Upload File

data center review audit program

prev
next
out of 5
Download Data Center Review Audit Program

Upload: ricky-bongo

Post on 07-Apr-2018

216 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/4/2019 Data Center Review Audit Program

    1/5

    STANFORD UNIVERSITY

    INTERNAL AUDIT PROGRAM

    DATA CENTER REVIEW

    DATA CENTER REVIEW PROGRAM

    Our objectives are to ensure:

    The physical security and access control measures are adequate toprevent unauthorized access to computer center areas.

    The environmental controls are adequate to minimize hardware /software losses from fire or flood.

    PROCEDURE RESPONSEW/P

    REF.

    I PRELIMINARY PROCEDURES:

    A. Obtain a current list of personnel,(including positions), responsiblefor maintaining the programs,backing up the system/data files,and using the computer centersystems.

    B. Obtain a schedule or document anoverview of the InformationSystems Including hardwareresources, software,support/design staff, and users) inthe Computer Center

    Determine the overallcriticalness of each majorsystem identified

    On dial-in lines does thesecurity system includecallback features or some othermeans of control to ensureauthorized access?

    C. Review the previous audit reportand note items to be followed upduring the current audit.Determine if management hastaken appropriate and timelyaction to address the deficienciesnoted in the audit report.

    D. Review any examination reportsreceived since the last audit.Determine if management hastaken appropriate and timelyaction to address the deficienciesnoted.

    II PHYSICAL SECURITY

    A. Determine the geographicallocation of the Data Center and

  • 8/4/2019 Data Center Review Audit Program

    2/5

    STANFORD UNIVERSITY

    INTERNAL AUDIT PROGRAM

    DATA CENTER REVIEW

    PROCEDURE RESPONSEW/P

    REF.

    evaluate the overall risks.

    B. Identify any additional hardwarestorage locations (e.g. Servers,Gateways, Bridges, Routers,Multiplexors etc) and evaluate theirphysical security. (e.g.

    Telecommunication Rooms,Electrical Switchgear Rooms).

    (what other locations connect tothis facility?)

    C. Assure that there are writtenprocedures in effect, which preventunauthorized persons from gainingaccess to computer facilities.

    (obtain copies of proceduremanuals)

    D. Assess the building's securityprogram and describe theequipment and/or other measures

    the data facility uses to provideprotection. (e.g. CCTV)

    E. Determine that the computer roomis equipped with locks to limitaccess, and those access devicesare properly assigned andaccounted for. (Access devicesmay be keys, magnetic cards, orcombinations.)

    F. If keys or magnetic cards are used,verify that they are accounted forby an inventory control andrecovered if the assigned individual

    leaves the Company's employmentor moves to a job that does notwarrant access to the computerfacility.

    G. If combination locks are used,verify that they are changed on aregular basis to ensure that theusefulness of a combination knownto a former employee would beshort-lived.

    H. Determine the basis on whichindividuals are given keys, cards,or combinations to the computer

    room. Access should be on a need-to-enter basis only. (For example,the president does not have a needto enter, but the computeroperator does. Need is not afunction of rank, but of jobresponsibilities.)

    (obtain procedure manual)

    I. Through observation, determinethat doors to the computer room

  • 8/4/2019 Data Center Review Audit Program

    3/5

    STANFORD UNIVERSITY

    INTERNAL AUDIT PROGRAM

    DATA CENTER REVIEW

    PROCEDURE RESPONSEW/P

    REF.

    are kept locked at all times.

    J. Determine that a log of access tothe computer room is maintained.

    The log should contain at least thesignatures of individuals who arenot regularly on duty in thecomputer room.

    K. Determine that when anyone whois not regularly assigned to thecomputer room enters the securearea, that individual has to sign anentry log.

    L. Verify that a list of personsauthorized to be in the computerroom is posted in plain sight, and

    that individuals not on the list arerequired to be accompanied byindividuals who are so authorized.(No one should be allowed in thecomputer room, including check-processing areas, withoutauthorization or sponsorship andwithout the presence of an officialwho is authorized to grant accessto the computer room).

    M. Determine that service techniciansare identified by official documentsfrom their employers until they are

    well known and recognized by thestaff of the computer room.

    N. Determine how any unauthorizedhardware components added tothe network would be detected.

    III FIRE PROTECTION SYSTEMS (describe Fire Protection Systems)

    A. Ascertain if the computer room hasan adequate and safe fire-suppression system withassociated detectors (heat, smoke,and water) and whether othernecessary environmental controls

    are in use.B. Ensure fire-suppression equipment

    would effectively extinguish fireswithout harm to equipment anddocuments in the computer room.

    C. Confirm that the area immediatelysurrounding the Data Center is freefrom combustible materials. (Note:

    Physical Security over Data

  • 8/4/2019 Data Center Review Audit Program

    4/5

    STANFORD UNIVERSITY

    INTERNAL AUDIT PROGRAM

    DATA CENTER REVIEW

    PROCEDURE RESPONSEW/P

    REF.

    Centers must extend to the areasimmediately surrounding the Data

    Center. The reason for this isattributed to the fact that mostfires start outside the Data Centerand then spread in.)

    D. Determine that the computer isprotected by an UninterruptiblePower Source (UPS) to ensuresmooth transition of operations inthe event of power failure.

    E. The computer room should be keptclean at all times.

    F. Determine if fire protectionsystems are regularly tested.

    IV ENVIRONMENTAL

    CONTROLS

    A. The environmental equipment andcontrols should be adequate toprotect the computer hardwarefrom damage. Use the followingareas as a guideline in determiningadequacy.

