Scribd
Upload
218 views

Auditing Data Centers Checklist For Auditing Data Centers

This document provides a checklist for auditing data centers with 40 items to review. The checklist includes reviewing physical security measures like access controls and alarms, environmental controls like temperature and humidity, electrical systems like backup power, fire safety systems, and operational procedures like disaster recovery planning and staff training. The goal is to evaluate risks and ensure adequate protection of the data center facilities, equipment, and operations.

Uploaded by

adiss defnaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
218 views

Auditing Data Centers Checklist For Auditing Data Centers

This document provides a checklist for auditing data centers with 40 items to review. The checklist includes reviewing physical security measures like access controls and alarms, environmental controls like temperature and humidity, electrical systems like backup power, fire safety systems, and operational procedures like disaster recovery planning and staff training. The goal is to evaluate risks and ensure adequate protection of the data center facilities, equipment, and operations.

Uploaded by

adiss defnaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Auditing Data Centers

Checklist for Auditing Data Centers


1. Review data center exterior lighting, building orientation, signage, fences, and neighborhood
characteristics to identify facility-related risks.
2. Research the data center location for environmental hazards and to determine the distance to
emergency services.
3. Review data center doors and walls to determine whether they protect data center facilities
adequately.
4. Evaluate physical authentication devices to determine whether they are appropriate and are
working properly.
5. Ensure that physical access control procedures are comprehensive and being followed by
data center and security staff.
6. Ensure that intrusion alarms and surveillance systems are protecting the data center from
physical intrusion.
7. Review security guard building round logs and other documentation to evaluate the
effectiveness of the security personnel function.
8. Verify that sensitive areas within the data center are secured adequately. Ensure that all
computer processing equipment essential to data center operations (such as hardware
systems, power supply breakers, and so on) is located within the computer processing room
or in a secure area
9. Verify that heating, ventilation, and air-conditioning (HVAC) systems maintain constant
temperatures within the data center.
10. Ensure that a water alarm system is configured to detect water in high-risk areas of the data
center.
11. Determine whether the data center has redundant power feeds.
12. Verify that ground-to-earth exists to protect computer systems.
13. Ensure that power is conditioned to prevent data loss.
14. Verify that battery backup systems are providing continuous power during momentary black-
outs and brown-outs.
15. Ensure that generators protect against prolonged power loss and are in good working
condition.
16. Evaluate the usage and protection of emergency power-off (EPO) switches.
17. Ensure that data center building construction incorporates appropriate fire suppression
features.
18. Ensure that data center personnel are trained in hazardous materials (hazmat) handling and
storage and that hazmat procedures are appropriate. Also determine whether data center
personnel are trained in how to respond to a fire emergency.
19. Verify that fire extinguishers are strategically placed throughout the data center and are
maintained properly.
20. Ensure that fire suppression systems are protecting the data center from fire.
21. Verify that fire alarms are in place to protect the data center from the risk of fire.
22. Review the alarm monitoring console(s), reports, and procedures to verify that alarms are
monitored continually by data center personnel.
23. Verify that network, operating system, and application monitoring provides adequate
information to identify potential problems for systems located in the data center.
24. Ensure that roles and responsibilities of data center personnel are clearly defined.
25. Verify that duties and job functions of data center personnel are segregated appropriately.
26. Ensure that emergency response procedures address reasonably anticipated threats.
27. Verify that data center facility-based systems and equipment are maintained properly.
28. Ensure that data center personnel are trained properly to perform their job functions.
29. Ensure that data center capacity is planned to avoid unnecessary outages.
30. Verify that procedures are present to ensure secure storage and disposal of electronic media.
31. Review and evaluate asset management for data center equipment.
32. Ensure that hardware redundancy (redundancy of components within a system) is used to
provide high availability where required.
33. Verify that duplicate systems are used where very high system availability is required.
34. Ensure that backup procedures and capacity are appropriate for respective systems
35. Verify that systems can be restored from backup media.
36. Ensure that backup media can be retrieved promptly from off-site storage facilities.
37. Ensure that a disaster recovery plan (DRP) exists and is comprehensive and that key
employees are aware of their roles in the event of a disaster.
38. Ensure that disaster recovery plans are updated and tested regularly.
39. Verify that parts inventories and vendor agreements are accurate and current.
40. Ensure that emergency operations plans address various disaster scenarios adequately

You might also like