The goal of eco is to support the commercial use of the Internet.

Without specialist knowledge, individuals and companies who want to take advantage of data center services are often unable to objectively assess the performance, the facilities, or the organizational and technical measures provided by the operator of the data center in question.

As a result, there is often uncertainty about what data center, providing which services, should be chosen for the planned or already operating business model.

The goal of the project “eco Datacenter Star Audit” (DCSA) is therefore to avoid these uncertainties through the auditing of data centers. The audit provides the data canter with an assessment based on a pre-determined and published set of criteria.

The quality of service of the data center can then be determined from the results of the audit.

The eco Datacenter Star Audit Version 3.0 is a completely new audit, revised in 2013, which replaces the previous Version 2.0.

As a result of the complete revision of the audit, the results obtained in this certification are not comparable to those from older versions.

In the eco DCSA Version 3.0, data centers are assessed by at least two independent auditors according to predetermined criteria and assessment matrixes. The focus of the audit remains on the areas availability and security in data centers.

The assessment incorporates three different constituents:
1. The Redundancy Concept
2. The points achieved in each of the four categories of the questionnaire:

• Organizational Security
• Structural Building Security
• Supply Security
• Technical Security

3. Presentation of the required documentation

The results of the certification are reflected in a star rating. The number of stars awarded indicates what infrastructure and which measures are provided by the operator concerned, with regard to the availability and security of the operator’s data centers.

In Version 3.0, two separate audita are offered:

• Single Site – an individual data center is audited, and a certification of between 3 and 5 stars can be awarded.
• Interconnected Site – two (or more) connected data centers from one operator are audited. The variant Interconnected Site has as prerequisite a Single-Site assessment for each data center. A result of 4 or 5 stars can be awarded. The audit can be extended to include further data centers from the given operator.

What do hotels have in common with data centers? – They are both classified with three, four or five stars, and this symbol characterizes not only what they offer, but also their target group.

When choosing a hotel, a potential guest often weighs up whether or not they are likely to make use of the services offered. For an overnight stay on a business trip, a 3-star hotel might be enough, but for a holiday, the traveler would probably prefer the comfort of a 4 or 5-star resort.

With the classification of data centers, we decided on “stars” as symbols, in order to provide the potential customers of a data center with an easily understandable tool for orientation.

In the Version 3.0, the classification of a data center incorporates several constituents.

The smallest common denominator from all the constituents and categories determines the overall result. The results in individual categories are also listed on the Audit Certificate, alongside the overall classification. As a result, the service offered is discernible at a glance, with regard to availability and security.

If particularly energy-efficient systems, strategies and measures are used in a data center, a so-called “green” star (Approved Energy Efficient Data Center) can be awarded by the auditors. This can be found on the bottom left of the Audit Certificate.

What level of certification a data center operator should aim at, and how many stars a potential customer requires, can not always be clearly determined.

Here are a few considerations to bear in mind:

• A data center certified with 3 stars already offers adequate security and availability. A first point of failure is covered, and in the event of power failure, there is an emergency power supply available. A back-up solution in another data canter is advisable. It makes sense to take all of the results in the individual categories into consideration when making a decision.
• If a data center has been awarded 4 stars, this means that maintenance of essential components is possible during operation, and a high level is guaranteed in the security categories. These data centers are, as a result of their structure, very complex and require an experienced and well-rehearsed team. A back-up strategy is in any case necessary.
• 5-stars demonstrates redundancy of all components, which means a large investment. In these data centers, a second point of failure is also covered, so that very high security and availability can be contractually agreed upon.
• With the Interconnected Site Audit it is possible for two individual 3-star data centers (under specific conditions) to, in combination, receive a 5-star Interconnected Site rating – an ideal condition for a Two-Location Strategy.

The eco DCSA is suitable for any company which operates data centers. The size of the IT area is not relevant, but rather that the minimum requirements for technical components (Redundancy Concept) and security are fulfilled.

The Audit is now also appropriate for operators who are renting the space to be audited from a Colocation provider.

For the Datacenter Star Audit (DCSA), the following standard packages are offered:

Further services can be individually agreed upon.

The Preparatory Workshop includes the following services:

If only one data center is to be audited, then this service package should be chosen. This service package is for first-time DCSA Audits, as well as for data centers whose DCSA License Renewal is more than 3 months overdue.

A DCSA License is valid for 24 months from the date of audit. The date of audit is the day on which the audit result and the classification is announced to the data center operator.

The service package includes the following services:

An Interconnected Site Audit encompasses the following steps

• DCSA Single Site audit for two (or more) of the customer's data centers
• Additional DCSA Audit - Interconnected Site for these data centers

This service package can also be applied to more than two data centers. This service package is for first-time DCSA Audits, as well as for Datacenters whose DCSA License Renewal is more than 3 months overdue.

A DCSA License is valid for 24 months from the date of audit. The date of audit is the day on which the audit result and the classification is announced to the Datacenter operator.

The service package includes the following services:

The DCSA-License is issued for 24 months. During this time and up to three months after the end of the time, a Follow-up Audit can be applied for. The services correspond to the Initial Audit - Single Site.

The DCSA-License is issued for 24 months. During this time and up to three months after the end of the time, a Follow-up Audit can be applied for. The services correspond to the Initial Audit - Interconnected Site.

The operator has the right to apply for a Revision Audit, with the purpose of improving the original audit result. This needs to be conducted within six months of the notification of the original audit result and rating.

The application for a Revision Audit is to be made to eco in writing within four weeks of the presentation of the audit report. The auditors will then produce a report which highlights the measures which would contribute to a higher star rating.

Those measures which are identified as obligatory must be fulfilled; the measures identified as optional precautions contribute to both an increase in the necessary points and an improvement in security.

The Revision Audit must be carried out within six months of the presentation of the audit report. The Revision Audit has no effect on the length of validity of the original audit. The Revision Audit can be undertaken several times in sequence.

In the case of an improvement in the audit result, the DCSA License will be awarded only after the Revision Audit.

The service package includes the following services:

The duration of a DCSA audit and certification is predominantly influenced by the length of time the contractor needs for completing the Request for Information questionnaire. We recommend fixing the dates in good time – in particular the on-site appointments for the auditors.

The following plan serves as a rough guide for both Single Site and Interconnected Site: