Standard Checklist for a Data Center Audit

by Johan Hjelm; Updated September 26, 2017
Server room in datacenter

A data center can face many different audits, from security procedures to energy efficiency. Typically, auditors focus on one single aspect every year if audits are annual. Because so many different aspects of a data center audit exist, no single standard covers them all; however, companies can adhere to standards that cover individual aspects.

ITIL Checklists

The Information Technology Infrastructure Library provides a set of checklists for various aspects of service development and management, which apply to data centers. In particular, the Service Delivery and Information Technology and Communications Infrastructure sections of ITIL apply do data centers. ITIL is an industry standard, and common for management and planning of information technology projects in Europe.

Security Audit using ISO 27000

Verifying the security of any organization can be problematic, and data centers are no exception. International Organization of Standardization/International Electrotechnical Commission 27000 series is a set of standards that specify how to use information security systems. In particular, one of the intended uses is to provide relevant information about information security policies, directives, standards and procedures to external organizations.

Outsourcing Services Audit using ISO 27001

The ISO 27001 contains checklists for data center outsourcing services audits. The points for verification include the installation and operations of hardware and software; the continuous monitoring of performance, capacity and operational status; and software management practices, including backup and upgrade. Recovery procedures in the event of failure and the capabilities to support outsourced services are also part of the checklist.

SAS 70 audit of Service Organizations

The American Institute of Certified Public Accountants developed the Statement on Auditing Standards No. 70 for service organizations. It is a means of verifying the control objectives and control activities of a service organization. In case of IT-related services, this implies a data center audit. Despite the common use of the SAS 70, the Statement on Standards for Attestation Engagements number 16 and the audit standard Audit Considerations Relating to an Entity Using a Service Organization replaced it. While neither the SAS 70 nor the new standards replacing it contains checklists as such, they aim to provide a set of requirements that you can check.

About the Author

A former journalist and magazine editor since 1984, Johan Hjelm is now an independent writer. He has written 15 books, contributed to "Data Communications" and was editor-in-chief of "Nätvärlden." Hjelm has a certificate in journalism from Poppius School of Journalism, and has studied at Uppsala University in Sweden and the Massachusetts Institute of Technology.

Photo Credits

  • scanrail/iStock/Getty Images