Not all Tiers are equal
Uptime Institute Certification for Data Centers are between most recognized in the market, and, often, are exhibited by holders with proud. Who do not have heard something like: "Our DC is Tier III / III+ / IV certified! So it is really secure…”
And, obviously, to this statement, how raise any doubt? Well, at least, we must have one, what type of certification do you hold? In fact, Uptime Institute issues four types of certifications:
- Planning
- Design Documents
- Construction
- Operational Sustainability
Planning certifications take into account availability, reliability, capacity and performance requirements, together with growth horizon, analyzing business drives and, also, location selection, architecture, mechanic and support infrastructures.
Design certifications confirm functionality and capacity identified in engineering and architecture specifications. These certifications assure that plans have been defined to meet availability goals through analysis of mechanic, eletectric, structure and location elements following the Uptime document about Topology.
Construction certifications assure that facilites have been build up as they were designed, and they verified that they are able to meet the availability requirements established. For this certification, DC needs to demonstrate in real conditions, together with validations their performance according to defined goals.
And, finally, operational sustainability certifications analyze operations in the entire DC lyfe-cicle. These certifications take into account the elements that could impact availability in the long term: management & operations, building characteristics, and site location, assuring that operations are alligned with organization business objectives, availability expectations and the mission.
So, next time that some argues that her DC is Tier-whaterver, at lest, ask her what type of certification it is, because, unless DC holds a Operational Sustainability certification, you only could infere hints of how well they run their DC, but it could not be the real situation.
For this reason, LEET Security ratings analyze services as they are operated, because what makes sense is that users could assess security controls implemented in services, not the security measures that were planned, designed or those that were implemented some time in the past, but they are not longer current.