Auditing Data Centers Checklist
Review data center exterior lighting, building orientation, signage, and neighborhood characteristics to identify facility related risks.
Research the data center location for environmental hazards and to determine the distance to emergency services.
Review exterior doors and walls to determine if they protect data centers facilities adequately.
Evaluate physical authentication devices to determine if they are appropriate for the manner in which they are being used and are working properly.
Review security guard building rounds logs and other documentation to evaluate the effectiveness of the security personnel function.
Verify that sensitive areas are secured adequately.
Verify that heating, ventilation, and air-conditioning systems maintain constant temperatures within the data center.
Evaluate the data center's use of electronic shielding to verify that radio emissions do not affect computer systems or that system emissions cannot be used to gain unauthorized access to sensitive information.
Determine whether the data center has redundant power feeds.
Verify that ground to earth exists to protect computer systems.
Ensure that power is conditioned to prevent data loss.
Verify that battery backup systems are providing continuous power during momentary black-outs and brown-outs.
Ensure that generators protect against prolonged power loss and are in good working condition.
Ensure that a burglar alarm is protecting the data center from physical intrusion.
Verify that a fire alarm is protecting the data center from the risk of fire.
Ensure that a water alarm system is configured to detect water in high-risk areas of the data center.
Ensure that a humidity alarm is configured to notify data center personnel of either high or low-humidity conditions.
Review the alarm monitoring console(s) and alarm reports to verify that alarms are monitored continually by data center personnel.
Ensure that data center building construction incorporates appropriate fire suppression features.
Ensure that data center personnel are trained in hazardous materials handling and storage and that hazmat procedures are appropriate.
IT Auditing: Using Controls to Protect Information Assets by Chris Davis, Mike SchillerandKevin Wheeler 2007
|Free Download Attachment||Size|