Translate

Thursday, November 04, 2010

Data Center Audit

Data center audit or site review is one of mandatory activity during
IT audit process. But most of IS auditor forget key activity that
should be checked during the process. Here is simple audit checklist
to be used:

1. Policies & Procedure
• Have computer center operating policies and procedures been written?
• Are they sufficiently descriptive in detail to guide the
organization and operation?
• Do data center personnel aware to the policies and procedures?
• Are they kept up-to-date?

2. Personnel
• Are data control center personnel and operators' assignments rotated?
• Is an operating log maintained to record any significant events and
action taken by the operator?
• Is the operator log inspected daily by management?

3. Incident handling
• Do the computer room operators know exactly what to do when the
different types of fire emergencies occur?
• Do the other personnel know exactly what to do when fire emergencies occur?

4. Fire Alarm
• Are the fire alarm pull boxes and emergency power switches clearly
visible and unobstructed?
• Are clear and adequate fire instructions posted in all locations?
• Are there enough fire alarm pull boxes in the computer area?
• Are the operators trained periodically in fire fighting?
• Are the operators assigned individual responsibilities in case of fire?
• How frequently are fire drills held?

5. Fire extinguisher
• Sprinkler
• Halon
• FM200

6. Air Conditioner
• Is the power of Air Conditioner separated from main building power?
• How frequently the Air Conditioner checked

7. Environment Control
• Wiring and cable management
• Combustible goods should be removed
• Water and liquid good should be located outside data center
• How data center protected? Secure ID? Finger print? Lock?