A data center can face many different audits, from security procedures to energy efficiency. Typically, auditors focus on one single aspect every year if audits are annual. Because so many different aspects of a data center audit exist, no single standard covers them all; however, companies can adhere to standards that cover individual aspects.
The Information Technology Infrastructure Library provides a set of checklists for various aspects of service development and management, which apply to data centers. In particular, the Service Delivery and Information Technology and Communications Infrastructure sections of ITIL apply do data centers. ITIL is an industry standard, and common for management and planning of information technology projects in Europe.
Security Audit using ISO 27000
Verifying the security of any organization can be problematic, and data centers are no exception. International Organization of Standardization/International Electrotechnical Commission 27000 series is a set of standards that specify how to use information security systems. In particular, one of the intended uses is to provide relevant information about information security policies, directives, standards and procedures to external organizations.
Outsourcing Services Audit using ISO 27001
The ISO 27001 contains checklists for data center outsourcing services audits. The points for verification include the installation and operations of hardware and software; the continuous monitoring of performance, capacity and operational status; and software management practices, including backup and upgrade. Recovery procedures in the event of failure and the capabilities to support outsourced services are also part of the checklist.
SAS 70 audit of Service Organizations
The American Institute of Certified Public Accountants developed the Statement on Auditing Standards No. 70 for service organizations. It is a means of verifying the control objectives and control activities of a service organization. In case of IT-related services, this implies a data center audit. Despite the common use of the SAS 70, the Statement on Standards for Attestation Engagements number 16 and the audit standard Audit Considerations Relating to an Entity Using a Service Organization replaced it. While neither the SAS 70 nor the new standards replacing it contains checklists as such, they aim to provide a set of requirements that you can check.
- scanrail/iStock/Getty Images