ISO/IEC 22237-6:2024

International
Standard
ISO/IEC 22237-6
First edition
Information technology —
2024-02
Data centre facilities and
infrastructures —
Part 6:
Security systems
Technologie de l’information — Installation et infrastructures de
centres de traitement de données —
Partie 6: Systèmes de sécurité
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 2
3.1 Terms and definitions .2
3.2 Abbreviated terms .3
4 Conformance . 3
5 Physical security . 3
5.1 General .3
5.2 Risk analysis and management.4
5.3 Designation of data centre spaces: Protection Classes .5
6 Protection against unauthorized access . 5
6.1 General .5
6.1.1 Data centre configuration .5
6.1.2 Protection Classes .5
6.1.3 Protection Classes of specific infrastructures .8
6.1.4 Levels for access control .8
6.2 Access to the data centre premises .8
6.2.1 Premises with external physical barriers .8
6.2.2 Premises without external physical barriers .9
6.2.3 Roofs .10
6.2.4 Access routes .10
6.2.5 Parking .11
6.2.6 Employees and visitors .11
6.2.7 Pathways . 12
6.2.8 Cabinets, racks and frames . 12
6.3 Implementation . . 12
6.3.1 Protection Class 1 . 12
6.3.2 Protection Class 2 . 13
6.3.3 Protection Class 3 .14
6.3.4 Protection Class 4 .14
7 Protection against intrusion to data centre spaces .15
7.1 General . 15
7.2 Level for the detection of intrusion . 15
7.3 Implementation . .16
7.3.1 Protection Class 1 .16
7.3.2 Protection Class 2 .16
7.3.3 Protection Class 3 .17
7.3.4 Protection Class 4 .18
8 Protection against internal fire events (fire events igniting within data centre spaces) .18
8.1 General .18
8.1.1 Protection Classes .18
8.1.2 Fire compartments and barriers .19
8.1.3 Fire detection and fire alarm systems . 20
8.1.4 Fixed firefighting systems . 20
8.1.5 Portable firefighting equipment . 23
8.2 Implementation . 23
8.2.1 Protection Class 1 . 23
8.2.2 Protection Class 2 . 23
8.2.3 Protection Class 3 . 23
8.2.4 Protection Class 4 . 23

© ISO/IEC 2024 – All rights reserved
iii
9 Protection against internal environmental events (other than fire within data centre
spaces) .23
9.1 General . 23
9.2 Implementation . .24
9.2.1 Protection Class 1 .24
9.2.2 Protection Class 2 .24
9.2.3 Protection Class 3 .24
9.2.4 Protection Class 4 . 25
10 Protection against external environmental events (events outside the data centre
spaces) .25
10.1 General . 25
10.2 Implementation . . 26
10.2.1 Protection Class 1 . 26
10.2.2 Protection Class 2 . 26
10.2.3 Protection Class 3 .27
11 Systems to prevent unauthorized access and intrusion .27
11.1 General .27
11.2 Technology . 28
11.2.1 Security lighting . 28
11.2.2 Video surveillance systems . 28
11.2.3 Intruder and holdup alarm systems . 29
11.2.4 Access control systems . 29
11.2.5 Event and alarm monitoring . 30
Annex A (informative) Pressure relief: additional information .31
Bibliography .33

