Skip to content

ISO/IEC 22237

Person steht in einem großen, beleuchteten Serverraum und blickt auf die Reihen von Servern.

The international standard for data centers

Appropriate measures must be taken to ensure the physical security and availability of IT infrastructures. In this context, the international standard ISO/IEC 22237 offers a holistic approach to the planning, construction and operation of data centres.

It provides planners, builders and operators of data centres with comprehensive guidelines in the form of various requirements.

Our experts provide comprehensive services to support you in planning, operating or expanding your data centre in a future-proof manner based on ISO/IEC 22237 in accordance with the current state of the art.

Overview of ISO/ IEC 22237

The international standard ISO/IEC 22237 (Information technology - Data centre facilities and infrastructures) creates the fundamental prerequisite for ensuring that data centres can be planned, built and operated according to the same principles worldwide in the future.

As an international sister to the European EN 50600 series of standards, ISO/IEC 22237 - together with ISO 30134 - takes a holistic approach to all aspects of data centre facilities and infrastructure. This includes requirements for availability and security (ISO 22237-x) as well as energy efficiency and sustainability (ISO 30134-x) of physical infrastructures.

To date, 5 of the 7 parts of the ISO/IEC 22237 series of standards have been published. Further parts are available as technical specifications (TS) and will be successively updated.

Structure and layout of the ISO/IEC 22237 series of standards

The requirements of ISO/IEC 22237 are currently divided into the following 7 parts:

  • ISO/IEC 22237-1: General concepts
  • ISO/IEC 22237-2: Building design
  • ISO/IEC 22237-3: Power supply
  • ISO/IEC 22237-4: Control of environmental conditions
  • ISO/IEC TS 22237-5: Telecommunications cabling infrastructure
  • ISO/IEC 22237-6: Security systems
  • ISO/IEC TS 22237-7: Information for management and operation

Parts 1, 2, 3, 4 and 6 have already been published. The other parts are currently available as technical specifications (TS) and will gradually be converted into officially valid standard parts. However, implementation will still take up to 2 years.

Availability classes: Overview of the 4 different classes

1

Availability class 1

Low availability. Design without redundancies on the basis of a supply path.

2

Availability class 2

Medium availability. Design with partial redundancies based on a supply path.

3

Availability class 3

High availability. Design with redundant components based on multiple supply paths. Solution for maintenance during operation.

4

Availability class 4

Very high availability. Designed with system redundancies based on multiple supply paths. Fault-tolerant, except during maintenance.

Protection classes & granularity levels according to ISO/IEC 22237

ISO/IEC 22237 distinguishes between up to 4 protection classes in various subject areas (unauthorised access, intrusion protection, fire protection and protection against internal and external environmental hazards). At least 3 protection classes for protection against unauthorised access must be created.

In addition, the standard differentiates between 3 levels of granularity that relate to the ability to operate energy-efficiently. The categorisation is based on measurements of the energy supply and the ventilation and air conditioning systems.

Target groups of ISO/IEC 22237

Our service portfolio is aimed at companies and organisations that want to bring their data centres up to the highest security and availability standards.

  • IT service providers and hosting providers
  • Colocation data centres
  • Companies with their own data centres (enterprise)
  • Financial institutions and banks
  • Healthcare organisations
  • Government authorities and public institutions
  • Telecommunications companies
  • Cloud service providers
  • Industrial companies with high data volumes

Advantages of ISO/IEC 22237

  • Customised design of the safety requirements through specifications based on the operator's own risk analysis
  • International recognition and comparability
  • Added value due to high level of familiarity, established method and high market acceptance

Services based on ISO/IEC 22237

Gruppe von Menschen bei einer Besprechung in einem modernen Büro mit großen Fenstern.

Workshops for data centers

Interesting facts about the testing, evaluation and certification of data centre infrastructures
Learn more
Person in Sicherheitsweste arbeitet an Bauplänen auf einem Tisch mit Bauhelm und Werkzeugen.

Location evaluation

Ensuring an optimal starting position for the data centre to be planned.
Learn more
Blick in einen modernen Serverraum mit langen Reihen von Server-Racks und einem Techniker, der die Systeme überprüft.

Planning assessment

Support during the planning and design of your data centre.
Learn more
Drei Bauingenieure in Sicherheitswesten und Helmen stehen auf einer Baustelle und betrachten gemeinsam einen Laptop und Baupläne.

Quality Gates (construction supervision)

Support during the construction phase with regular on-site inspections to ensure compliance with requirements.
Learn more
Techniker im Sicherheitshelm und Warnweste überprüft elektrische Schalttafeln in einem Kontrollraum.

