• Site should be protected from break-ins, natural disasters, fires, failure of supporting telecommunications or power utilities, structural collapse, chemical contamination, explosions, water intrusion through floods or plumbing leaks. The facility should not be located in/near areas with high risk of flooding such as: basement, immediately below roof top, immediately below kitchen or canteen or chiller plant, below a building's water tank, adjacent to or near the toilets and pantry, near the staircases, building drains or pump room, on a floor surrounded by open platform or in open area.
• Construction shall comply with all applicable building and safety regulations as laid down by the relevant Government agencies. The Construction must be tamper-evident. Materials used for construction shall be fire resistant and free of toxic chemicals. The facility shall monitor any physical break-in attempts such as hammering, exploding, chiseling etc.
• The CA facility can be constructed with double or triple layer, floor-to-ceiling walls located in an area of the facility without window or where windows can be secured effectively.
• External walls shall be constructed of brick or reinforced concrete of sufficient thickness to resist forcible attack. To add further security the certification room can be made of steel or metal of desired thickness.
• The construction must provide protection against the risks of cryptographic key loss, theft, and abuse.
• All the ducts electrical, Air-conditioning, LAN should be built of non-combustible and dust-free materials, and should not , at any point provides physical access to the site from outside.
• Power and Air Conditioning System : The CA facility must be equipped with an uninterruptible power supply (UPS) and generator with proper backup depending upon the nature of operation. It should only supply electricity to the CA facility and should be separated from all other building electrical loads. All electrical installations must meet the standards specified by the central/state government. The power points such as socket outlets or securing outlets must be correctly installed. In order to avoid static charge from building up, the ground wire must be insulated and connected to the building's ground strap while all computer equipment should have a dedicated ground point. Data cables should not be laid adjacent to main electrical cables or system control cables. Emergency lighting should be installed to assist exit of personnel during power failure.
• The CA facility should have its own independent air-conditioning system and fresh air supply system. All air ducts, including insulation/lining, should be built of non-combustible and dust-free materials and should not , at any point, connect to the air conditioning ducts serving the rest of the building to prevent physical access to the site.

The design of the air-conditioning system must take into consideration:

• Capacity requirement of all equipments
• Future capacity requirements
• Normal maintenance
• Mode of operation
• Temperature, humidity and dust count level control
• Load density
• Sensible heat ratio
• Outside air quantity
• Amount of air circulated
• Air distribution method
• Vapor barrier for humidity control
• Flexibility and ease of expansion
• The air-conditioning system is usually designed to maintain the following:
• Temperature around 22 degree centigrade
• Humidity around 50 %
• Physical Access: Regarding the access to the CA facility, there should only be one main entrance. All the side entrances for emergency exits must be permanently locked.

It should be through

•  Water Exposure: Systems should be protected from water exposure
• Fire Prevention and Protection :The wall enclosing the computer room should be constructed of non-combustible material which should be fire resistant for at least few hours. The fittings and furniture inside the computer room should also be made of non-combustible materials or materials having minimal fire propagation property. The CA facility shall be equipped with heat and smoke detectors, alarms, and a fire suppression system appropriate for computer equipments. It should be in compliance with requirement specified by the Fire Brigade or any other agencies of the Central or State Government.

The following points should be kept in view while planning the systems:

• Detectors should not be inserted into the ceiling but rather surface-mounted under the ceiling.
• Detectors should not be placed near air stream outlets or any sources, which would affect the integrity or functions of the detectors.
• The central fire alarm system of the building should be relayed to the computer room so that operation staff in the computer room are alerted if there is a fire in the building.
• Smoking inside CA facility should be prohibited.
• Media Storage: Storage media should be protected from environmental threats such as extreme temperatures, humidity, and magnetism.
• Environmental Protection:Water, temperature and humidity detectors must be installed and shall be connected to audible alarms.
• Waste Disposal: Information on media used for storage of keys etc. shall be deleted securely or destroyed before released for disposal.
• Automatic Status Monitoring: The site must be equipped to monitor and alert relevant personnel in the event of an abnormality in security operations, including physical security etc.
• Video and other surveillance equipment: A Digital Video Recorder System ( DVR) should be installed to properly monitor the entire premises on a 24 x 7 basis through a suitably installed set of cameras. It should operate in a fail safe mode.. The system should posses the ability to reconstruct the events what occurred during the breach of security.

Security Levels
Broad Specifications of Systems to be installed
References