Close this search box.

Data Center Design: Compliance, Location and Regulations

One size doesn’t fit all when it comes to data center design. Finding a proper facility that is equipped with everything you need to secure your data can be difficult.

At the heart of any data center design should be security and compliance. In this blog, we will continue to expand on our previous posts about factors to consider when selecting a data center and data center security. Find out why it is critical to have a data center provider design their facility with security as the backbone.

Different Types of Data Center Designs

Across the globe, there are many colocation and web hosting providers that have creatively designed their data centers. While most may look like your run-of-the-mill white floor space server rooms, many have unique design features that give them a look all their own.

Data centers have a checklist of items that are essential to the design, yet the physical structure is rarely by the books. Here are different types of data center designs to consider when selecting a colocation provider:

Underground Data Center Designs:

Underground data centers are considered among the safest space to store data, unless the infrastructure lacks real-time air quality monitoring. Without it, equipment failures can ensue. Currently, there is a rise of data center customers across the country experiencing early equipment failures due to underground storage.

Knowing the dependability and standards of your colocation provider is essential when it comes to underground facilities. Changing, maintaining and monitoring data center environmental conditions should be the top priority of an underground hosting provider.

LightEdge’s underground Kansas City SubTroplis facility has a real-time air quality monitoring platform. This ensures conformance with ASHRAE TC 9.9 standards for A1 environments. It also means that LightEdge’s underground data center keeps customers in top working order for the full life of their equipment.

When selecting an underground data center provider, it is important to see documentation on the certifications and security processes in place. A provider should remain up-to-date on the most vital compliance regulations and remain committed to working with customers as their colocation partner.

Mines vs. Cave environments

Another crucial factor when evaluating an underground facility is whether it’s housed in a cave or a mine. Cave environments can set clients up for a risky situation when it comes to lack of air flow, excess heat and air quality issues, and ultimately, equipment corrosion that could cost clients thousands of dollars and cut hardware life cycles short by a number of years.

Mines are the preferred data center space due to their natural aspiration combined with protection from the elements. When layered with real-time air quality monitoring, mines function as the prime data center space.

Another major factor to evaluate is how the data center is designed to remove heat. There should be best practices in place to expel all heat generated to the outside of the facility, so the rock doesn’t heat up over time. This supports much higher rack density and guarantees equipment is safe from premature erosion. LightEdge’s Kansas City facility is housed in the SubTropolis mines with limestone that has a 58-degree cooling effect. That means optimal temperate for a long equipment lifecycle and efficiency in operations.

With the proper air quality monitoring and heat expulsion, mines can be the safest place to store your data. The underground location eliminates any weather and climate risks and can save on energy costs due to the consistent temperature.

While underground facilities are remote, there is a growing niche for purpose-built mines in populated areas where real estate prices are high. These types of facilities continue to gain traction and transition from alternative to mainstream solutions.

Natural Disaster Prepared Data Center Designs

When secure underground real estate is unavailable, building a facility prepped for natural disasters is imperative. Data centers continue to innovate and design the most creative architecture to brave the elements.

Elements that prepare a facility to bear the burden of natural disasters included the reinforced pre-cast walls and roofing. Walls acts as a barrier to the outside, so they are typically extremely thick. Data centers have also added second roofs to act as a backup if the first roof was to fail.

Limit Entry Points

Limiting the entry points to the data center will decrease the risk of physical break-ins to the building. A data center can control access to the building by establishing one main entrance for customers and employees. There should be one other entrance in the back of the data center for loading docks.

Monitoring the limited entry points for the main entrance, loading docks, fire exits, and any other sensitive areas of the facility is essential. It will help your data center colocation provider to keep track of everyone who entered and exited the building at certain times.

When evaluating a data center colocation provider, here are some questions to ask about their limited entry points and access control systems:

  • How often does your data center update its access list?
  • How many points of entrance are there, and who has access to them?
  • When employees or customers leave your data center business, what is the procedure on revoking security access?

If their answers lack the utmost commitment to security and access control of the building, then it is best to look elsewhere for a data center colocation provider.

Green Data Center Designs

Data center designs are going green to help the environment. Built to be energy efficient, these facilities are using alternative technologies to help the environment and keep costs down. For example, Microsoft’s data center in Dublin uses less energy and water than typical data centers. The design innovations driving efficiency include a “free cooling” system that uses outside air to cool the facility and server room. It employs hot-aisle containment to support warmer temperatures inside the white floor space.

Although Microsoft is not a colocation provider, it is helping to raise the bar on green data center design best practices.

The U.S. Department of Energy notes that data center spaces can consume up to 100 to 200 times as much electricity as a standard office space. As a result, the U.S. Department of Energy created a best practice guide for energy-efficient data center design to provide viable alternatives to inefficient data center building practices.
These best practices span over the following categories:

  • Information technology (IT) systems and their environmental conditions
  • Data center air management
  • Cooling and electrical systems
  • On-site generation
  • Heat recovery

Many facilities are starting to incorporate these best practices into their data center design, ultimately resulting in lower energy costs and environmentally friendly processes.

Designed with Security and Compliance in Mind

Compliance standards are continually evolving. Finding a provider with an impressive compliance badge portfolio that can keep up is critical. Here are some areas of compliance that your hosting provider should be proficient in.

Compliant Data Center Design

Every organization may have different standards and attest to their compliance in a different manner. This is because organizations may be structured to serve industries differently. Despite organizational differences, compliance standards like SSAE 18 help to ensure there are present controls implemented by SOC Reports framework. Other impressive compliance badges include ISO 20000-1. ISO 20000-1 protects against human error, which is one of the top reasons for breaches.


