Digiplex Header Image




Sub Navigation

Security, Risk Avoidance & Safety  


DigiPlex design standards provide a clear, consistent and comprehensive approach to physical and personnel security issues throughout DigiPlex data centres.
Security Specification

In terms of physical security, the primary concern for DigiPlex is the safety of staff, customers, visitors and other occupants within site facilities, together with the safety of internal and external plant, equipment and other assets (including hardware, software and data). 

Integrated security arrangements at sites include manned guarding, closed circuit television, controls at vehicular and pedestrian entrances and exits, passive architectural elements, pre-authorised access arrangements coupled with a range of state-of-the-art access control, surveillance and audit trail information. These help to minimise the incidence of detrimental activities and provide the means to analyse events after the fact, should this be necessary.


GENERIC SECURITY SPECIFICATION

13.2.1  Specification Purpose

The purpose of the DigiPlex  design standards is to provide a clear, consistent and comprehensive approach to physical and personnel security issues throughout DigiPlex data centres.  Although each site has specific and unique needs, our standards provide the design criteria to be applied to these needs.  Security issues and concerns related to individual sites are addressed during the planning and design phases of these facilities.

Recommendations for any  modifications, changes and/or exceptions to the standard designs are reviewed and approved by designated DigiPlex representatives.

General Conditions
DigiPlex specifications state the minimum acceptable characteristics for materials, equipment and workmanship, and define, in general terms, the operation of the computerised security system to be provided, installed and made fully operational by the selected vendors at DigiPlex facilities. The selected vendors have total ‘turnkey’ responsibility for ensuring the system is installed consistent with the manufacturer’s specifications and that all applicable fire, electrical and building codes and standards are met. 

DigiPlex policy is to purchase the security and access control, CCTV, alarm systems and subsystems for each site from a single vendor.  The selected vendor has the responsibility to ensure that all purchased equipment works as a system and that all components and software are fully functional and integrated in accordance with these specifications.  All equipment, software and materials provided are new and unused.  All components of the systems are installed in a workmanlike manner in strict adherence with the manufacturer’s specifications and applicable codes.

The selected vendors, as part of their responsibilities, provide all initial programming of the access control system, CCTV and related systems including employee databases, door and point name, CCTV titles and CCTV pre-positions

Security System Purpose and Architecture
The purpose of the system is to enhance physical security and provide management information to facilitate the operation of the facilities.  The access control system is administered locally and operates door locking devices (where applicable) both through the use of time schedules and proximity card readers, monitors door openings, monitors alarm points and reports alarm conditions, and permits the printing (to screen and printer) of management reports.

All alarm conditions report locally to the security and/or site operations centre.  All devices in these buildings are completely integrated, including alarm point programming, CCTV call-up and pre-position, card access database operation and management, locking and unlocking of doors, and related functions.  All security and CCTV system components utilise the facility’s standby power system and include anti-tamper alarms.

Perimeter Security Design
Each DigiPlex data centre site is designed and constructed to minimise the potential for intrusion into the buildings from the exterior or adjacent spaces and to detect intrusions into selected interior spaces.  Except for office, conference and lobby spaces, ground floor facilities are windowless

Walls abutting all customer ITH spaces are two-hour fire rated.  All penetrations are sealed to maintain this rating. 

Office and conference areas with glass windows are protected with acoustic glass break detectors.  All ground floor windows or those areas requiring ‘blackout’ (e.g. data centres) have window blinds fitted, as well as reflective window film.

Based on the orientation of the facility on the site, specified areas around the building are fitted with bollards to protect these areas from vehicles.  This includes, but is not limited to, security huts, telco rooms, cooling towers and utility service connections. Each site is individually evaluated for this need.

External Lighting Standards
Exterior lighting levels are consistent with local standards or code requirements.  Lighting in parking lots and walkways is a minimum of 3fc with a maximum ratio of 4:1 average to minimum fc ratio.

Lighting design is environment-based, encompassing the following principles:

  • 3fc – 5fc is required throughout surface parking areas and walkways
  • A photometric review is required for all sites prior to final light system design approval
  • Parking structures are individually addressed.

Perimeter Fencing, Turnstiles and Gates
Installation of a standard design and installed close mesh fence with barbed wire topping is required on all sites. Where an existing fence line on a site is fit for purpose it remains in situ.  Main vehicle entrance and exit gates are motorised and fitted with voice, camera or card reader systems linked to the security and/or operations room. 

All perimeter gates and turnstiles have intruder detection systems fitted.

Motion Detection
Exterior motion detectors are installed at:

    • All external doors
    • Critical utility areas (generators, cooling towers, fuel storage, etc.)
    • Parking lot entrances and/or gates
    • Outside the main entrance
    • Outside vehicle entrance gates

Motion detectors are used for CCTV call-up and pre-position.