© ISO/IEC 2024 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 39, Sustainability, IT and data centres.
This first edition cancels and replaces ISO/IEC TS 22237-6:2018, which has been technically revised.
The main changes are as follows:
— a new Clause 7, "Protection against intrusion to data centre spaces", has been added. Clause 6 has been
restructured accordingly;
— references to relevant provisions of ISO/IEC 22237-2 have been added to highlight the respective links to
constructional requirements.
A list of all parts in the ISO/IEC 22237 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
v
Introduction
The unrestricted access to internet-based information demanded by the information society has led to an
exponential growth of both internet traffic and the volume of stored/retrieved data. Data centres house
and support the information technology and network telecommunications equipment for data processing,
data storage and data transport. They are required both by network operators (delivering those services to
customer premises) and by enterprises within those customer premises.
Data centres need to provide modular, scalable and flexible facilities and infrastructures to easily
accommodate the rapidly changing requirements of the market. In addition, energy consumption of data
centres has become critical, both from an environmental point of view (reduction of carbon footprint), and
with respect to economic considerations (cost of energy) for the data centre operator.
The implementation of data centres varies in terms of:
a) purpose (enterprise, co-location, co-hosting or network operator facilities);
b) security level;
c) physical size; and
d) accommodation (mobile, temporary and permanent constructions).
NOTE Cloud services can be provided by all data centre types mentioned.
The needs of data centres also vary in terms of availability of service, the provision of security and the
objectives for energy efficiency. These needs and objectives influence the design of data centres in terms of
building construction, power distribution, environmental control, telecommunications cabling and physical
security. Effective management and operational information are required to monitor achievement of the
defined needs and objectives.
The ISO/IEC 22237 series specifies requirements and recommendations to support the various parties
involved in the design, planning, procurement, integration, installation, operation and maintenance of
facilities and infrastructures within data centres. These parties include:
1) owners, operators, facility managers, ICT managers, project managers, main contractors;
2) consultants, architects, building designers and builders, system/installation designers, auditors, test
and commissioning agents;
3) suppliers of equipment; and
4) installers, maintainers.
The inter-relationship of the various documents within the ISO/IEC 22237 series at the time of publication is
shown in Figure 1.
© ISO/IEC 2024 – All rights reserved
vi
Figure 1 — Schematic relationship between the documents of the ISO/IEC 22237 series
ISO/IEC 22237-2 to ISO/IEC 22237-6 specify requirements and recommendations for particular facilities
and infrastructures to support the relevant classification for “availability”, “physical security” and “energy
efficiency enablement” according to ISO/IEC 22237−1.
This document, ISO/IEC 22237-6, addresses the physical security of facilities and infrastructure within data
centres together with the interfaces for monitoring the performance of those facilities and infrastructures
in line with ISO/IEC TS 22237-7 (in accordance with the requirements of ISO/IEC 22237-1).
ISO/IEC TS 22237-7 addresses the operational and management information (in accordance with the
requirements of ISO/IEC 22237-1.
This document is intended for use by and collaboration between architects, building designers and builders,
system and installation designers and security managers, among others.
The ISO/IEC 22237 series does not address the selection of information technology and network
telecommunications equipment, software and associated configuration issues.

© ISO/IEC 2024 – All rights reserved
vii
International Standard ISO/IEC 22237-6:2024(en)
Information technology — Data centre facilities and
infrastructures —
Part 6:
Security systems
1 Scope
This document specifies requirements and recommendations concerning the physical security of data
centres based on the criteria and classifications for “availability”, “security” and “energy efficiency
enablement” within ISO/IEC 22237-1.
This document provides designations for the data centre spaces defined in ISO/IEC 22237-1.
This document specifies requirements and recommendations for such data centre spaces, and the systems
employed within those spaces, in relation to protection against:
a) unauthorized access addressing organizational and technological solutions;
b) intrusion;
c) internal fire events igniting within data centre spaces;
d) internal environmental events (other than fire) within the data centre spaces which would affect the
defined level of protection;
e) external environmental events outside the data centre spaces which would affect the defined level of
protection.
NOTE Constructional requirements and recommendations are provided by reference to ISO/IEC 22237-2.
Safety and electromagnetic compatibility (EMC) requirements are outside the scope of this document and
are covered by other standards and regulations. However, information given in this document can be of
assistance in meeting these standards and regulations.
Conformance of data centres to the present document is covered in Clause 4.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 22237-1, Information technology — Data centre facilities and infrastructures — Part 1: General
concepts
ISO/IEC 22237-2, Information technology — Data centre facilities and infrastructures — Part 2: Building
construction
ISO/IEC 22237-3, Information technology — Data centre facilities and infrastructures — Part 3: Power
distribution
ISO/IEC 22237-4, Information technology — Data centre facilities and infrastructures — Part 4: Environmental
control
© ISO/IEC 2024 – All rights reserved
IEC 60839-11-1, Alarm and electronic security systems — Part 11-1: Electronic access control systems — System
and components requirements
IEC 60839-11-2, Alarm and electronic security systems - Part 11-2: Electronic access control systems - Application
guidelines
IEC 62305 (all parts), Protection against lightning
IEC 62676-1-1, Video surveillance systems for use in security applications — Part 1-1: System requirements —
General
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 22237-1 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1.1
authorized person
person having been assessed and subsequently provided with access credentials to specific areas within the
data centre
3.1.2
forcible threat
threat exhibited by physical force
3.1.3
frame
open construction, typically wall-mounted, for housing closures and other information technology
equipment
3.1.4
free-standing barrier
wall, fence, gate, turnstile or other similar self-supporting barrier, and their associated foundations, designed
to prevent entry to a space of a given Protection Class
[SOURCE: ISO/IEC 22237-2:2024, 3.1.2]
3.1.5
hold time
time during which a concentration of fire extinguishant is maintained at an effective level with the space
being protected
3.1.6
information technology equipment
equipment providing data storage, processing and transport services together with equipment dedicated to
providing direct connection to core and/or access networks
3.1.7
make-up air
air introduced into a data centre space to replace air that is exhausted through ventilation or combustion
processes
© ISO/IEC 2024 – All rights reserved
3.1.8
rack
open construction, typically self-supporting and floor-mounted, for housing closures and other information
technology equipment
3.1.9
residual risk
remaining risk(s) posed to the data centre assets requiring protection following the deployment of
appropriate countermeasures
3.1.10
surreptitious attack
compromise of an asset via logical or physical means with the objective that the attack remains undetected
3.1.11
surreptitious threat
threat of a surreptitious attack by entities via logical or physical means leading to the compromise of that
asset
3.2 Abbreviated terms
For the purposes of this document, the abbreviated terms given in ISO/IEC 22237-1 and the following apply.
EMC electromagnetic compatibility
I&HAS intruder and holdup alarm systems
VSS video surveillance system
4 Conformance
For a data centre to conform to this document:
1) the required Protection Classes of Clause 5 shall be applied to each of the spaces of the data centre
according to the risk analysis of 5.2;
2) the requirements of the relevant Protection Class of Clauses 6, 7, 8, 9 and 10 shall be applied;
3) the systems to support the requirements of Clause 6 shall be in accordance with Clause 11.
5 Physical security
5.1 General
The degree of physical security applied to the facilities and infrastructures of a data centre has an influence
on both the availability of the data centre and the integrity/security of the data stored and processed within,
the data centre.
Subclause 5.3 provides minimum requirements for the data centres spaces defined in ISO/IEC 22237-1. The
requirements and recommendations for those data centre spaces, and the systems employed within those
spaces, address protection against:
a) unauthorized access (see Clause 6);
b) intrusion (see Clause 7);
c) fire events originating within data centres spaces (see Clause 8);
d) environmental events (other than fire) within the data centre spaces which would affect the defined
level of protection (see Clause 9);

