How to Do a Data Center Audit Checklist

Data center audits are essential in protecting the integrity of your information and avoiding security breaches. Although you can perform these audits internally, hiring external consultants to perform them will help avoid biased results that might otherwise arise from internal efforts alone.

This document includes two work programs to outline general steps taken during a data center audit review, such as identifying gaps, conducting an incident management analysis, reviewing physical security and providing staff with adequate training.

Preparation for the Audit
An audit is the only reliable way to understand whether or not a facility can protect your data in an emergency, as well as how well staff respond during power outages and natural disasters. A data center audit can be an invaluable resource for business owners; therefore it’s vital that they learn how to conduct one effectively.

Preparing for an audit process takes significant preparation. Staff representatives must be available for meetings and interviews with an audit firm in order to discuss and verify key controls that exist in your company. Timing can vary, depending on how prepared and responsive the company is during this process.

Verify whether there are enough security cameras to monitor all entrances and exits of the facility, and ensure fire alarm pull boxes are visible and accessible to staff members in case of emergencies. Also, it is vital that fire evacuation procedures are clearly documented and practiced properly.

Performing the Audit
Your company’s data is of immense value to it and any unauthorized use could have devastating repercussions for its future success. To protect it, there are various steps you can take, such as auditing both physical and virtual security protocols in the data center.

One essential step when selecting a data center facility is reviewing its performance history. Can they quickly address server-related issues? Likewise, can they accommodate growth? For instance, should your storage requirements quadruple in two years’ time, will the facility meet those additional space and power demands?

Another key point when researching data centers is discovering their frequency of extended load testing. Unfortunately, due to cost restrictions many data centers forgo this essential practice; consequently, any generator issues won’t be identified until there’s an unexpected power outage and can prove disastrous. Furthermore, verify they have an established and well-documented process for issuing, accounting and recovering biometric access devices like smart cards.

Reporting on the Audit
Data centers are integral components of business operations and must protect sensitive data securely. Failure can have devastating repercussions for an entire organization; for this reason, auditing these facilities regularly to ensure they adhere to industry standards is of utmost importance.

Data center audits involve verifying access controls, security procedures, monitoring systems and redundancy/reliability tests; specifically eliminating single points of failure within both internal services as well as external services/utility supplies.

Staff should perform extended load testing of each generator regularly in order to detect issues that might not appear during normal operation, but could become catastrophic during a power outage. A good data center will perform these tests regularly in order to make sure each generator can provide backup power for critical servers or equipment like UPSs.

Keeping Records
Retaining records is an essential aspect of data center auditing. Doing so allows you to show that your facility complies with ISO standards and can serve as evidence if there is ever an incident at your facility requiring compliance verification. Kisi can help simplify this task; exporting the last thousands of events that took place quickly into a spreadsheet format for quick analysis and proof of compliance in minutes.

Assuring access logs of biometric or smart card devices are reviewed regularly and that there is a procedure in place to disable user access if they leave your organization is also essential. Finally, ensure all offsite storage facilities provide documented auditing processes with records of activity logs to monitor access activity.

General steps outlined in this checklist should be enough to complete an IT Data Center Audit; however, special-purpose audits or those conducted according to specific regulations or industry standards may require further preparation and testing.