SSAE 18, or Statement on Standards for Attestation Engagement No. 18 establish requirements and provide application guidance to auditors for:

  • Performing and reporting on examinations
  • Reviewing processes
  • Agreeing upon procedure engagements (including SOC attestations)

As of May 1, 2017, SSAE 18 has been in effect. SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports. The new standard has suspended SSAE 16. The key differences that SSAE 18 brings to light is the way service organizations deal with subservice organizations.
SSAE 18 also requires a data center colocation facility to provide the service auditor with a risk assessment that highlights the organization’s key internal risks. This ensures that the provider’s controls are regularly reviewed, vulnerabilities are addressed, and updates are made to mitigate risk.


While there is no certification for HIPAA, there are requirements and best practices that data centers should note when designing their facility.

hen trying to find the best HIPAA compliant cloud hosting provider, it is best that your provider has experience with healthcare customers. Ask how many of the hosting provider’s customers are in healthcare, and how they facilitate HIPAA compliance with those customers.

Meeting the demanding HIPAA compliance standards is difficult, so a data center and cloud hosting provider should be well-versed in addressing the dynamic needs of healthcare businesses.

Some areas to note is a HIPAA secure data center design include:

  • Third-party compliance audits
  • Secure network connections
  • A secure data center location
  • Secure amenities
  • Cybersecurity technology

The Payment Card Industry Data Security Standards (PCI DSS) was created to enhance cardholder data security and facilitate the adoption of data security measures globally. As a colocation provider, the data center design should be built with PCI DSS compliance in mind.

A simple way to ensure your organization remains PCI compliant is to use a PCI compliant hosting solution. These solutions use technology and processes like MFA and stay current with PCI DSS requirements as they evolve.

Approved vendors can pinpoint network vulnerabilities from the outside looking in. Finding a reliable hosting provider that has expert knowledge on the ins and outs of PCI compliance will take the weight off of your shoulders when it comes time for audits.

SOC Reports

According to the American Institute of Certified Public Accountants (AICPA), SOC Reports are designed to help service organizations (data center colocation providers) build trust and confidence in the service performed and controls related to the services through a report by an independent auditor. Each type of SOC report is designed to help service organizations meet specific user needs.

To learn more on the different SOC reports and take a deeper dive into what they are protecting, visit our previous blog on the five factors for choosing a data center.

Finding a data center colocation provider that meets your strict compliance guidelines is imperative when it comes to keeping your data safe. When selecting a provider, ask them about the compliance badges they possess. Many industries require additional compliance.

For instance, the healthcare industry is regulated by HIPAA compliance and the financial and banking industry is regulated by PCI-DSS compliance standards. Ensure that your data center provider also demonstrates the same rigorous compliance standards that fall within their control.

Avoiding Code Violations

While data centers may have their differences when it comes to design, all should be up to code. If you are considering a colocation provider, be sure to inquire about their code inspection. If the data center isn’t up to code, your critical infrastructure may not be safe. Here are different code items that each facility should follow.

Tenant Improvements

According to Data Center Journal, the most common violations with tenant improvements are maintaining minimum distances. There are measurements for minimum distances to, around and under fixtures and equipment. If data centers don’t comply with those distances, they could be out of compliance with The International Building Code.

The International Building Code requires that the height of protruding objects at walking surfaces be at least 80 inches above finish floor (a.f.f.). Some examples of non-compliant height occurrences to note are:

  • Horizontal sprinkler mains
  • Low-hanging mechanical ducts
  • Climate sensors
  • Building wiring
  • Sloped plumbing vent pipes
  • Low-hanging insulated ducts from the generator yard

Other overlooked tenant improvements include those required by the Americans with Disabilities Act (ADA). Building requirements by the ADA include protrusion limits, protruding objects, post-mounted objects, vertical clearances and many others. To learn about all of the different building code requirements enforced by the ADA, visit the Guide to the ADA Standards.

All factors are common reasons for code violations. Ensure that your colocation provider has proper documentation to prove their facility is up to code. If not, your data could be at risk.


Beyond tenant improvements and permit violations, safety is one of the main reasons for code violations. Unfortunately, many safety issues are due to human error. Here are some common safety violations that data center may be out of compliance with:

  • Fire-rated walls not being continuous from rated floor to rated floor/ceiling assembly
  • Passage doors creating a potentially dead-endfire-rated corridor when they don’t have a panic exit device, or they don’t swing in the direction of egress travel
  • Smoke detectors located more than 12″ from the ceiling

There are many other safety codes in place that your colocation provider must adhere to. Whether it’s during the construction phase of the data center design, or surrounds day-to-day processes, your provider should be keeping you and your data safe.

What Data Center Design is Right for You?

LightEdge has designed security and compliance into each of our Des MoinesKansas CityOmaha, and newly acquired Austin and Raleigh data center facilities. Recently, LightEdge’s underground data center in Kansas City announced plans to expand by 20,000 square feet. This newest expansion will be designed with the most advanced security features available today.

Each of our LightEdge facilities strive to deliver more than traditional data centers. We have created true Hybrid Solution Centers designed to offer a complete portfolio of high speed, secure, redundant, local cloud services and managed gateways to public clouds through our hardened facilities.

All of our facilities are designed to offer N+1 redundancy on every main component, providing greater protection and security for your crucial IT operations. All seven of our facilities are concurrently maintainable to Tier III standards.

If you are interested in taking a private tour of any of LightEdge’s data center facilities, contact us here. We have colocation, security and compliance experts standing by to answer any of your questions.

Related Posts: 


Share Article