Co-location refers to renting rack space, power, and network connectivity in an external data center. The hardware belongs to the renting organization; the data center operator provides the physical infrastructure.
In an ISMS context, co-location is relevant to ISO 27001 Annex A controls A.7.3 (Securing Offices and Facilities), A.7.5 (Protecting Against Physical and Environmental Threats), and A.5.19-A.5.22 (Supplier Relationships). Responsibility for physical security lies with the operator — you must ensure their measures (access controls, fire protection, climate control, redundancy) meet your requirements. Verify the operator’s certifications (ISO 27001, SOC 2), SLA guarantees for availability, and contractual arrangements for access rights.