free advice:
read 152-FZ, 1119 government decree, 21 order of the FSTEC. If it is supposed to provide access to the ISPD from the outside, then in a good way it is worth looking at order 378 of the FSB. The first thing to do is to write or find ready-made policies, all sorts of regulations, etc. Further, a list of PD and (or maybe before) - registration in the RKN. ISPD classification.
"Data center certification in FSTEC" - sounds menacing. To protect the ISPD at home, you must follow the above orders. Any iron can be used - but it is cheaper to use certified means of protection for nerves. Gateway certification - depending on how you plan to present it as a means of protection.

If I'm not mistaken, then you should have Ch. engineer. If so, then the security guard will have to be taken.

The protection of personal data from the point of view of the law and those who check it is more about paper than about technology.
As they said above, you need to read: 152-FZ, 1119-PP, 21 orders of the FSTEC.
About UZ-1 or UZ-2, you got excited for sure, since for this you must determine for yourself the threats of bookmarks in the application / system software, and no one does this voluntarily, as this leads to unnecessary problems during the construction of the protection system .
Everyone defines for themselves the 3rd type of actual threats, which ultimately gives the 3rd or 4th KM for 99% of the ISPD. (UZ-2 will only come out if you process a special category of more than 100 thousand subjects, which is unlikely).
PS I can make turnkey SZPDn after clarifying all the details of your system. (contacts in profile)