- Call on : +44 (0)20 8559 8295
- Open Hours : Mon-Fri 08:00 - 17:30
Premier Security Ballistic & Blast Ltd
Physical Security Standards for UK Data Centres
Physical Security Standards for UK Data Centres: NPSA, EN 50600-2-5, ISO 27001 & Uptime Tier IV
UK data centre physical security is governed by an interlocking set of standards spanning government guidance, operational topology and independently certified products. This reference explains how those standards fit together, what each one covers, and how Premier Security Ballistic & Blast Ltd products are certified against the building envelope and perimeter standards that matter most to architects, M&E consultants and security designers.
How the Standards Fit Together
There is no single standard that defines data centre physical security. Instead, three layers work together, and a complete specification draws on all three.
- Government guidance and designation sets the expectation. NPSA and NCSC guidance, the Critical National Infrastructure regime and the Building Safety Act establish what a UK data centre should achieve and document.
- Operational and topology standards set the framework. Uptime Institute Tier ratings, TIA-942, the EN 50600 series and ISO 27001 define the resilience and management context that physical security sits within.
- Product certification standards deliver the protection. LPS 1175, EN 1522/1523, EN 1063, ISO 16933, EN 13123/13124, PAS 68 and the fire standards certify the doors, windows, glazing, curtain walling and barriers that physically resist attack. This is the layer Premier products occupy.
The practical takeaway: A data centre's Tier rating or ISO 27001 certificate does not specify a door. It establishes the requirement for controlled, resilient, auditable physical security. The product certification standards then prove that the specified doors, glazing and barriers actually resist the assessed threats. Specifiers need fluency in both layers.
Government Guidance and Designation
NPSA Guidance
The National Protective Security Authority (formerly CPNI) is the UK government's authority on protective security. Its data centre guidance applies the "Deter, Detect, Delay" model and the "Barriers, Access control, Detect" philosophy across perimeter, building envelope and internal compartments. It is the de facto reference for UK data centre physical security.
NCSC Guidance
The National Cyber Security Centre leads on the cyber dimension, but its guidance increasingly recognises that physical access is a route to cyber compromise. Physical and cyber security are treated as complementary layers for Critical National Infrastructure.
Critical National Infrastructure
UK data centres were designated Critical National Infrastructure on 12 September 2024, the first new designation since 2015. This places data infrastructure under stronger government coordination on security and resilience and raises the expectation of certified, layered physical protection.
Cyber Security & Resilience Bill
Expected to formalise duties for data centre operators, anticipated to capture facilities above 1MW per site or 10MW aggregate. Specifiers should track this Bill as the likely trigger for firmer statutory physical security expectations.
Building Safety Act 2022
Introduces the "Golden Thread" of traceable, accurate building information across the lifecycle of a building. Specifying independently certified physical security products with current certificates supports the documentation and accountability the Act requires.
Secured by Design
The UK Police Preferred Specification scheme. Products from Secured by Design members carry police-recognised credibility that supports planning applications. Premier is a Secured by Design member.
Operational and Topology Standards
These standards define the resilience, management and operational framework that physical security sits within. They rarely specify a particular door or barrier, but they establish the requirements that drive product selection.
Uptime Institute Tier Standard
The Uptime Institute Tier Standard classifies data centres from Tier I to Tier IV by topology and operational resilience. Tier III (concurrently maintainable) and Tier IV (fault tolerant) facilities almost always layer high-grade physical security, including anti-tailgating security portals, controlled single-person access at sensitive boundaries and forced-entry-rated doors on data hall and MMR lines.
TIA-942
The TIA-942 telecommunications infrastructure standard for data centres uses its own "Rated 1 to Rated 4" classification, which is separate from the Uptime Institute Tier system despite the similar numbering. TIA-942 addresses site, architectural, electrical, mechanical and telecommunications criteria, and its higher rated levels reference physical security provisions such as controlled and monitored access.
Common confusion: Uptime Institute "Tier I to IV" and TIA-942 "Rated 1 to 4" are different classification systems from different bodies. They are not interchangeable, and a facility may reference one, the other or both. Always confirm which system a specification means.
EN 50600 series
The EN 50600 series is the European standard family for data centre facilities and infrastructures. EN 50600-2-5 specifically addresses security systems, covering the physical protection concept, protection classes and the integration of physical security measures. It is increasingly referenced on UK and European new builds as the technical anchor for the physical security design.
ISO 27001
ISO 27001 is the international standard for information security management. Its Annex A includes physical security controls. Note that the 2022 revision reorganised Annex A: physical controls now sit under A.7 (Physical controls) in ISO 27001:2022, having previously been grouped under A.11 in the 2013 edition. Many existing specifications still reference the older A.11 numbering, so check the edition.
Download our UK Data Centre Security Specifier's Checklist
A practical reference pulling these standards together, with NPSA-aligned threat zoning and the product certifications Premier holds at each layer of the building envelope and perimeter.
