Description Revision Info: WP# Audit of Information Technology Physical & Environment Controls

You might also like

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 54

WP # Audit of Information Technology Physical & Environment Controls

Description [Descrie the nature and intended usage for the program here!
"evision Info This program #as last revie#ed$updated on [Clic% to Insert Date here!
Page & of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 3 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 6 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page ( of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page ' of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 7 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 8 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 9 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page : of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &; of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page && of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &3 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &6 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &( of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &' of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &7 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &8 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &9 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page &: of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 3; of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 3& of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 33 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 36 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 3( of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 3' of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 37 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 38 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 39 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 3: of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 6; of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 6& of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 63 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 66 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 6( of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 6' of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 67 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 68 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 69 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page 6: of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (; of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (& of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (3 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (6 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (( of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (' of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (7 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (8 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (9 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page (: of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page '; of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page '& of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page '3 of '(
WP # Audit of Information Technology Physical & Environment Controls
Step Audit Procedure
#$ )tain ade*uate ac%ground information on the audit
area such as+
Audit reports from other audit and$or compliance
Productivity and performance measurement
reports$stats ,i-e- uptime percentage. etc/
E*uipment maintenance. monitoring and$or testing
documentation ,i-e- generator. fire suppression.
attery testing. etc/
0inancial reports$statements
Policies & Procedures
1ist of information technology applications utili2ed
1ist of la#s and regulations
Data Center diagram
)rgani2ational chart
Inventory listing
3- "evie# policies and procedures for completeness
verifying they at a minimum address compliance #ith
la#s and regulations- Also consider the follo#ing+
Does a data center security policy e4ist. and is the
policy current and ade*uately detailed5
Do access authori2ation procedures e4ist and do the
procedures apply to all persons ,e-g-. employees and
vendors/ re*uiring access to the data center5
Do e*uipment maintenance and testing policies
6- E4amine productivity and performance measures for
trends to assist in the developing audit scope-
(- "evie# financial reports$statements for unusual
trends$fluctuations ,i-e- udget stats such as maintenance
and purchases versus actual/-
'- Arrange a tour of the data center and oserve. consider
and$or in*uire aout the follo#ing+
Is the data center location conspicuous
Is access controlled via loc%s. monitoring devices.
Page '6 of '(
WP # Audit of Information Technology Physical & Environment Controls
Page '( of '(

You might also like