5. Certifications and Audits Certification and audit preparations are costly and time-consuming, therefore every organization must ask themselves whether it makes economic sense or not. Possible motivation and reasons for certification are: • Competitive differentiation: A certification can strengthen customer, staff and public trust in an organization. It can also make an organization stand out among competitors, provided it is not a mass product. Certifications are also gaining importance in invitations to tender. • Internal benefit of a certification: A certification can have the additional benefit of reducing possible security weaknesses. • Regulations The major certifications and audits in the data center sector are: • DIN EN ISO 9001- Quality Management • ISO 27001 – Information Security Management Systems • ISO 27001 – based on Basic IT Protection • ISO 20000 – IT Service Management • DIN EN ISO 14001 – Environmental Management • SAS 70 Type II certification – SOX relevant • IDW PS951 – German equivalent of the American SAS70 • Data Center Star Audit – ECO Association (Association of the German Internet Economy) • TÜV certification for data centers – (Technical Inspection Association, Germany) • TÜV certification for energy-efficient data centers R&M Data Center Handbook V2.0 © 08/2011 Reichle & De-Massari AG Page 33 of 156
www.datacenter.rdm.com 2.3.6. Potential Risks According to a report by the IT Policy Compliance Group of 2010, 80 percent of companies have poor visibility into their IT risks, taking three to nine months or longer to classify their IT risk levels. Inability to prioritize risks, lack of a comprehensive risk view and inadequate control assessments all contribute to this problem. Liability Risks Need for regulation, need for action Strategic tasks Conceptual tasks Operative tasks Responsibilities Legislation Potential damage and losses Management / CEO Supervisory Board Management / CEO Data Protection Officer Head of IT Management / CEO Data Protection Officer Head of IT Staff See regulations See regulations Employment contract See regulations Employment contract Commercial Code (HGB) Copyright Act (UrhG) Penal Code (StGB) Excerpt: Liability Risk Matrix (Matrix der Haftungsrisiken), Bitkom, as of March 2005 - Losses due to system failure - Insolvency - Increased costs of corporate loans - Loss of insurance coverage - Image loss - Monetary fines - See strategic tasks - Data loss - Unauthorized access - Virus infection - Loss due to failed projects - Loss of claims against suppliers - Loss of development know-how - No annual audit confirmation - Taxation assessment - Imprisonment - Corporate shutdown/loss of production - Capital losses - Image loss - Loss of business partners or data Companies have taken to including limited liability for negligent behavior in agreements between managing directors and the company. In the case of limited-liability companies, members have the option of declaring acceptance of the managing director, rendering any claims for damages against the company null and void. This is not true in the case of stock corporations, where acceptance of management does not result in the waiver of damage claims. Good insurance is a valuable asset because... … Managers fail to see their liability risks … Managers are usually not clear about the scope of their liability risk … There is a growing risk of being held liable for mistakes at work and losing everything in the process … Managing directors and management can be held liable if they fail to provide sufficient IT security for their companies … The boss is not the only one held liable! Operational Risks Operational risks – as defined in Basel II – are "the risks of loss resulting from inadequate or failed internal procedures, people and systems or from external events". The primary focus, in terms of operational risks, is on: • Information system failures • Security policy • Human resource security • Physical and environment security • IT system productivity • Keeping systems, procedures and documentation up-to-date • Information and data of all business operations • Evaluation and identification of key figures • Clear, previously drawn-up emergency plan • Backups of the entire data base Page 34 of 156 © 08/2011 Reichle & De-Massari AG R&M Data Center Handbook V2.0
