Data Center Review Audit Work Program

Essential Steps for Reviewing Data Center Processes
The attached Data Center Review Audit Work Program is a detailed guide designed to facilitate the auditing of data centers, focusing on both security and environmental controls. It outlines a systematic approach and includes two distinct samples, each aimed at addressing specific audit objectives. Sample 1 emphasizes evaluating access and environmental controls, detailing the roles of the project team and the phases of the audit process, which include planning, fieldwork and report issuance. It highlights the importance of physical security measures, such as reviewing access procedures, ensuring vendor supervision, and documenting the physical characteristics of the data center. The sample culminates in a reporting phase where findings are compiled and discussed with management before final publication.
Sample 2 shifts focus to the protection of information resources against unauthorized access and environmental hazards. It provides comprehensive procedures for verifying the effectiveness of security architecture and ensuring that proper access controls are in place. This sample includes steps for supervising vendor personnel, restricting access through keys or automated systems, and maintaining a secure environment within the data center. Additionally, it addresses environmental security by ensuring adequate fire protection systems, proper air conditioning, and humidity control measures are in place. Both samples together create a robust framework for assessing and enhancing the security posture of data centers, ensuring they are well-equipped to handle potential threats and maintain operational integrity.
Audit work steps include:
- Ensure that vendor service personnel and visitors are supervised while in the data center.
- Obtain a list of individuals with access to the data center and test for reasonableness.
- Determine if access to the data center is restricted by using keys, cipher locks, badges or other automated security devices.
- Determine if preventive maintenance is performed on data center equipment