The data center consists of 100,000 metric tons of reinforced concrete and rests on 480 concrete pillars, each extending 16 meters into the ground. The exterior walls are 30 centimeters thick and made of reinforced concrete. The server rooms are further surrounded by 3 concrete walls. This design provides effective protection against storms and even a small airplane crash.
SAP ensures compliance with data protection provisions. Data from cloud customers falls under the jurisdiction selected by the customer and is not forwarded to third parties.
SAP’s support services ensure that data protection is also maintained during require
d maintenance operations.
Backups are carried out in the form of disk-to-disk copies, which enables rapid data creation and recovery. Besides full backups done on a daily basis, interim versions are created several times per day and are then archived, like all backups, at a second location for security purposes.
At regular intervals, TÜV, KPMG, and SAP itself test whether the technology and infrastructure are operating smoothly. An overview of the most important checks is provided below.
Databases and servers are routinely checked in real time to ensure that they operate properly. Batteries for the emergency power supply must always be charged. Thus, the condition of batteries is
continuously tested. If a battery’s maximum
capacity decreases excessively, it is replaced. Gas cylinders containing the INERGEN fire-extinguishing gas must sustain a specific level of pressure. An electronic pressure gauge on each gas cylinder electronically transmits deviations from the standard value to the central gas distribution facility.
The diesel engines are automatically started
once per month
to perform a full load test.
EVERY THREE MONTHS
An aspirating smoke detector (ASD) emits a preliminary alarm to the security department upon the slightest signs of fire or smoke. A second fire detector then emits a piercing alarm in the event of an emergency. An external company performs tests
every three months
using a smoke device to determine whether the ASD and fire detectors are still active.
EVERY SIX MONTHS
The diesel engines’ switch control panels are checked
by an external company. The inspection ensures that, in a real power outage, the switchover will function and that power is supplied to the servers.
Doors, windows, and ventilation systems are inspected
. The TÜV (an international safety certification organization) inspects all access points to the data center in accordance with ISO 27001 specifications. The door check verifies what types of door locks (toggle locks or dead bolt locks) are used and whether they comply with the ISO standard. In addition, doors may not be kept open for too long. During the TÜV inspection visit, the door is left open for one minute to see whether an alarm is triggered as per the standard.
KPMG goes one step further and inspects the data center’s “black box” according to the international ISAE
3402 (or SSAE 16) certification standard. In other words, it checks the video recordings made over the last 365 days that prove that doors were opened only for authorized individuals. Inspectors refer to this measure
as a “door effectiveness” check.