Get the ChecklistProduct Certification Standards
This is the layer where Premier products are tested and certified. Each standard addresses a specific threat, and each is an independent certification: a product rated against one is not automatically rated against another. The table below is the quick reference; the dedicated pillar pages cover each threat in depth.
| Standard | Threat | Scope | Rating Format |
|---|---|---|---|
| LPS 1175 Issue 8 | Forced entry | Doors, windows, glazing, louvres, curtain walling, gates, grilles | B3 to E10 (SR2 to SR5) |
| EN 1627 to 1630 | Forced entry (European) | Doors, windows, shutters, grilles, curtain walling | RC1 to RC6 |
| EN 1522 / EN 1523 | Ballistic (assembly) | Complete window, door, shutter, louvre, curtain walling assemblies | FB1 to FB7 (plus FSG), with S or NS |
| EN 1063 | Ballistic (glazing) | Security glazing alone | BR1 to BR7 (plus SG1, SG2), with S or NS |
| ISO 16933 | Blast (arena, counter-terrorism) | Glazing, and frames where classified | EXV / SB with hazard letter A to F |
| EN 13123 / EN 13124 | Blast (assembly) | Complete window, door, shutter, curtain walling assemblies | EPR1 to EPR4 (shock tube), EXR1 to EXR5 (arena) |
| EN 13541 | Blast (glazing) | Security glazing alone (shock tube) | ER1 to ER4 |
| PAS 68 / IWA 14-1 | Hostile vehicle (HVM) | Bollards, gates, barriers, crash-rated curtain walling | Vehicle type, mass, speed and penetration |
| EN 1634-1 / EN 16034 | Fire | Fire and smoke door and shutter assemblies | E and EI ratings in minutes |
| BS 476 Part 22 | Fire (legacy UK) | Fire resistance of non-loadbearing elements | Integrity and insulation in minutes |
| LPS 1056 | Fire (certified doorsets) | Fire resisting and fire and security doorsets | Fire rating in minutes, with security grade |
Glazing rating versus assembly rating: Across both ballistic and blast standards, there is a recurring distinction between the rating for the glazing alone (EN 1063, EN 13541) and the rating for the complete installed assembly (EN 1522/1523, EN 13123/13124). A complete specification normally needs both, because the glazing rating proves the glass and the assembly rating proves what actually gets installed, including frame, fixings, seals and hardware.
Which Standards Apply to Which Data Centre Zone
| Zone | Primary Product Standards |
|---|---|
| Site perimeter | PAS 68 / IWA 14-1, LPS 1175 |
| Vehicle entry & loading bay | PAS 68 / IWA 14-1, LPS 1175, EN 13123 (where blast assessed) |
| Reception & screening | LPS 1175, EN 1522 / EN 1063 (ballistic screens) |
| Control room / NOC | EN 1522 / EN 1063, EN 1634-1, LPS 1175 |
| Data halls | LPS 1175, EN 1634-1 (compartmentation) |
| MMR (meet-me room) | LPS 1175, EN 1634-1, EN 1522 where assessed |
| UPS & battery rooms | EN 13123 / ISO 16933, EN 1634-1, LPS 1175 |
| Generator halls | EN 1634-1, EN 13123, LPS 1175 |
| External facade | EN 1522 / EN 1063, ISO 16933, LPS 1175, PAS 68 (HVM curtain walling) |
A Note on Combining Standards
Where a zone faces more than one threat, the relevant ratings can be combined in a single product, but each rating remains a separate, independent certification. Premier is one of the few UK manufacturers certified across forced entry, ballistic, blast and fire, and supplies dual and quad-certified assemblies for high-threat data centre zones.
Read more about combined ballistic, blast and fire protection
Explore Our Data Centre Security Solutions
Frequently Asked Questions
What physical security standards apply to UK data centres?
UK data centre physical security draws on three layers: government guidance (NPSA, NCSC, the CNI regime and the Building Safety Act), operational and topology standards (Uptime Institute Tier, TIA-942, EN 50600-2-5 and ISO 27001), and product certification standards (LPS 1175, EN 1522/1523, EN 1063, ISO 16933, EN 13123/13124, PAS 68 / IWA 14-1 and the fire standards). A complete specification references standards from all three layers.
What is EN 50600-2-5?
EN 50600-2-5 is the part of the European EN 50600 data centre standard series that deals specifically with security systems. It covers the physical security concept, protection classes and how physical security measures integrate into the facility design. It is increasingly cited on UK and European new builds as the technical reference for the physical security layer.
Is ISO 27001 a physical security standard?
ISO 27001 is an information security management standard, but its Annex A includes physical security controls. In the current ISO 27001:2022 edition these sit under A.7 (Physical controls); in the older 2013 edition they were grouped under A.11. Because many existing data centre specifications still reference A.11, it is worth confirming which edition a specification means.
What is the difference between Uptime Tier and TIA-942 Rated?
They are separate classification systems from different bodies. The Uptime Institute Tier Standard uses Tier I to Tier IV to classify topology and operational resilience. TIA-942 uses its own Rated 1 to Rated 4 system covering site, architectural, electrical, mechanical and telecommunications criteria. Despite the similar numbering they are not interchangeable, and a facility may reference one or both.
Does LPS 1175 certification mean a product is also blast or ballistic rated?
No. LPS 1175 certifies forced entry resistance only. Ballistic resistance (EN 1522/1523, EN 1063), blast resistance (ISO 16933, EN 13123/13124) and fire resistance (EN 1634-1, EN 16034) are separate, independent certifications. A product is only rated for a threat if it has been specifically tested and certified against that threat's standard. Combined-rating products carry multiple distinct certificates.
Which standards does Premier certify its products to?
Premier products are independently tested and certified to LPS 1175 (LPCB Red Book listed, B3 to E10), EN 1522/1523 and EN 1063 (ballistic, FB1 to FB7), ISO 16933 and EN 13123/13124 (blast), PAS 68 and IWA 14-1 (HVM), and EN 1634-1, EN 16034 and LPS 1056 (fire). Premier is a Secured by Design member, ISO 9001 certified and a Constructionline Gold approved supplier. Current certificates are available on request.
Get standards-aligned specification support
Premier's specification team can help you navigate the standards landscape and select certified products for each zone of your data centre, aligned to your NPSA threat assessment, Tier requirement and NBS specification. We work with architects, M&E consultants, security consultants and main contractors from RIBA Stage 2 onwards.
Request a Specification Review