© ISO/IEC 2024 – All rights reserved
e) environmental events outside the data centre spaces which would affect the defined level of protection
(see Clause 10).
Constructional requirements for walls and penetrations are provided in ISO/IEC 22237-2 and relevant cross-
references are provided throughout this document.
5.2 Risk analysis and management
The requirements for security should be determined:
— by the organization responsible for data centre assets;
— following a risk assessment based on the threats posed to the data (and the “classification” of the data)
and the processes hosted by the data centre. See ISO/IEC 22237-1 for further information regarding risk
assessment methodologies.
Figure 2 illustrates the concept of the risk analysis and management and is described as follows:
a) asset value analysis: a classification (“native”, or “raised” due to the effects of data aggregation) of the
assets should be determined at an early stage, so that it is possible to deploy appropriate protection
countermeasures;
b) likelihood analysis: the probability of some form of attack against the protected assets;
c) forcible threat and surreptitious threat analysis: for example, posed by unauthorized access to the
assets resulting in loss or unavailability of the assets;
d) vulnerability analysis: for example, inadequate physical security or technical controls of the hosted
data.
Figure 2 — Risk analysis and management concepts
These four items are analysed to identify the baseline risk posed to the data centre. Management of the
identified baseline risk employs appropriate technical, physical and procedural countermeasures or a
combination thereof at the appropriate security level.
Following the deployment of baseline countermeasures, further decisions shall be taken relating to the
residual risk(s) as follows, driven by the acceptance of risk of the asset owner:
1) toleration — the remaining risk(s) are accepted and no additional countermeasures deployed;
2) treatment — additional measures are deployed to counter the remaining risk(s);
3) transferral — the risk(s) are transferred to another party, for example obtaining additional insurance
cover to mitigate the risk(s);
4) termination — the activity posing the risk is terminated.