Building Perimeter
Designated exterior doors are electronically monitored and viewable at both the security desk and the local operations centre through the use of closed circuit television cameras.

Designated exterior doors at which entry is permitted are equipped with a card reader, alarmed and monitored by CCTV cameras.

Exterior doors required only for emergency egress are configured according to local codes and equipped with fire alarm interfaced time-delay locks.  Alarm system contacts and signage are fitted.

Except where required by building operation or local code, exterior doors are not operable from the outside.   Hinge pins are welded or set to preclude removal. Anti-lever bolts are set into doors.   There are no exterior pulls or cylinders.

Lock and Key Standards
All locking hardware has interchangeable cores.

Keys are not issued to exterior doors. However, an emergency set is maintained in the site security office.

Operational key presses contain only the minimum keys required. 

All key issuing is documented through a key management system.

Keys to high security areas are not issued to data centre staff.  Access to these areas is by card only.   Emergency keys for high security areas are maintained in the security office.

Customer cabinet keys are held and controlled through the onsite security office.  The customer must supply an approved key holding and issuance list.

Panic Alarms
A limited number of panic alarms are included at each site.  Panic alarms alert the onsite security officer to significant security issues.  

Lobby and Shared Facility Access
Customers and other non-DigiPlex personnel are required to enter the site through the main entrance.  The entrance doors are electronically locked and monitored as described in this section.

The security desk is constructed to provide a physical barrier between the visitor and officer on duty.   Toughened laminate glass is used for all windows.   A pass-through permits the exchange of identification, keys and other small items.   The desk area below the pass-through is constructed to the same resistance as the laminate.

Customer Entry
Customer entry is permitted only through the main entrance, which is electronically locked at all times.  A proximity card reader permits access to this door by authorised DigiPlex employees, customers and contractors.

New and potential customers are required to use the intercom at the main entrance to speak with the on-duty security officer.

On entry to the lobby, customers are asked to exchange a valid form of identification for an interior access control (proximity) card.  Any keys that are required are issued against a pre-received and verified key allowance list.  All keys are signed for on receipt and signed back in at the issuing point.

Interior access control cards permit the customer to enter authorised areas only.

Access Control Principles
Electronic access control at each facility is layered to provide the highest level of security to those areas that provide operational and infrastructure support to DigiPlex and its customers.

Access Control System
Staff are permitted to enter the facility at designated doors only through the use of their access control card.

Upon presentation of an encoded card, the reader (or system) determines if the holder has a valid card for the particular reader on that day of the week and time of day.   If valid, the system permits access to the area and logs the transaction to disk.   All transactions are logged to both the access control system hard disk and printer.  The system is capable of tracking the activities of individual cards and creating alarm and/or watch conditions when these cards are used.

If the card is invalid, the system denies access and establishes an alarm condition in the security control centre, calling up and initiating CCTV pre-position (where appropriate) and logging to both the system disk and printer.  Tampering with a card reader, including removal from the wall, results in an alarm condition without unlocking the door.

Card readers are installed at doors in a manner consistent with environmental and aesthetic requirements.  All perimeter card readers and high security areas (e.g. data, colocation, meet-me rooms) are configured to require use of an authorised DigiPlex access control card.  Each site’s security operator has local control over the access control system. 

Access Control and Security System Design
The security vendor supplies a local CPU, printer, monitor, UPS, alarm interface hardware and software, network cards and all other hardware, software, materials and labour to install and make this system fully operational. 

DigiPlex staff administer and operate the system locally.

DigiPlex staff are able to  undertake the following activities :

    • Enrol individuals (cards) in the access control database
    • Terminate, suspend and/or modify card privileges
    • Establish and assign access levels
    • Establish and assign time of day schedules
    • Lock, shunt and unlock doors
    • Open and close vehicle gate(s)
    • Monitor, acknowledge, reset alarms
    • Enter response data for individual alarm conditions
    • Run reports including card reports, reader reports, alarm (event) reports and other standard reports
    • Program alarm interfaces and response plans
    • Perform administrative activities locally

All exterior and selected interior doors (including doors with card readers) are managed or monitored by this system and are equipped with alarm contacts.   All lock components are approved and designed for their intended purposes.   Installation is consistent with the manufacturer’s specifications and all applicable codes and standards.   Vendors have ensured that the installation of these devices is code-compliant. Wire is concealed in doorframes and buried in walls, as appropriate.   Conduit and/or wire mould (where permitted) is finished to match the wall on which it is placed.  In general, it is the intention to avoid using wire mould or exposed conduit, with exceptions made on a case-by-case basis.

All emergency exit stations are supervised.   Release of any door lock via an exit station results in an alarm condition reported back to the security office.

