Standard Checklist for a Data Center Audit
Running and managing data centers requires many different types of audits. Audits on quality control, security procedures, energy efficiency and more should be performed at least annually. Conducting regular audits allows you to see what your company is doing right and helps shine a light on any pain points that your employees may be experiencing.
Regular audits are important to showcase what is going well and what needs improvement. They can also assist with preparing training schedules and can help employee issues from getting lost in the shuffle. There is no single standard that can cover all of the audits that you may need to run when working in a data center. However, there are standards to which many companies adhere when running checklists and audits.
The Information Technology Infrastructure Library provides checklists for many different aspects of management and service development. Looking over the information that you can find on sample ITIL checklists may reveal information that pertains to your data center.
The service delivery and information technology and communications infrastructure sections of the ITIL apply to data centers in particular. Because ITIL holds industry-standard checklists and procedures, following them will assure that your data center is maintaining compliance with those standards.
The International Organization for Standardization/International Electrotechnical Commission 27000 provides a set of standards that outlines how to use information security systems. As technology continues to advance, these standards must also evolve. All centers that collect data from the public are under an obligation to keep that information safe from those who would use it for identity theft or other malicious means. ISO 27000 provides relevant information about information security, including directives, standards, policies and procedures.
There are many reasons why an internal audit may not be the best method of checking your data security. Employees who have a deep working knowledge of your company could also have biases about what procedures are best, why they are the best and how they should be used. This isn’t to say that your employee isn’t being honest, but confirmation bias can occur without anyone being aware.
The ISO 27001 data center audit checklist, therefore, contains information that data centers can use when outsourcing their service audits. These verification points have a wide range of impact, including installation and operation of hardware or software, equipment maintenance, continuous performance monitoring, operational monitoring, software management and recovery procedures.
When dealing with database management, ensure that your hardware and software builds are done correctly. Correct builds have the proper continuous maintenance, such as patches and updates to secure data.
Some equipment will age out of use as software continues to develop. In order to remain compliant, it’s necessary to update this software and equipment.
Continually monitoring your equipment, hardware and software will allow you to notice when there are performance issues. You also need to continually monitor your staff and the validity of the data with which you are working.
Checking your operations management will allow you to get a clear picture of downtime, times when your systems are in a “bottleneck” or other times that your systems may be failing you.
Depending on the size of your company, you may have an entire IT department or one person seeing to your IT needs. Regardless of the size of your IT department, it should be continually monitoring software operation and processing the needed upgrades.
When you are collecting data, you must be prepared for a catastrophic loss of that data. Updating your information to a secure database is only part of your recovery. You should be able to ensure that you can go back and secure data when it is lost.