The following tables summarize the steps listed herein for auditing data centers and disaster recovery.
Checklist for Auditing Data Centers
qReview data center exterior lighting, building orientation, signage, and neighborhood characteristics to identify facility related risks.
qResearch the data center location for environmental hazards and to determine the distance to emergency services.
qReview exterior doors and walls to determine if they protect data centers facilities adequately.
qEvaluate physical authentication devices to determine if they are appropriate for the manner in which they are being used and are working properly.
qReview security guard building rounds logs and other documentation to evaluate the effectiveness of the security personnel function.
qVerify that sensitive areas are secured adequately.
qVerify that heating, ventilation, and air-conditioning systems maintain constant temperatures within the data center.
qEvaluate the data center's use of electronic shielding to verify that radio emissions do not affect computer systems or that system emissions cannot be used to gain unauthorized access to sensitive information.
qDetermine whether the data center has redundant power feeds.
qVerify that ground to earth exists to protect computer systems.
qEnsure that power is conditioned to prevent data loss.
qVerify that battery backup systems are providing continuous power during momentary black-outs and brown-outs.
qEnsure that generators protect against prolonged power loss and are in good working condition.
qEnsure that a burglar alarm is protecting the data center from physical intrusion.
qVerify that a fire alarm is protecting the data center from the risk of fire.
qEnsure that a water alarm system is configured to detect water in high-risk areas of the data center.
qEnsure that a humidity alarm is configured to notify data center personnel of either high or low-humidity conditions.
qReview the alarm monitoring console(s) and alarm reports to verify that alarms are monitored continually by data center personnel.
qEnsure that data center building construction incorporates appropriate fire suppression features.
qEnsure that data center personnel are trained in hazardous materials handling and storage and that hazmat procedures are appropriate.
qVerify that fire extinguishers are placed every 50 ft within data center isles and are maintained properly.
qEnsure that fire suppression systems are protecting the data center from fire.
qVerify that surveillance systems are designed and operating properly.
qEnsure that physical access control procedures are comprehensive and being followed by security staff.
qReview facility monitoring procedures to ensure that alarm conditions are addressed promptly.
qVerify that network, operating system, and application monitoring procedures provide adequate information to identify potential problems.
qEnsure that roles and responsibilities of data center personnel are clearly defined.
qVerify that duties and job functions of data center personnel are segregated appropriately.
qEnsure that emergency response procedures address reasonably anticipated threats.
qVerify that data center facility-based systems and equipment are maintained properly.
qEnsure that data center personnel are trained properly to perform their job functions.
qEnsure that data center capacity is planned to avoid unnecessary outages.
qVerify that procedures are present to ensure secure storage and disposal of system media.
Checklist for Auditing Disaster Recovery
qEnsure that hardware redundancy is used to provide high availability where required.
qVerify that redundant systems at separate sites are used where very high system availability is required.
qEnsure that backup procedures are appropriate for respective systems.
qVerify that systems can be restored from backup media.
qEnsure that backup media can be retrieved promptly from off-site storage facilities.
qEnsure that a disaster recovery plan exists and is comprehensive and that key employees are aware of their roles in the event of a disaster.
qEnsure that disaster recovery plans are updated and tested regularly.
qVerify that parts inventories and vendor agreements are accurate and current.
qEnsure that emergency operations plans address various disaster scenarios adequately.