Each identified portal or doorway is provided with separate magnetic contacts and reports as an individual point to the security system.  Grouping of multiple points into a zone is not permitted.

Emergency lock release devices are fail-safe (ie, always permit free egress during emergencies but maintaining security from the outside) and are interfaced with the building fire alarm system to provide for emergency (automatic) release of locks when the building fire alarm system is activated.   Either header mounted magnetic locks or electric panic devices are utilised at the discretion of DigiPlex.

Card readers are installed inside and outside specified doors to facilitate controlled ingress and egress from these areas.

Reader and Card Technology
The access control system is based on proximity card readers.   Cards are the HID37 bit ISOProx II card.   All readers are properly suited for their intended environment and location.   Exterior readers are weather resistant.

Access Control and Security System Configuration
Alarms activated by components of the access control and alarm monitoring system are immediately reported locally to a monitor and printer at the facility’s security desk.

Alarm devices interface with other components of the site security and safety systems as required.

Upon activation of an alarm condition, a message describing the alarm is displayed at the security desk, preceded by an alert tone.   Staff on duty are required to manually acknowledge the alarm condition (other than specific non-acknowledgeable alarms) and, after doing so, are provided with a text description of actions to be initiated.  For audit purposes, the system logs user entered descriptions of actions taken.   The system has a complete audit trail of alarms, reader activity, user actions, alarm activity etc.

Each data-gathering panel is equipped with standby batteries sufficient to operate card readers, locks, infra-red detectors and other attached devices for a period of at least 4 hours.  Failures of back-up power and/or low battery indications are reported in the local monitoring location as separate trouble conditions.   Each data-gathering panel is also equipped with tamper switches reporting these alarm conditions to the operator console(s).

In the event of failure of the CPU or communications, readers operate in a degraded mode (where applicable), accepting or rejecting cards based on a database stored in the reader, controller, or data-gathering panel.  Each reader or data-gathering panel stores transactions in a buffer and uploads them when communications are restored.   A minimum of 500 transactions per reader can be stored.

HID MiniProx readers are used only where mullion mounting is required.   Prior approval for this is received from the DigiPlex security manager.

HID ProxPro Plus readers are used at vehicle gates.

Tampering with readers results in the initiation of a tamper alarm.

Typical Card Reader Locations
The following list is not exhaustive:

  • Main lobby entrance
    • Office area entrance from main lobby
    • Man trap from main lobby
    • Door of security office
    • Loading dock entrance and exit
    • Colocation area entrance from conference area
    • Colocation area to and from loading dock
    • Colocation area to and from UPS room
    • OMC entrance to and from data centre and/or colocation areas
    • Data centre from office area
    • Telco room from data centre
    • Colocation area to and from switch gear room
    • Network room from managed area
    • Managed area from colocation area (all doors)
    • Selected storage and set up areas
    • Vehicle gate entrances

Access Control and Other System Components
Vendors supply and install all hardware, software, modems, computers, materials, locking devices, required signage, alarm contacts, shunt devices (buttons, pulls and passive infra-red), intercoms, exit releases and system interfaces required to fully integrate these components and make the access control and alarm monitoring system fully operational.  All components are as specified by the system manufacturer.

Door Hardware, Locking Devices and Contacts
Vendors inspect and re-install electronic door hardware including magnetic locks, magnetic contacts and other locking devices, exit push buttons, readers, panic alarms, intercoms, alarm contacts and other components as required.   Systems comply with local and national building codes and requirements.

The colour graphics application in the access control system (where applicable) provides detailed floor plans of the area of specified alarm conditions, including icons indicating the location and type of alarm, exits and other special features. Vendors are responsible for entering initial floor plan graphics and alarm points into the system.

Interfacing of Systems
Where required, the access control system interfaces with the site fire alarm system and provides for the unlocking of exit doors in a manner consistent with all applicable building codes.  These auxiliary-locking systems are fail-safe and unlock, without delay, upon activation of the fire alarm system.  Vendors work with the fire alarm supplier to ensure operation of locking devices is code-compliant and that all equipment, wiring, programming, software and hardware needed are included in the system.

Except for reporting that a door has been unlocked, the interface between the access control system and the fire alarm system is transparent to the user and does not require any user action to unlock doors in the event of fire alarm conditions.

In the event a door is opened after being unlocked by activation of the fire alarm system, the access control system reports this alarm condition.   Door alarms are capable of being manually reset by staff at the security desk through keyboard commands.

Man Traps
‘Man traps’, where used, are designed and constructed to ensure that, except during manual over-ride by the security officer, failure is in the open position.  Man traps built as an integral structure have doors that cannot be opened at the same time. Man trap turnstiles turn to an approximate 45% rotation, thus allowing only one person through at a time.  All man traps have CCTV coverage.  Fire alarm interfaces are included in this part of the access control system.

