Monday, Jan 15, 2018
HomeFeaturesArticlesHow to Manage Data Center Risk and Reduce Insurance Premiums

How to Manage Data Center Risk and Reduce Insurance Premiums

Some data center operators view the insurance underwriting process as opaque and wonder why the underwriter requests access to sensitive, and even proprietary, information as part of risk assessment. For their part, insurers say that accurate and detailed information helps them assess risk and price policies appropriately, and that doing so helps them charge lower premiums. Still some data center operators understandably chafe at the intrusion and extra work involved in preparing documentation for the insurer, especially when the underwriter requires changes to lower risk.

Apprehension about the underwriting process on the part of data center operators is often understandable. Enterprise risk management departments often select the policy and the insurer without input from the data center operator, particularly when the data center is part of a larger enterprise. As a result the data center operator does not always recognize that the facility’s interests and the insurer’s interest are aligned. Both benefit from reduced risk and the minimization of damage from incidents. And by providing detailed and accurate information to the underwriter, the enterprise can benefit from reduced insurance premiums. Industry-recognized credentials can help validate that operating risks are being managed effectively.

Uptime Institute’s Tier Certification of Operational Sustainability (TCOS) and Management and Operations (M&O) Stamp of Approval provide assurance of effective data center operations that reduce risk but also provide third-party validation that is acceptable to the underwriter and a growing number of insurers. Both credentials are based on a comprehensive set of evidence-based methods, processes, and procedures at both the management and operations levels that have been proven to dramatically reduce data center risk, as outlined in the Tier Standard: Operational Sustainability.

CNA’s Risk Control Director Steve Douglas said, “Uptime Institute helps customers lower that risk through a continuous review of changing operational conditions and practices with both the company’s TCOS and M&O Stamp of Approval programs resulting in quantifiable improvements in operational excellence. Any insured who demonstrates this set of risk attributes may qualify for more competitive insurance policy terms and pricing.” In addition CNA includes Uptime Institute in its Allied Partner program to encourage clients to access services that will help them reduce risk and premium cost.


When insurers and underwriters evaluate a data center organization for coverage, they want to be certain that the risk profile of the facility is as low as possible. Considerations such as fire resistance are a component of data center risk, but data centers also require coverage against other accidents that damage the facility or the servers, workplace injuries, and business risks from downtime events that impact the data center’s or its customers’ business continuity.

The primary risks in data center operations include:

  • Third Party (Liability)
    • Service Interruption
    • Data Security/Privacy
    • Damage to Property of others in care, custody, or control
    • Premises Liability
  • First Party (direct losses to insured)
    • Property Damage
    • Business Interruption
    • Extra Expense
    • Equipment Breakdown
  • Employee Health and Safety
  • Regulations


Uptime Institute has analyzed more than 20 years of incident data and determined that human error (i.e., bad operations) is responsible for approximately 70% of all data center incidents.  Fire, by contrast, causes only 0.14% of data center losses. In other words, bad operations practices are 500 times more likely to negatively impact a data center than fire. These data points are consistent with Uptime Institute’s observations that even new and robust facilities can experience outages or accidents if management fails to define effective policies and procedures, maintain equipment, properly train staff, and apply the policies and procedures.

TCOS and M&O Stamp of Approval are Uptime Institute data center operations credentials. The process of earning these credentials helps operators identify liability risks and mitigate the impact of an incident, reducing potential damages. In addition to reducing the probability of loss, clearly defined repeatable procedures and processes as required by the Uptime Institute credentials demonstrate that an operation adheres to a duty of care that is foundational to most standards of care.

When data centers obtain the relevant Uptime Institute credential, it results in a level of expert scrutiny unmatched in the industry, giving insurance companies the risk management proof they need. As a result, insurers can validate risk level to a consistent set of reliable Standards. This proof of risk quality allows infrastructure and service providers to obtain more competitive terms and pricing across their insurance programs. In practice, facilities with good operations, as validated by a TCOS or M&O Stamp of Approval, can benefit from reduced insurance costs.

Organizations that apply the Tier Standard: Operational Sustainability are taking the most effective actions available to protect their investment in infrastructure and systems and reduce the risk of costly incidents and downtime. The elements outlined in the Standard have been developed based on the industry’s most comprehensive database of information about real-world data center incidents, errors, and failures. The Standard focuses on specific behaviors and criteria that have been proven to decrease the risk of downtime.

To assess and validate whether a data center organization is meeting this operating Standard, Uptime Institute administers the industry’s leading operations certifications.

  • Earning a TCOS credential signifies that a data center upholds the most stringent criteria for quality, consistency, and risk prevention in its facility and operations.
  • The M&O assessment evaluates management, staffing, and procedures independent of topology and ensures that the facility is operated to maximize the uptime potential and minimize the risks to the existing infrastructure.

Earning one of these credentials demonstrates to all stakeholders that a data center is following the principles of effective operations and is being managed with transparency following industry best practices.


The process for a data center to receive either TCOS or the M&O Stamp of Approval includes a review of each facility’s policies and documentation but also includes on-site inspections and live demonstrations to verify that critical systems, backups, and procedures are effective—not just on paper but in daily practice. These credentials offer the only comprehensive risk assessment in the data center industry, zeroing in on the risk factors that are the most critical.

The data center environment is so dynamic that if policies, procedures, and practices are not revisited on a regular basis, they can quickly become obsolete. Even the best procedures implemented by solid teams are subject to erosion. Staff may become complacent, or bad habits begin to creep in.

There is tremendous value for organizations that hold themselves to a consistent set of standards over time, evaluating, fine-tuning, and retraining on a routine basis. This discipline creates resiliency, ensuring that maintenance and operations procedures are appropriate and effective, and that teams are prepared to respond to contingencies, prevent errors, and keep small issues from becoming large problems.

Uptime Institute