Support during commissioning

Accompanying the commissioning of your data centre & carrying out integration tests for quality assurance.
Learn more
Person steht mit verschränkten Armen in einem Serverraum zwischen zwei Reihen von Server-Racks.

Conformity assessment / GAP analysis

Systematic identification of all potential risks and weaknesses of your data centre or IT service provider.
Learn more
Ein modernes Rechenzentrum mit mehreren Reihen von Server-Racks in einem hellen Raum.

Certification

Implementation of certification in accordance with Trusted Site Infrastructure (TSI), EN 50600 or ISO/IEC 22237.
Learn more

FAQ on ISO/IEC 22237

As ISO/IEC 22237 is still partly available in the form of technical specifications and is therefore still in the process of being harmonised, certification is currently only possible in accordance with the five parts that have already been published. The other parts of the standard will be successively updated.

Since the publication of the revision of TÜV NORD's own criteria catalogue TSI.STANDARD V4.5 on 01.07.2023, certification according to ISO/IEC has been offered as an optional module for TSI certification. The relevant requirements are worked out accordingly. The procedure is comparable to the EN 50600 certificate, which has also been available as an option in combination with the TSI certificate for several years.

You can therefore obtain a total of 3 certificates in one procedure: TSI, EN 50600 and ISO/IEC 22237.

Stand-alone certification to ISO/IEC 22237 alone is not possible.

Certification based on ISO/IEC 22237 strengthens the trust of your customers and partners in the reliability of your data centre infrastructure. You benefit from greater reliability, international comparability and optimised operating processes - a real competitive advantage in regulated or data-intensive industries.

There is no catalogue of criteria available that maps the requirements of ISO/IEC 22237 in isolation. However, the test criteria are included in the TSI.STANDARD and the TSI.EN50600. The TSI.STANDARD is available free of charge. You can obtain a digital copy here: Request catalogue

Since 2016, conformity with EN 50600 can also be tested and confirmed with the TSI.STANDARD. Parts 1, 2, 3 and 4-2 of EN 50600 have been fully adapted and integrated into the catalogue. With the publication of TSI.STANDARD V4.5 and TSI.EN50600 V3.0, an ISO/IEC 22237-specific supplementary test is also possible. Conformity with the five published parts of the standard (ISO/IEC 22237 parts 1, 2, 3, 4 and 6) is confirmed by means of an additional certificate. In this way, the data centre operator can obtain three certificates at once: TSI, EN 50600 and ISO/IEC 22237.

While ISO/IEC 22237 focuses on the quality and availability of an infrastructure, ISO 27001 focusses on general information security and serves as a guideline for setting up an information security management system (ISMS). Both standards therefore cover different topics and requirements and complement each other.

Even though ISO/IEC 22237 is based on EN 50600 and many requirements are the same, the two standards differ in some details. We will be happy to provide you with information on this as part of a workshop or our data centre training courses.

Overview of other standards for data centers

Moderne Glasgebäude mit Spiegelung von Bäumen im Sonnenlicht.

TSE.STANDARD

The TSE.STANDARD contains requirements for the energy efficiency of data centres according to the maturity model.
Learn more
Blick in einen modernen Serverraum mit mehreren Reihen von Server-Racks und heller Beleuchtung.

EN 50600

The European data centre standard DIN EN 50600 uses a holistic approach to set comprehensive specifications for the planning, construction and operation of data centres.
Learn more
Person steht in einem großen, beleuchteten Serverraum und blickt auf die Reihen von Servern.

ISO/IEC 222373

As the international equivalent to EN 50600, ISO/IEC 22237 creates the basic prerequisite for ensuring that data centres can be planned, built and operated according to the same principles worldwide.
Learn more

Kontakt Deutschland

Mario Lukas

Lead Sales & Business Development
Tel.: +49-201-8255-567 / sales.datacenter@tuev-nord.de

Contact International

You may also be interested in

IT-Spezialisten überwachen globale Netzwerksysteme in einem Kontrollzentrum mit mehreren Bildschirmen.
Certification of alarm receiving centres
Moderne Glasgebäude mit Spiegelung von Bäumen im Sonnenlicht.
Energy efficiency of data centres
Gruppe von Personen arbeitet in einem modernen Büro mit Computern und Bildschirmen.
ISO 27001
Person beugt sich über ein Waschbecken und schöpft Wasser aus einem Wasserhahn.
CRITIS