1. TÜV Informationstechnik GmbH Member of TÜV NORD Group TSI: Trusted Site Infrastructure The certification program for data center - more than availability health checks
5. TÜV NORD in Europe Grandvilliers Croydon Best Essen Madrid Mailand Athen Istanbul Katowice Prag Bratislava Novi Sad Slavonski Brod Moskau Plovdiv Tallin Kolding Hannover Hamburg Espoo Bologna Riga Wilna Bukarest Göteborg Ankara Donezk Budapest
6. TÜV NORD worldwide San José Clifton Buenos Aires Rio de Janeiro Dammam Abu Dhabi Teheran Mumbai Barat Bangkok Shanghai Hong Kong Tokyo Seoul Taipeh Almaty
7.
8.
9. TÜViT Our Vision in the field of Information Technology and Telecommunication
10. Quality And Security IT and Telecom-munication IT and Telecom-munication IT and Telecom-munication TÜVit Our Mission
11. TÜViT Topics Company Systems Components Project
12. Information Technology on all Layers Company Systems Components Project Evaluation of IT Security Optimization of IT Quality Privacy Security Management Quality Management Service Management Physical Security Network Security Secure e-Business Usability Content Quality Monitoring Reliability Document Management Evaluation of Security Software Security Hardware Functional Tests Improvement of Processes Models Project Management
13.
14. IT-Security Accreditations Company Systems Components Project ISO 17799 / BS7799-2 GSM SAS / TU.4 quid! / ULD Baseline Protection Common Criteria / ITSEC FIPS 140-1/-2 ZKA-Criteria Trusted Site Check of CA’s acc. SigG - Infrastructure - Security Qualification (SQ) ® - Privacy
17. Trusted site infrastructure Functional security based on three columns Informational technical Organizational Physical FUNCTIONAL SECURITY
18.
19. Trusted site infrastructure Environment Criteria, e.g. ( 地理環境) The building surrounds the information technology which has been installed and offers external protection. The location of the building plays a role with regard to the surrounding hazard potentials, as does the actual position of the security area within the building. If these factors are taken into consideration, potential sources of hazard can be prevented from the very beginning. Environmental hazards originating from water, explosions, ruins and debris, vibration and shaking and hazardous substances should definitely be avoided. In the same way, traffic routes which carry hazardous substances should be avoided, in order to prevent possible direct negative effects and also indirect effects, such as for example blocked access. 資料機房的座落地點: 水災,爆炸,暴動,震動,危險物質,交通狀況 Environment Criteria
20.
21. Structural aspects e.g. ( 建築結構) Trusted site infrastructure Walls (VdS 2334), windows and doors must offer protection against unauthorized access (DIN V ENV 1627) and fire and smoke (DIN 18095). In the same way, it must be ensured that no sections of the building are under threat from water (VdS 2007), EM/RF interference fields (EN 50147 Part 1) or close proximity to dangerous production processes. The building must be provided with external protection against lightning strike (DIN VDE 0185 Part 3) and must allow the security area to be located in a separate fire protection area (DIN 4102). The supply lines have to be laid in protective structures. EN 1047-2 specifies that in order to ensure the functioning of the IT systems and the data media in case of fire, the items requiring protection may only be exposed to defined maximum temperature and humidity limits. 資料機房的座落地點:防盜,防火,雷擊,溫濕度承受度 Structural aspects