Secure Your Business


The security levels acc. to ANSI/TIA 942-A-2012*: Before a CIS certification, companies will define which level they would like to reach. Based on this, the adequate audit checklist with the specific requirements will be used for this level.


Tier 1: “Basis”
A data center on Tier 1 is susceptible to interruptions due to scheduled and non-scheduled activities, such as maintenance work and failures. If there is an UPS (uninterruptible power supply) or substitute network equipment, it will be a question of a single-module system, which has “single points of failure”. The infrastructure should be switched off every year in order to enable preventive maintenance and repair work.


Tier 2: “Redundant components”
Equipment and facilities in a data center on Tier 2 have redundant components and therefore are slightly less susceptible to interruptions. They have an UPS (uninterruptible power supply) or substitute network equipment, whose capacity is designed by providing for one single non-redundant distribution path as “need plus one” (N + 1). Maintenance work done on energy supply and the infrastructure of the location necessitate an interruption.

weltkugelTier 3: “Concurrent maintainability”
Equipment and facilities in a data center on Tier 3 allow any scheduled infrastructural activities, such as maintenance work, without interruption of the IT operations. These activities include maintenance, repair, replacement or removal of components, tests of components and systems and the like. There must be sufficient distribution paths and capacity so that the load can be absorbed simultaneously. Nevertheless, failures of infrastructural components that occur spontaneously can lead to interruptions.


Tier 4: “Fault tolerance”
Equipment and facilities in a data center on Tier 4 have the capacity and capability for carrying out any scheduled infrastructural activity without interrupting the critical IT load. Fault tolerant functionalities of infrastructure also make it possible to withstand at least one worst-case failure without the critical IT load being affected. This necessitates distribution paths that are active simultaneously, typically in a system + system configuration.

This rating system will also be used in the course of a CIS Stage Review. However, the depth will not be the same as that at a Certification Audit. A CIS Stage Review only is to provide guidance to the requirements placed by the individual auditing criteria and does without a compulsory review of the on-site conditions and of relevant documentation. A Stage Review will guarantee that the auditing criteria are understood and examine possible weak points of the data center location that would prevent a certain level striven for within the rating system from being achieved. Therefore, it is recommended to conduct a Stage Review before a Certification Audit.


* ANSI: American National Standards Institute
TIA: Telecomunications Industry Association


CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com