© ISO/IEC 2024 – All rights reserved
5.3 Designation of data centre spaces: Protection Classes
A data centre space can be accommodated in buildings, or other structures external to buildings, and can be
dedicated to a particular data centre infrastructure, e.g. generator space or transformer space.
There is no concept of a data centre of a given Protection Class.
Each data centre space, independent of the size or purpose of the data centre, is designated as being of a
particular Protection Class with reference to each of the aspects in a) to e) of 5.1.
The Protection Class of a given space does not need to be the same for all aspects. For example, a generator
within an isolated structure does not need a fire compartment but requires protection against both
unauthorized access and intrusion.
The Protection Classes address the following aspects:
a) protection against unauthorized access;
b) protection against intrusion to data centre spaces;
c) protection against internal fire events igniting within data centre spaces;
d) protection against internal environmental events (other than fire) within data centre spaces;
e) protection against external environmental events outside the data centre spaces.
Each of these aspects are independent of each other. Protection Classes are not required to be aligned
between aspects.
In addition, the risk analysis of 5.2 together with the construction and configuration of the data centre
described in 6.2 will require the spaces of the data centre to be defined in terms of Protection Class for each
aspect of security.
The Protection Class system operates horizontally and vertically (e.g. risers, lift shafts, stair wells, atriums,
light-wells) for the buildings and structures.
6 Protection against unauthorized access
6.1 General
6.1.1 Data centre configuration
The facilities and infrastructures of the data centre may be accommodated in part, or all, of a single building
or structure within the premises or may be distributed across several buildings or structures.
The implementation of barriers between areas of different Protection Classes in terms of protection
against unauthorized access is based on their physical construction. The protection can be supplemented
by technical and organizational measures. For example, free-standing barriers, external or internal walls
of buildings, together with doors and other ducts, may be equipped with appropriate technical security
systems (see Clause 11) and supplemented by appropriate organizational processes.
6.1.2 Protection Classes
This document defines four Protection Classes in relation to access to spaces accommodating the elements
of the different facilities and infrastructures, as detailed in Table 1.

© ISO/IEC 2024 – All rights reserved
Table 1 — Protection Classes against unauthorized access
Type of protection Class 1 Class 2 Class 3 Class 4
Area restricted to
Area restricted to specified employees
specified employees and tenants who have
and tenants (visitors an identified need to
Area that is accessi-
and other persons have access (visitors
Protection against Public or semi-public ble to all authorized
with access to Class 2 and other persons
unauthorized access area. persons (employees,
shall be accompanied with access to Class 2
tenants and visitors).
by persons author- or Class 3 areas shall
ized to access Class 3 be accompanied by
areas). persons authorized to
access Class 4 areas).
The Protection Classes feature increasing levels of access control. The areas of the data centre requiring the
greatest physical protection against unauthorized access will be accommodated in spaces with the highest
Protection Class. Further guidance can be found in the IEC 60839-11 series.
As a fundamental principle:
a) authorized persons have access to specific areas (or groups of areas) of a given Protection Class;
b) authorized persons able to access specific areas (or groups of areas) of a given Protection Class do not
have automatic access to all areas of a lower Protection Class.
This subclause defines the rules for implementing such Protection Classes.
The access to spaces and systems shall be limited to the inevitable necessary operative minimum. This
applies to the aspects of spaces, time, personnel and knowledge. Physical security shall be implemented
according to the philosophy shown schematically in Figure 3, referred to as the “onion skin” or “defence in
depth” approach/model.
Figure 3 — Protection Classes within the 4-layer physical protection model
In order to be applicable to more general implementations of data centres, the simplistic model of Figure 3
can be visualized as a series of Protection Class islands as shown in Figure 4.

