Security for data centres and server rooms, with biometric access control, mantrap procedures, perimeter detection and CCTV (video surveillance) at rack level. The installation supports the audit trail and verification your certification programme requires, without putting your uptime at risk.
A data centre is not an ordinary commercial building. The value behind the facade is considerable, the uptime requirement is high (Tier I to Tier IV under the Uptime Institute classification) and the clients who place their servers with you, whether a hosting provider, a bank, a telecoms operator or an internal corporate server hall, hold physical security to a demanding standard. A tier-classified data centre is audited regularly by clients and certification bodies, and those audits assess not only the IT layer but, explicitly, the physical layer as well.
Cebec designs data centre security in layers, from the outside in. The site perimeter, the facade and main entrance of the building, the server hall itself and, ultimately, each cage or even each rack. At the critical gates we deploy biometric verification, often combined with a card or PIN for multi-factor authentication. Between the working area and the server hall we install a mantrap: an interlock with two doors that cannot be open at the same time, to prevent tailgating. Cameras cover every metre, with retention of 90 days or more.
We work for commercial data centres, hosting providers, financial services firms, telecoms operators and internal corporate server halls. You gain a single point of contact for access control, biometrics, perimeter, CCTV and the link to your fire protection, together with the documentation your auditor expects. For the gas extinguishing system itself we work alongside a specialist sprinkler and gas supplier; the detection and control we deliver in line with the Dutch fire detection standard NEN 2535.
Data centre security is integral by definition. The six systems below form the basis for a server hall that meets the physical requirements set out in information-security frameworks and in most client audits. We draw them onto your floor plan and align them with the tier classification of your site.
Fingerprint, iris scan or facial recognition on the critical doors to the server hall, the vault and client cages. Almost always multi-factor: card or PIN plus biometrics. Implemented with Paxton or Vanderbilt SPC, storing templates rather than raw biometric data. More on access control.
A mantrap is an interlock with two doors between the working area and the server hall. The second door opens only once the first is closed and a person has been verified. Optionally with a weight sensor and weighing plate against tailgating, or with dual biometric verification. Standard practice in most tier-classified data centres.
HD and 4K cameras covering every aisle, every cage and every row of racks. Retention of 90 days or longer, in line with most client audits. Footage is linked to badge events: a snapshot at every card swipe. Read more on CCTV and video surveillance.
Fence detection, thermal cameras that recognise people and vehicles in complete darkness, and, on larger campuses, a patrolled zone between the outer fence and the building. False alarms are filtered out by AI analysis, while genuine intrusions trigger immediate response through our alarm receiving centre (ARC).
Data centres use gas extinguishing with FM200 or Novec 1230 rather than sprinklers, so the electronics are not damaged. Detection by a VESDA (Very Early Smoke Detection Apparatus) picks up smoke at very low concentrations. We deliver the detection and control through a fire alarm system; the extinguishing gas itself in partnership with a specialist gas supplier.
Full logging of every passage, every door and every camera event, exportable for client audits and information-security reviews. Separate authorisations per cage or client compartment, with a dedicated camera stream and dedicated badge reporting. Compartments are physically separated and logically separated within the management system.
A data centre never runs on routine. The combination of uptime requirements, client audits and specialist fire protection calls for judgements that simply do not arise in an ordinary office. Six points we address specifically in every project.
A data centre does not rely on a single check-in. Between the street and the rack there are several layers, each with its own verification and its own logging. Together they make it possible, at any incident review, to see exactly who was where and when, and which biometric profile was used.
For lighter server rooms within an office we reduce these layers; for a commercial data centre or financial-sector server hall we follow the full model. During an audit this layering is almost always checked specifically.
A data centre project rarely starts from scratch. Often an installation is already in place, alongside a client requirement or audit finding that calls for additions. We therefore begin with a gap analysis against the relevant information-security framework and the tier requirements, and then build out step by step without interrupting production.
We assess the existing situation against your information-security framework and the tier requirements that apply to your site. The outcome is a list of concrete findings, ranked by risk and audit impact.
You receive a plan covering verification layers, mantrap locations, camera coverage, retention policy, fire detection and the link to the gas supplier. Including a clear quotation and a phased schedule.
We work in phases, in parallel with your production. On redundant sections we carry out work without taking the other half offline. Each phase is tested and handed over separately before we continue.
On handover you receive the documentation your auditor expects: door matrix, badge reporting, camera retention policy and maintenance log. During audits we are available to provide explanation and answer questions.
We come to site for a no-obligation survey and gap analysis, with a report that also supports your own information-security programme.
Not every server hall is a commercial colocation. We work for the large data centres in the Randstad, but equally for financial-sector server rooms, telecoms sites and internal corporate server halls where the risk requirements are identical but the scale is smaller.
