Infrastructure pillar · Module 1 of 6

What is IT infrastructure?

Think of IT infrastructure as the plumbing and electricity of the digital world. Just like a building needs foundations, wiring, and pipes before anyone can live in it, every app, website, and digital service needs infrastructure to run.

← Back to Infrastructure Fundamentals Training

Controls stack visual kit

Reusable icons and a telemetry-to-audit diagram aligned to our fundamentals and operational guides.

Governance evidence

Use for control statements that cite ISO/IEC 42001 clause 6.3 change management, EU AI Act Articles 62–75, and SOC 2 trust service criteria.

Secure supply chain

Pair with SBOM, provenance, and intake guidance that references SPDX or CycloneDX formats, SLSA Level 3 attestations, and NIST SSDF tasks PS.3/PO.4.

Telemetry & evaluations

Highlight logging of prompts, responses, refusal rates, and safety filters alongside adversarial evaluation suites from NIST AI RMF playbooks or UK AISI guidance.

Assurance & resilience

Use for incident response and assurance artefacts that must meet OMB M-24-10 24-hour notifications, CIRCIA’s 72-hour clocks, and serious-incident duties under the EU AI Act.

Signals Controls Evidence Audit
  • Signals: prompt traces, supplier advisories, and safety filter activations streamed into monitoring.
  • Controls: guardrails, change review, SBOM validation, and access enforcement tied to AI lifecycle gates.
  • Evidence: runbooks that capture artefacts for ISO/IEC 42001 management reviews and SOC 2 narratives.
  • Audit: regulator-facing packets that satisfy EU AI Act post-market monitoring, OMB M-24-10, and CIRCIA timelines.

1.1 The building blocks

Let’s break this down into pieces you can actually picture:

  • Compute (the brains). These are the computers that actually run your applications. They might be physical servers sitting in a data centre, or virtual machines running in the cloud. When you open an app on your phone, somewhere out there, a computer is doing the thinking.
  • Storage (the memory). Where all your data lives—your photos, your company’s records, everything. This could be hard drives, solid-state drives, or massive storage systems. The tricky part? Making sure it’s fast enough AND safe from loss.
  • Network (the roads). How everything talks to everything else. Routers, switches, cables, and wireless connections. When you click a link, your request travels through dozens of network devices before reaching its destination.
  • Facilities (the building itself). The physical stuff—the data centre building, the power systems, the cooling (servers get HOT), and the security guards at the door. Without reliable facilities, nothing else matters.

Why should you care?

Here’s the thing: when infrastructure works, nobody notices. It’s invisible. But when it fails...

The business reality

  • Downtime costs real money—sometimes thousands per minute
  • Slow systems frustrate customers (and they leave)
  • Data loss can literally end a business
  • Security breaches often start with infrastructure weaknesses

The opportunity

  • Good infrastructure lets teams move fast
  • It can be a competitive advantage
  • Modern options are more accessible than ever
  • Understanding it makes you more valuable professionally

1.2 The big choice: where does your infrastructure live?

  • On-premises (“on-prem”). You buy servers, put them in your own data centre (or a closet), and manage everything yourself. Maximum control, maximum responsibility. Like owning a house.
  • Cloud. You rent infrastructure from Amazon (AWS), Microsoft (Azure), or Google (GCP). They handle the physical stuff; you just use it. Like renting an apartment—less control, less hassle.
  • Hybrid. A bit of both. Keep sensitive stuff on-prem, use cloud for everything else. Most large organisations end up here.
  • Colocation (“colo”). You own your servers, but you put them in someone else’s data centre. They provide power, cooling, and security. You manage your equipment.

💡 The key insight

There’s no “best” choice—only the right choice for your situation. A startup might go all-cloud for speed. A bank might stay on-prem for control. Most organisations mix and match. The important thing is understanding the trade-offs.

Free resources to learn more

Next: Data centres and hardware →