    B. Ventilation and air conditioningshould be adequate to maintainappropriate temperature levelspecified by the manufacturer.

    C. Recording thermometers andhumidity indicators should belocated so the readings can beobtained easily. A trained personshould monitor these instrumentson a routine basis.

    D. The hardware should automaticallyshut down to protect itself fromdamage if unacceptabletemperatures reached.

    E. The computer equipment shouldbe subject to periodicmaintenance, cleaning andinspection and a record kept ofsuch.

    F. The computer room ceiling shouldbe adequately constructed toprevent water from entering thecomputer room.

    G. Overhead water steam and pipesshould be avoided.

    H. Adequate drainage should be

  • 8/4/2019 Data Center Review Audit Program

    5/5

    STANFORD UNIVERSITY

    INTERNAL AUDIT PROGRAM

    DATA CENTER REVIEW

    PROCEDURE RESPONSEW/P

    REF.

    provided.

    I. Are the floors raised?J. Independent air conditioning

    system with backup power supplyshould be installed.

    V EMERGENCY PROCEDURES

    A. Determine if the posted emergencyprocedures address:

    Instructions for shuttingoff utilities.

    Instructions forpowering down equipment.

    Instructions for

    activating/deactivating firesuppression equipment.

    Personnel evacuation.

    Security valuable assets.Determine if emergency proceduresare conspicuously posted throughoutthe organization.

    Determine whether employees arefamiliar with their duties andresponsibilities in an emergencysituation and whether an adequateemployee-training program has beenimplemented.

    Determine the notification proceduresto: Management andClients/CustomersConfirm that backup copies of data aremaintained in off-site.

    VI CONCLUSIONS:


Redmond Review MSN Audit

Audit Oversight - Defense Technical Information Center Audit Oversight Report on Quality Control Review of ... review of internal control and the audit of compliance ... Chapter 6

Audit Committee Effectiveness Review Questionnaire

Storage Distribution Center Audit Scoring Guidelines · PDF fileSTORAGE AND DISTRIBUTION CENTER AUDIT SCORING GUIDELINES ... Storage Areas & Packaging Materials 19 ... Audit Structures

2007 DRO Audit - South Louisiana Correctional Center ... · 2007 DRO Audit - South Louisiana Correctional Center, Basile, LA

Audit Quality Thematic Review Materiality

Energy Audit in Finland and International review of Energy Audit

SEO Audit Example & Website Review

Data Center Audit

Financial Audit Review

Report on Audit Quality Review - QRB INDIA | QRB CA INDIA · Report on Audit Quality Review Report on Audit Quality Review Report on Audit Quality Review Report on Audit Quality Review

Call Center Assessments & Audit

CPA Audit/Review Guide - Foundation Softwareclients.foundationsoft.com/fsi/cpa/pdf/foundation... · CPA Audit/Review Module Executive Overview Foundation Software's CPA Audit Review

SKILLS FIRST PROGRAM AUDIT AND REVIEW STRATEGY · Skills First Program Audit and Review Strategy | 2 AUDIT AND REVIEW STRATEGY: PURPOSE AND OBJECTIVES Funding Assurance To confirm

INTERNAL AUDIT REPORT - muni.org Audit Reports/2018-07.pdf · • Internal Audit Review: Anchorage Municipal Code subsection 3.87.0708, Internal audit review, requires that "The Internal

N.C. Rural Center audit

Call center audit marketing resultant

SURGICAL AUDIT & PEER REVIEW CPD...Guide to Surgical Audit and Peer Review - Continuing Professional Development - 6 Total Practice Audit A total practice audit is an audit of all

Envirotech Waste Audit Review Highlights

Governmental Audit Quality Center - AICPA

Follow-up Review of Audit of Agricultural Extension Center … · 2016-09-19 · Scope and Methodology . We conducted a follow-up review of our audit of Agricultural Extension Center

Project audit & review checklist

A Review on Audit Quality Factors - hrmars.comhrmars.com/.../Article_24_A_Review_on_Audit_Quality_Factors1.pdf · A Review on Audit Quality Factors ... audit quality represents how

SKILLS FIRST PROGRAM AUDIT AND REVIEW … · Skills First Program Audit and Review Strategy | 2 AUDIT AND REVIEW STRATEGY: PURPOSE AND OBJECTIVES Funding Assurance To confirm that

Audit and Review Report

FM Contact Center Audit [Compatibiliteitsmodus]

technical audit in murugappa group - toward converting the audit from cost center to profit center !

SHARIAH AUDIT AND REVIEW FOR ISLAMIC FINANCIAL …...Financing Key Audit and Review Areas in Tawarruq Personal Financing Key Audit and Review Areas in Istisna’ Property Financing

Data Center Review - Montana Legislatureleg.mt.gov/content/publications/audit/report/06dp-05.pdf · Data Center Review ... any particular application, database, or system, ... the

Remote Audit: A Review of Audit- Enhancing Information and

Alliance Audit Regulatory Review

Medical Review Audit

YEAR IN REVIEW 2012 - Center for Audit Quality

DaCS Audit Trail Review - spreadsheetvalidation.com · The audit trail review solution is achieved by adding an audit trail review worksheet into each DaCS workbook. This audit review

Audit Committee, 22 November 2016 Internal audit – Review …hpc-uk.org/assets/documents/100051FDEnc08-Internalauditreviewof... · Internal audit – Review of recommendations Executive