© ISO/IEC 2024 – All rights reserved
Figure 4 — Protection Class islands
Subclause 5.3 provides examples of the Protection Classes applied to data centre spaces but the technological
solutions for the control of unauthorized access vary across the particular data centre spaces within a
Protection Class.
All elements of the border/barrier of an area with a given Protection Class shall have the same level of
resistance to unauthorized access. Where the data centre infrastructures specified in ISO/IEC 22237-2
to ISO/IEC 22237-6 cross boundaries from one Protection Class to another, they shall be provided with
protection suitable to the lower Protection Class interconnected as shown in Figure 5.
NOTE National or local regulations can prevent security measures from being applied to pathways (e.g.
maintenance holes, etc.) for infrastructures external to the premises.
Figure 5 — Connections between Protection Class islands
Access control systems of a given Protection Class should be managed from areas with the same or higher
Protection Class.
Pathways of the data centre infrastructures (e.g. power supply, environmental control and
telecommunications cabling) shall be designed to prevent unauthorized passage between areas of different
Protection Class.
Data centres and their complementary functions of technical infrastructure shall be organized in areas
which mirror the needs of security, safety and availability of the data centre, and which match the assumed
risks and protection goals.
© ISO/IEC 2024 – All rights reserved
The risk-bearing elements of the data centre should be located as far from the public or other unauthorized
personnel as possible. Where this is not practicable, additional protection measures can be required as
determined by the output of the risk assessment process or the site security assessment.
6.1.3 Protection Classes of specific infrastructures
The requirements for the Protection Class which shall be applied to the elements of the following facilities
and infrastructures within the data centre are defined in:
a) ISO/IEC 22237-3 for the power distribution system;
b) ISO/IEC 22237-4 for the environmental control system;
NOTE Relevant requirements are also intended to be included in a future edition of ISO/IEC TS 22237-5 for the
telecommunications cabling infrastructure.
6.1.4 Levels for access control
Table 2 describes four levels for access control to data centre spaces. The appropriate solution shall be
specified to allow the crossing of the boundary of each Protection Class. Information in 11.2.4 provides
details of the functionality options which can be applied.
Table 2 — Examples for access control
Security level Access control intensity Examples
1 (low) Manual access control (no Mechanical key and lock plus manual access log
automation)
2 (medium) Automated access control Using an electronic ID medium (e.g. card or other ID token) plus elec-
with single Factor authen- tronic access log
tication
3 (high) Automated access control Using an electronic ID medium (e.g. card or other ID token) together
with two Factor authenti- with another factor (e.g. PIN or biometry) plus electronic access log
cation
4 (very high) Enforced automated access Solutions to enforce the prevention of unregistered or unauthorized
control access or piggy-backing in addition to security level 3
NOTE Wearing a visible badge is possible for all security levels.
6.2 Access to the data centre premises
6.2.1 Premises with external physical barriers
If the premises are provided with an external physical barrier that provides a demarcation of Protection
Class 1, then, as shown in the example of Figure 6:
1) the number of penetrations of the boundary of Protection Class 1 for personnel and vehicular access
shall be minimized;
2) the boundary of Protection Class 2 would represent the exterior walls and associated entrances of the
buildings and other structures comprising the data centre and its associated spaces;
3) the boundary of Protection Class 3 would represent the barrier between any entrances of buildings or
structures comprising the premises and the areas comprising the data centre and its associated spaces
(these spaces may be in separate buildings or structures of Protection Class 2);
4) the boundary of Protection Class 4 would represent the barrier between the entrance to the area
requiring Protection Class 3 and the area requiring Protection Class 4.

© ISO/IEC 2024 – All rights reserved
Key
1, 2, 3, 4 Protection Class 1 to 4
A, B, C buildings A, B, C
P premises boundary with physical barrier
Figure 6 — Example of Protection Classes applied to data centre premises with external barriers
6.2.2 Premises without external physical barriers
If the premises enable full and unrestricted public access to the boundaries of the building(s) or other
structures, the exterior walls (or other defined internal barrier) of the building(s)/structures(s) represent
the boundary of Protection Class 1. In such a case, as shown in the example of Figure 7:
1) the number of penetrations of the boundary of Protection Class 1 for personnel and vehicular access
shall be minimized and these should be considered as points of surveillance and access detection;
2) the boundary of Protection Class 2 would represent the barrier between any entrances of buildings or
structures comprising the premises and the areas comprising the data centre and its associated spaces
(these spaces may be in separate buildings or structures of Protection Class 1);
3) the boundary of Protection Class 3 would represent the barrier between the entrance to the designated
data centre space and the area requiring Protection Class 3;
4) the boundary of Protection Class 4 would represent the barrier between the entrance to the area
requiring Protection Class 3 and the area requiring Protection Class 4.

© ISO/IEC 2024 – All rights reserved
Key
1, 2, 3, 4 Protection Class 1 to 4
A, B, C buildings A, B, C
P premises boundary with physical barrier
Figure 7 — Example of Protection Classes applied to data centre premises without external barriers
6.2.3 Roofs
Appropriate barriers will be required to prevent unauthorized access to roof-top structures which
accommodate facilities or infrastructure requiring a higher Protection Class.
Where possible, access routes to the roof for purposes of maintenance and repair of the roof, roof-top
structures or infrastructure elements, shall be from within areas of Protection Class that are equal to the
highest Protection Class of the roof-top structures.
6.2.4 Access routes
6.2.4.1 Requirements
Access routes shall be clearly signed to separate employees and visitors from deliveries to the data centre.
Plans shall exist which address operation in situations where the primary access routes are unavailable.
6.2.4.2 Recommendations
Consideration should be given to any requirements for:
a) enhanced lighting on access approach routes;
b) hostile vehicle mitigation on data centre approach routes;
c) fences and other boundary controls;

© ISO/IEC 2024 – All rights reserved
d) secondary access route, in case the primary route becomes unavailable.
6.2.5 Parking
6.2.5.1 Requirements
The requirements of a given Protection Class address vehicular access to the premises co
...