Entry into a man trap is via an access control card reader.

Vehicle Gate Operation and Management
Vendors provide and install intercoms at the main and loading dock entrances and at each vehicle or pedestrian gate.   As dictated by the environment, intercoms are weather resistant.   Upon activation of the intercom, master stations at the security desk and the operations centre are able to communicate with the caller for access/egress verification.

Where vehicle gates are utilised, the security vendor has supplied and installed extended range HID card readers, intercoms and cameras.    Gates, gate operators, pads, conduit, safety interfaces, 120 VAC and concrete work are supplied by others, but the security vendor has supplied all required alarm contacts and I/O points needed to operate the gates manually from the security and/or reception desk and by card reader.

Closed Circuit Television
The access control and alarm monitoring system interfaces with the CCTV system and provides the necessary communication to call up appropriate cameras and initiate CCTV pre-position functions (where applicable).  The interface utilises a serial (or other appropriate software format) communication protocol to interface camera call-up and dome pre-position with alarm conditions.

Upon activation of an alarm point, the access control system communicates with the CCTV system, calling up and positioning camera(s) and activating output monitors, recording devices and the video transmission system.

The camera called up in an alarm condition is automatically recorded in real time mode.

CCTV tapes and or hard disk records are held for 31 days.

CCTV Configuration
The closed circuit television system provides continuous monitoring and recording of activities at entrances to the site, reception/waiting areas, within the facility and at other security sensitive areas of the site.

Security vendors have total turnkey responsibility for providing all equipment, materials, hardware, software, interfaces, programming, labour, materials and cabling required to make this system fully operational.

The system consists of the following major components:

    • The CCTV matrix switch is set up for both local and slave control.  Keyboards and monitors are provided for the operations centre and security desk with limited slave systems to reception.
    • The matrix switch is configured for the number of cameras and multiplexers installed.
    • Exterior high-speed dome cameras are installed within hardened weatherproof housings incorporating anti-tamper alarms. 
    • Interior high-speed dome cameras are mounted to suit the environment. Ceiling mounted cameras are preferred wherever possible.
    • Fixed dome interior cameras are mounted to suit the environment. Miniature domes are used wherever possible.

Installation includes all associated receivers, lenses, rack mounts, interior and exterior housings (heaters, sun shields, etc.), lightening protection, connectors, wire and cabling, fibre optic cable and equipment, multiplexes, quad splitters, hardware, firmware and software required to operate the system as described within this document.  Vendors supply all components, materials and programming required to make the system fully operational as specified.

Typical camera placement includes:

    • Site entrances/gates
    • Parking areas
    • Main entrance – exterior
    • Main entrance – interior
    • DigiPlex offices – entrance from lobby
    • Conference – client area/entrance from lobb
    • At doors to colocation entrance inside/outside security desk
    • Entrances to managed area from colocation area
    • Loading dock – exterior
    • Loading dock –interior
    • Meet Me Room
    • Telco room entrance
    • Reception / waiting areas
    • Security/operations room

Training
Vendors provide on-site training to key DigiPlex staff and contract personnel in the proper operation and management of all security and CCTV systems provided.

Training is delivered at two levels:

    • Administrator training is provided to DigiPlex personnel (or their designee) responsible for maintaining the access control system database, administering the system, issuing or revoking access privileges, running reports, routine system back-up/restoration, CCTV programming, owner-level service of the system (such as emergency procedures, data back-up, reader replacement and basic troubleshooting assessment of the operational readiness of equipment through the interpretation of LEDs on data panels, fibre converters and similar equipment).
    • End user training is provided to security personnel and site staff responsible for the day-to-day monitoring and operation of the system.   This includes alarm management and response, access control functions, CCTV operation and other operator responsibilities.

Security Systems Acceptance Criteria
Prior to final acceptance of  any system, DigiPlex conducts an acceptance test with the system vendor(s).  This test typically includes but is not limited to:

    • A physical examination of each door and alarm location to ensure proper installation of equipment and materials
    • A physical test of each door location and alarm point to verify proper operation of all locks, locking devices, readers, tamper switches and contacts
    • A physical inspection of all wire runs and connections
    • Verification of alarm signals from each door and alarm location to the security control centre, pager interface and off site monitoring facility
    • Online testing of all security control centre access control and alarm monitoring equipment including transfer testing between line voltage and UPS and run time
    • Verification that no alarms are lost when initiating devices from two or more zones are activated simultaneously
    • Verifying line supervision of initiating and indicating circuits
    • Verification of operation of exterior sensors under varying conditions
    • Verification of all access control and alarm monitoring system interfaces including the proper call-up (and positioning) of cameras, unlocking of egress and egress access doors
    • A review of all manuals and system documentation for completeness
    • A review of ‘as-built’ drawings.