Simple Data Center Audit Checklist for IS auditor

Data center audit or site review is one of mandatory activity during IT audit process. But most of IS auditor forget key activity that should be checked during the process. Here is simple audit checklist to be used:

1. Policies & Procedure
• Have computer center operating policies and procedures been written?
• Are they sufficiently descriptive in detail to guide the organization and operation?
• Do data center personnel aware to the policies and procedures?
• Are they kept up-to-date?

2. Personnel
• Are data control center personnel and operators' assignments rotated?
• Is an operating log maintained to record any significant events and action taken by the operator?
• Is the operator log inspected daily by management?

3. Incident handling
• Do the computer room operators know exactly what to do when the different types of fire emergencies occur?
• Do the other personnel know exactly what to do when fire emergencies occur?

4. Fire Alarm
• Are the fire alarm pull boxes and emergency power switches clearly visible and unobstructed?
• Are clear and adequate fire instructions posted in all locations?
• Are there enough fire alarm pull boxes in the computer area?
• Are the operators trained periodically in fire fighting?
• Are the operators assigned individual responsibilities in case of fire?
• How frequently are fire drills held?

5. Fire extinguisher
• Sprinkler
• Halon
• FM200

6. Air Conditioner
• Is the power of Air Conditioner separated from main building power?
• How frequently the Air Conditioner checked

7. Environment Control
• Wiring and cable management
• Combustible goods should be removed
• Water and liquid good should be located outside data center
• How data center protected? Secure ID? Finger print? Lock?