Data centers contain business critical customer data which, if lost or breached, can have an enormous impact on the organization - including the possible failure of the organization to survive. Certain information of the data center operator/owner is also required to be confidential and only to be used on a ‘need-to-know’ basis.
The data center must implement physical, organizational and technical security measures (e.g. cyber security) to ensure the confidentiality, integrity, and availability of its own and its customers' information and information systems.
Therefore, proper security policies, procedures, work instructions and controls should be defined and implemented with regular reviews to be undertaken, especially following major (regulatory) changes. Consideration should be given to well established security related standards such as ISO-27001, PCI-DSS, MCTS etc. and data privacy regulations applicable for the territory where the data center operations is being situated.