Computer systems require specific environmental conditions such as controlled temperature and humidity. Data centers are designed to provide this type of controlled environment. When auditing a data center, the
Heating, ventilation, and air-conditioning systems are used to provide constant temperature and humidity levels within the data center. This is important because computer systems are damaged by extremes in either. High humidity levels can cause corrosion over time, and low humidity levels cause static electricity to occur.
Data center temperatures should range from 65 to 70°F. Temperatures above 85°F will damage computer equipment. Humidity levels should be between 45 and 55 percent. The auditor should review temperature and humidity logs to verify that each
Electronic equipment creates electronic emissions that, in theory, can be captured and disseminated to compromise the information that is being
There was a program that the
National Security Agency
(NSA) initiated in the 1960s called the
that was created to study the feasibility of using electronic emissions to gain access to
The auditor should review any shielding strategies that the data center employs to protect against interference or unauthorized access through emissions. Also determine whether there are any nearby sources of electronic interference. The data center facility manager usually can provide this information during an interview.
Computer systems require uninterrupted, clean power to
Redundant power feeds that provide power from two or more power
Ground to earth to carry excess power away from systems during electrical faults
Power conditioning systems to convert
Battery backup systems (UPSs) that provide immediate power, typically for short periods of time
Generators to provide sustained power during extended power losses
When performing data center
Some data centers are built in locations where they can connect to more than one power station. When the power supplied by one feed is lost, the other often will
This control is not always present, but it is worth exploring with the data center facility manager during interviews.
Ungrounded electrical power can cause computer equipment damage, fire,
Unlike redundant power feeds, the ground-to-earth control always should be present. Ground to earth is a basic feature of all electrical installations. It consists of a
that connects all electrical outlets to a rod that is sunk into the ground. When short circuits or electrical faults occur, excess voltage is passed through the ground wire safely into the ground rather than
Power spikes and sags damage computer systems and destroy information. Power conditioning systems mitigate this risk by buffering the spikes and sags.
Clean power can be represented as a wave pattern with symmetric peaks and valleys. Normal utility power has a wave pattern with peaks and valleys that are far from symmetric,
Power failures can cause data loss through abrupt system shutdowns. UPS battery systems mitigate this risk by providing 20 to 30 minutes of power as well as power conditioning during normal utility power conditions.
Battery backup systems or UPSs offer immediate power in the event of a power loss. They are typically designed to provide somewhere between 20 minutes and 1
Mission-critical data centers, by their nature, cannot withstand any power loss. Since it is
Generators come in two common varieties:
Diesel generators are most common but have a finite amount of fuel stored in their tanks. Diesel fuel is also a biohazard. If it is spilled, there could be significant cleanup expenses. Also, if the generator is in close proximity to the data center, there is a danger of a spill that
Natural gas generators run cleaner and theoretically have an infinite supply of fuel as long as the gas lines are intact. There is no danger of spills, but there is an increased danger of fire. Natural gas generators are employed rarely, however, because of the expense.
Propane generators are also expensive but have a limited supply of fuel. Again, this can be mitigated with service contracts.
All types of generators require frequent maintenance and testing. As a result, the auditor should review both maintenance and test logs during a data center audit. Additionally,