Last week an announcement was made that the QTS Data Centers facility in Chicago received the UL3223 certification. The immediate question which floated around in the industry was multi-fold;
- Why is UL, an international safety consulting company, suddenly certifying data centers?
- What is the scope and what are the audit criteria?
- Do we really need another standard or is this one fundamentally different than the already well-established standards/guidelines?
This article attempts to shed some light on the matter based on information readily available on the internet. Yes, other sources are not available which is one of the problems, I will explain that a bit later.
Standard, standard development and scope:
UL announced the development of this standard in 2016. UL, very well known for its great work in safety standards was with this announcement entering the data center arena so the immediate question came as to what UL would address in its standard that other organizations/standards haven’t done so already. In other words, what would be the value add for the industry in this already crowded space.
Those familiar with standards development began immediately raising some eyebrows as it appeared that UL was not following the standard development process as it indicated that a company called Environmental Systems Design, Inc. (ESD) was selected to help developing this standard. I am certainly not debating UL nor ESD’s individual capabilities here but the process as to how this standard was apparently developed as SDO – Standard Development Organization rules call for impartiality, amongst many other things.
Having a look at UL’s own ‘Accredited Procedures’ document does indeed indicate the requirement for impartiality, balance of interest with no single party having more than 50% interest to ensure impartiality and a well-balanced approach to the content when developing a standard. The document also calls for the usual internal review by the technical committee as well as public review etc. I am therefore not sure what happened with the accreditation rules for this project but from the info available it doesn’t seem to have applied to this particular case.
Another fact is that Standards are normally publicly available. Publicly available doesn’t mean necessarily free, but even if paid for, you can normally download the Standard so that you can review the full audit criteria laid down on those companies seeking conformity to a Standard. Now, I am not claiming to be a Google, Bing or any other kind of search engine guru so I might have missed out on something but, no search that I did gave me any result for downloading the standard and that includes a search on UL’s general website as well as its own ‘UL Standards Sales Site’. So that makes one wonder, where is this standard and how can we get our hands on the detailed audit criteria?
I am also struggling with the announcement in which it was claimed that this standard would be ‘unique’ and different than others which, according to the statement, are only covering mechanical and electrical systems. The scope of the UL 3223 seems to be covering the following;
- Site/Architecture
- Mechanical
- Electrical
- Network
- Security
- Sustainability
- Safety
- Commissioning
When it was announced as being ‘unique’ then my guess is that it was compared to the Uptime Institute Tier Topology which only covers electrical and mechanical systems. However, looking at all the other Standards such as ANSI/TIA-942, ANSI/BICSI-002, EN-50600, they all cover the above and often a bit more. So where is the uniqueness factor or is this just more or less the same with a different cover page? It is my wish for UL to provide me with a copy of the standard so that I can do a much better review as I think that would be very helpful to the industry as at face value the scope seems to be pretty much the same.
Maybe what can be considered to be unique in that this standard is treating every data center on the basis of ‘one size fits all’ as the standard has no rating levels and is basically a pass/fail standard. This seems to be a departure from the well accepted and appreciated Tier/Rating/Class levels in the existing other Standards. Data centers are known to be serving different purposes and different levels of criticality and therefore different benchmark levels makes in my mind a lot of sense. Hence, I am not sure what the logic is behind trying to push it all into a single pass/fail benchmark.
Audit and certification:
Another interesting aspect is that the certification only last for one year. Don’t get me wrong, I am all for yearly reviews to ensure that changes, which are inevitable in the dynamic data center environment, do not pose risk. However, under the traditional ISO audit principles it is standard to have a certification audit followed by surveillance and recertification following a three-year cycle. A yearly full certification audit seems to be overkill.
Interestingly as well is that UL is claiming that they will send an army of 10-12 auditors to the site each covering their own discipline. How that is going to work from a cost (10 x plane ticket, 10 x hotel ?) and from a logistical perspective is a big question mark to me. Audits are quite taxing on an organization so having 10-12 auditors coming in (let’s hope not at the same time) is going to be an operational nightmare for any data center owner/operator.
Conclusion:
So, what’s up with the picture in this article of a broken hoverboard? In my humble opinion, UL is best known and very well respected for their safety consulting and certification. Their expertise is definitely of great value to the data center industry. However, although maybe commercially less appealing, I personally think it would be far better for the industry if they would join technical committees/workgroups of existing standards and contribute in that way to further fine-tune those standards on safety aspects instead of attempting to create a new standard.
Although, in general, I applaud any new standards that helps the industry, in this case I fail to see the full value add as it seems to be ‘more of the same’. I would be delighted to hear your views.
Edward van Leent is chairman and CEO at EPI, an organization that provides data center training, certification and audit