IT audit process. But most of IS auditor forget key activity that
should be checked during the process. Here is simple audit checklist
to be used:
1. Policies & Procedure
• Have computer center operating policies and procedures been written?
• Are they sufficiently descriptive in detail to guide the
organization and operation?
• Do data center personnel aware to the policies and procedures?
• Are they kept up-to-date?
2. Personnel
• Are data control center personnel and operators' assignments rotated?
• Is an operating log maintained to record any significant events and
action taken by the operator?
• Is the operator log inspected daily by management?
3. Incident handling
• Do the computer room operators know exactly what to do when the
different types of fire emergencies occur?
• Do the other personnel know exactly what to do when fire emergencies occur?
4. Fire Alarm
• Are the fire alarm pull boxes and emergency power switches clearly
visible and unobstructed?
• Are clear and adequate fire instructions posted in all locations?
• Are there enough fire alarm pull boxes in the computer area?
• Are the operators trained periodically in fire fighting?
• Are the operators assigned individual responsibilities in case of fire?
• How frequently are fire drills held?
5. Fire extinguisher
• Sprinkler
• Halon
• FM200
6. Air Conditioner
• Is the power of Air Conditioner separated from main building power?
• How frequently the Air Conditioner checked
7. Environment Control
• Wiring and cable management
• Combustible goods should be removed
• Water and liquid good should be located outside data center
• How data center protected? Secure ID? Finger print? Lock?