S 2.95 Obtaining suitable protective cabinets

Initiation responsibility: IT Security Management

Implementation responsibility: Procurer

Protective cabinets can protect their contents from the effects of fire and from unauthorised access. Depending on the protective effect sought, the following guidelines should be observed when selecting a suitable protective cabinet:

• Protection against the effects of fire:

Where protective cabinets are concerned, in terms of protection against the effects of fire, there is a distinction between quality categories S60 and S120 complying with VDMA 24991 Part 1. Within these quality categories protective cabinets are tested to see whether, up to a combustion time of 60 or 120 minutes during a standard test for the protected data media, compatible temperatures are maintained within them. The data media to be protected are designated by suffixes in the classification. Specifically, the symbols have the following meanings:

The differences between the categories lie in their insulation performance, which is greatest in the case of DIS cabinets.

For IT baseline protection, in terms of protection against fire, protective cabinets of quality category S60 should be adequate. It should nevertheless be noted that server cabinets dooffer protection against fire for a certain period of time, so that data media are not destroyed. However, in the event of fire, it should be assumed that operation of the server cannot be maintained.

Where protective cabinets used for protection against fire and smoke are concerned, provision should be made for a device designed to close the doors automatically in the event of fire. Closure should be able to be triggered locally by smoke gas detectors and/or externally by a signal from a fire alarm system (where one exists).

• Protection against unauthorised access:

Along with the mechanical strength of the protective cabinet, protection value against unauthorised access is influenced crucially by the quality of the lock. For IT baseline protection, high-performance cabinets complying with RAL-RG 627 should be suitable.

If access protection and fire protection are required in combination, data security cabinets complying with RAL-RG 626/9 can be used.

Further relevant standards and guidance notes are VDMA 24992 for steel cabinets and RAL-RG 627 for high-performance cabinets. Help in evaluating the resistance value of various protective cabinets is provided by VDMA Standard Form 24990, which briefly outlines the safety characteristics of protective cabinets.

In choosing protective cabinets, the permissible floor load at the place of installation must also be taken into account.

After these selection criteria for the protection value of the cabinet, the next item to be determined is the equipment for the cabinet in line with known requirements. With this in mind, and before purchasing a protective cabinet, it should be stipulated which equipment and which types of data media are to be kept in it. The internal fittings of the protective cabinet must be selected in line with what is decided. Generally speaking, retrofitting is difficult, as the protection value of the cabinet and its specific certification can be adversely affected. Room for future expansion should also be allowed for in planning.

In server cabinets, as well as for the server and a keyboard, space should also be provided for a monitor and additional peripheral equipment, such as, for example, tape drives, so that administrative work can be carried out on the spot. Here, attention should be paid to choosing equipment which is ergonomically suitable, so that administrative work can be carried out on the server unhindered. Thus, for example, a pull-out base is desirable for the keyboard, fitted at a height which enables the administrator to perform his work while seated. Depending on the use to which the cabinet is being put, air conditioning and/or an uninterruptible power supply (UPS) may be required. The appropriate equipment must then be placed in the cabinet. Otherwise there must at least be some form of ventilation. It is recommendable to equip the cabinet with a locally operating fire early warning system which interrupts the power supply to the equipment in the event of fire (on the input and the output side of the UPS, provided there is one).

Back-up data media and log printers should not be housed in the same cabinet. In the event of damage to the server, back-up data media would presumably also be damaged. Logging of the actions on the server also acts as a check on the administrator. It is therefore not sensible to grant him access to the log print-outs even where he is the sole recipient.

Additional controls:

• Which protective functions is the cabinet meant to fulfil?

• Are these fulfilled by the cabinet chosen?

• With which of the above-mentioned quality categories does the protective cabinet comply?

• Is the console of the server only accessible to the administrator?

• Are the dimensions of the protective cabinet adequate?

• Were unauthorised changes carried out on the protective cabinet?