Tier-classified data centres with client cages and separated compartments. Our experience with multi-tenant CCTV and multi-tenant access control helps you meet client requirements. See also industry and logistics for logistical aspects.
Hosting providers with their own data centre or in colocation. We design to your scale, with badge management that links to your HR or provisioning tooling, and an audit trail suited to a SOC 2 handover.
Banks, asset managers and payment providers with their own server rooms and stringent internal audits. Multi-factor authentication at every layer, dual control on vault doors and fully watertight compartmentalisation.
Central telecoms rooms and points of presence. We work with perimeter security, biometrics on the main gate and CCTV aligned with the specific uptime requirements of a telecoms operator.
In-house server rooms and smaller server halls within an office or factory building. Often with different risk profiles from a commercial data centre, but the same underlying architecture: layered access, audit trail and gas extinguishing.
Healthcare organisations with their own server room often fall under the Dutch healthcare information-security standard NEN 7510. The verification requirements overlap with general information-security frameworks, with additional requirements around patient data. See also healthcare.
An installation only earns its keep if it keeps working. For data centres that means maintenance in phases, with dual sections taken offline in turn, and a maintenance window agreed precisely with your operations. As standard we provide a maintenance contract suited to your tier classification.
Periodic inspection of redundant sections, firmware updates on the standby half, quarterly audit reporting and remote diagnostics over a well-secured connection. Fault service 24/7, with response times aligned to your tier requirement.
Data centre, colocation sites and any office locations under one contract, one point of contact and one invoice. Central reporting per site, a multi-site dashboard for access and cameras, and an audit trail consolidated across all locations.
The operator of a data centre is usually certified to an information-security framework and often to SOC 2 as well. The security company is assessed on its installer certifications for access control, fire alarm systems (NEN 2535, the Dutch fire detection standard) and CCTV, plus general recognition as a VEB-certified security company and a BORG (Dutch security installer scheme) or comparable qualification. Our installation provides the logging and documentation that supports your own information-security or SOC 2 programme.
A mantrap is an interlock with two doors between the working area and the server hall. The second door can open only once the first is closed and the person has been correctly verified. This prevents anyone from slipping in behind another person (tailgating). Mantraps are standard in commercial Tier III and Tier IV data centres, and in financial services and telecoms server halls where tailgating is a serious risk. For small corporate server rooms a lighter alternative is often sufficient, with dual biometric verification and CCTV.
The three most common forms are fingerprint, iris scan and facial recognition. Fingerprint is inexpensive and broadly applicable. Iris scan is hygienic (no contact) and highly precise, but more costly. Facial recognition is contactless and fast, but more sensitive to environmental conditions. For extremely critical doors we generally combine biometrics with a card or PIN, which we call multi-factor authentication. We safeguard the requirements of the GDPR (the EU General Data Protection Regulation) around biometrics by storing templates only, never raw biometric data, and we always offer an alternative for anyone who prefers not to use biometrics.
Tailgating is addressed on several levels. First physically: a mantrap interlock allows only one person through at a time, optionally with a weight sensor. Then technically: anti-passback in the access control system prevents the same card being used twice within a set time window. Finally through CCTV with AI detection that flags multiple people at a single passage. In practice the combination of these three delivers a very high degree of certainty.
A sprinkler installation extinguishes with water, which in a server hall destroys all electronics it comes into contact with. Data centres therefore use gas extinguishing, with FM200 or Novec 1230. This gas puts out the fire by briefly lowering the oxygen concentration, without harming electronics or storage. Detection is by a VESDA system that recognises smoke at a very early stage. We deliver the detection and control through a fire alarm system in line with NEN 2535. The extinguishing gas itself is supplied by a specialist sprinkler and gas supplier we work with. Read more on fire alarm systems and extinguishers and emergency lighting.
For ordinary commercial premises the Dutch Data Protection Authority applies a guideline of four weeks. For data centres a longer period often applies because clients and auditors require it. 90 days is common in commercial colocation, and some financial services clients ask for 180 days or a year. We size the storage to your client contracts and ensure the design can be adapted if requirements change later. The GDPR basis for the retention period is set out in the privacy statement.
Yes. Information-security frameworks and SOC 2 are standards for the operator of the data centre, not for us as the installer. What we deliver is an installation with which you can demonstrate that the physical layer is in order. During audits we are available on request to brief the auditor on the door matrix, badge reporting, camera retention and maintenance log. Additional documentation requested by the auditor is supplied within the regular maintenance contract.
A server hall must not go offline for maintenance. We work on redundant sections, so we can take the standby half offline for a firmware update or a sensor replacement while the active half keeps running. The update is then tested, connected through and only afterwards is the other half addressed. Work outside redundancy (a central panel replacement, for example) we schedule within a tightly agreed maintenance window, in consultation with your operations.
We assess your site against your information-security framework and the tier requirements, and deliver a report that serves as the basis for your own audit programme. No obligation and no commitment.