Page 1 and 2: R&M Data Center Handbook
Page 3 and 4: www.datacenter.rdm.com Table of Con
Page 5 and 6: www.datacenter.rdm.com 4. Appendix
Page 7 and 8: www.datacenter.rdm.com File Server
Page 9 and 10: www.datacenter.rdm.com Storage Arch
Page 11 and 12: www.datacenter.rdm.com • Yahoo!:
Page 13 and 14: www.datacenter.rdm.com Cabinet syst
Page 15 and 16: www.datacenter.rdm.com 1.10. Energy
Page 17 and 18: www.datacenter.rdm.com 1.12. Securi
Page 19 and 20: www.datacenter.rdm.com In general,
Page 21 and 22: www.datacenter.rdm.com 2. Planning
Page 23 and 24: www.datacenter.rdm.com Typology bas
Page 25 and 26: www.datacenter.rdm.com 2.2.2. Class
Page 27 and 28: www.datacenter.rdm.com For cabling
Page 29 and 30: www.datacenter.rdm.com 2.3.2. IT Ri
Page 31 and 32: www.datacenter.rdm.com • IT Basel
Page 33: www.datacenter.rdm.com Depending on
Page 37 and 38: www.datacenter.rdm.com The followin
Page 39 and 40: www.datacenter.rdm.com Moreover, th
Page 41 and 42: www.datacenter.rdm.com 2.4.3. Expec
Page 43 and 44: www.datacenter.rdm.com There are se
Page 45 and 46: www.datacenter.rdm.com 2.5. Aspects
Page 47 and 48: www.datacenter.rdm.com 3. Data Cent
Page 49 and 50: www.datacenter.rdm.com ENI: Externa
Page 51 and 52: www.datacenter.rdm.com 3.1.4. TIA-9
Page 53 and 54: www.datacenter.rdm.com Individual a
Page 55 and 56: www.datacenter.rdm.com 3.3. Network
Page 57 and 58: www.datacenter.rdm.com Aggregation
Page 59 and 60: www.datacenter.rdm.com The differen
Page 61 and 62: www.datacenter.rdm.com 3.4.2. End o
Page 63 and 64: www.datacenter.rdm.com 3.4.4. Two R
Page 65 and 66: www.datacenter.rdm.com In contrast
Page 67 and 68: www.datacenter.rdm.com 3.5. Data Ce
Page 69 and 70: www.datacenter.rdm.com In buildings
Page 71 and 72: www.datacenter.rdm.com Higher tempe
Page 73 and 74: www.datacenter.rdm.com The server c
Page 75 and 76: www.datacenter.rdm.com Tray The adv
Page 77 and 78: www.datacenter.rdm.com Fire and Lig
Page 79 and 80: www.datacenter.rdm.com Vandalism, T
Page 81 and 82: www.datacenter.rdm.com Server (Sing
Page 83 and 84: www.datacenter.rdm.com The key perf
Page 85 and 86:
www.datacenter.rdm.com Storage Solu
Page 87 and 88:
www.datacenter.rdm.com Router A rou
Page 89 and 90:
www.datacenter.rdm.com A GBIC modul
Page 91 and 92:
www.datacenter.rdm.com 3.6.6. Trend
Page 93 and 94:
www.datacenter.rdm.com Classic Stru
Page 95 and 96:
www.datacenter.rdm.com 3.7.3. Trend
Page 97 and 98:
www.datacenter.rdm.com Layer 1 - Ph
Page 99 and 100:
www.datacenter.rdm.com Although the
Page 101 and 102:
www.datacenter.rdm.com All optical
Page 103 and 104:
www.datacenter.rdm.com Trend Server
Page 105 and 106:
www.datacenter.rdm.com 3.8.4. Fibre
Page 107 and 108:
www.datacenter.rdm.com The InfiniBa
Page 109 and 110:
www.datacenter.rdm.com Shortest Pat
Page 111 and 112:
www.datacenter.rdm.com 3.9.1 Coax a
Page 113 and 114:
www.datacenter.rdm.com Since old ca
Page 115 and 116:
www.datacenter.rdm.com The closenes
Page 117 and 118:
www.datacenter.rdm.com R&M’s visu
Page 119 and 120:
www.datacenter.rdm.com The followin
Page 121 and 122:
www.datacenter.rdm.com As already m
Page 123 and 124:
www.datacenter.rdm.com According to
Page 125 and 126:
www.datacenter.rdm.com Summary Desp
Page 127 and 128:
www.datacenter.rdm.com Two examinat
Page 129 and 130:
www.datacenter.rdm.com The criteria
Page 131 and 132:
www.datacenter.rdm.com Adapters The
Page 133 and 134:
www.datacenter.rdm.com Method R Met
Page 135 and 136:
www.datacenter.rdm.com Methode B Re
Page 137 and 138:
www.datacenter.rdm.com PD Operation
Page 139 and 140:
www.datacenter.rdm.com The investig
Page 141 and 142:
www.datacenter.rdm.com Thanks to th
Page 143 and 144:
www.datacenter.rdm.com The permanen
Page 145 and 146:
www.datacenter.rdm.com The intersec
Page 147 and 148:
www.datacenter.rdm.com Alien crosst
Page 149 and 150:
www.datacenter.rdm.com The Cat. 7 A
Page 151 and 152:
www.datacenter.rdm.com With the “
Page 153 and 154:
www.datacenter.rdm.com Stress condi
Page 155 and 156:
www.datacenter.rdm.com Immunity aga
Page 157 and 158:
www.datacenter.rdm.com 4. Appendix
show all

R&M Data Center Handbook

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?