Data Center Security Checklist

Utilize the Data Center Security Checklist to assess and fortify security measures, ensuring comprehensive protection of sensitive data and infrastructure.​

Data Center Security Checklist



Flexibility

1. Can the data center provide assurances as to which staff will have access to customer racks and cages (e.g. background-checked personnel only)?


Photo Comment

2. Is it possible to block access to data center staff entirely (unless a health and safety risk is detected)?


Photo Comment

3. Is the data center willing and able to provide dedicated caged areas where necessary?


Photo Comment

4. Can the data center offer bespoke rack security as a lower-cost alternative to caged areas (such as individual biometric scanners or card readers)?


Photo Comment

5. Is there a wider range of services (such as cloud and DR) that allow customers to use the facility to meet other IT objectives besides security?


Photo Comment
Accreditations

1. Is the data center compliant with ISO27001 (the international standard for information security management)?


Photo Comment

2. Is the data center compliant with any other required standards such as PCI DSS?


Photo Comment

3. Are high quality CCTV systems installed, with live monitoring where required?


Photo Comment

4. Are security personnel background-checked/approved by industry bodies such as the SIA?


Photo Comment
Building Security

1. Are there a wide range of access controls in place (such as perimeter fences, infrared tripwires, swipe cards, biometric scanners and mantraps)?


Photo Comment

2. Are the access controls configured to provide multi-factor authentication?


Photo Comment

3. Are data center halls windowless, with the minimum safe number of entry points?


Photo Comment

4. Are the racks and cages in the data center kept anonymous?


Photo Comment

5. Is access to racks and cages controlled by electronic locks or keys?


Photo Comment

6. If keys are used, where are they stored? Is access controlled and monitored?


Photo Comment

7. Is access to sensitive areas in the data center monitored via 24-hour CCTV?


Photo Comment

8. Is CCTV monitoring carried out by an on-site NOC?


Photo Comment

9. In the event of a break-in, would security staff be compromised (and become part of the incident) or would they be able to react to it?


Photo Comment

10. Is the data center directly linked to police control rooms?


Photo Comment
Policies And Processes

1. Is a suitable process in place for customers to grant and remove access to their racks and cages for both internal and external personnel?


Photo Comment

2. Are access records kept up to date and retained for the required length of time?


Photo Comment

3. Are data center staff granted access to halls, racks and cages on a need-only basis?


Photo Comment

4. Are visitors to the data center accompanied by staff or tenants at all times unless authorized by a person with any relevant credentials?


Photo Comment

5. Are third-party engineers and contractors required to gain access through the NOC, and is the authorisation process secure?


Photo Comment

6. Are ID badges used to differentiate between data center staff and visitors?


Photo Comment

7. Are badges assigned and managed by a suitable authority (e.g. NOC)?


Photo Comment

8. How thorough are the data center’s ID checks and security induction for new customers? Do staff sound confident in their own procedures?


Photo Comment

9. Is the movement of equipment in and out of the data center controlled and monitored?


Photo Comment
Staff

1. Is the data center able to offer an audit-friendly service, and answer a full range of auditors’ questions and produce certifications?


Photo Comment

2. Are data center staff able to share general advice around data center security and compliance?


Photo Comment

3. Are senior security personnel based at the data center itself rather than a remote site?


Photo Comment

4. Are the data center staff required to undergo background checks where necessary?


Photo Comment

5. Are they sensitive to customer’s confidentiality requirements (not disclosing customer names as part of a sales pitch, for example)?


Photo Comment
Contractors

1. Are third-party suppliers or contractors ever allowed to enter the data center unaccompanied?


Photo Comment

2. If so, is the data center willing to share the relevant supplier information with customers?


Photo Comment

3. Are third-party engineers and contractors accredited or vetted to any required standards?


Photo Comment

4. Are customers able to access basic information on supplier agreements, authorisation levels, and any policies and processes in place to control and monitor their activity within the data center?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Seeing is Believing

Get a live demo customized to your unique needs, or get started with a 14-day FREE trial.