Professional Documents
Culture Documents
CheckList Datacenter
CheckList Datacenter
Exists
Control
13602 - Closed-circuit TV cameras (CCTV) should be installed both inside and
outside the areas providing access to the roof terrace.
2771 - A pair of synchronized doors should be used at the entrance of the
datacenter.
2773 - Guests and service providers' employees should be allowed to go in only
after being properly authorized.
2774 - The ways of access to critical areas of the facility should be monitored by
closed circuit TV.
2775 - Access to the datacenter should be determined by security perimeters.
2776 - An automatic closing device should be installed on doors providing
access to the datacenter.
2777 - Only people wearing their identification badges in a way that makes them
clearly visible should be allowed in the data center.
2779 - Authorized personnel should always accompany visitors and service
providers.
2780 - Devices should be installed to block entry into the datacenter through
areas which are not frequently used.
2781 - Datacenter's doors should be equipped with alarms programmed to go on
whenever they are opened.
2782 - The key cabinet must be placed somewhere protected against
unauthorized access.
2783 - Fireproof doors and windows should periodically be checked to see
whether they are properly closed.
2784 - Reinforced bars should be installed on easily accessible windows to
outside areas and on skylights.
2785 - The door installed on the terrace roof should provide only outward
access.
2786 - Opening of emergency exit doors should only be allowed from the inside
of the data center.
2787 - Entrance through parking areas or car entrances exclusive to the
datacenter building should be allowed only to previously authorized persons.
2788 - All vehicles going in or out of the data center building's parking garage
should be carefully checked.
2789 - The comings and goings of assets, and all sorts of materials, in the facility
should be controlled.
2790 - The way of access for vehicles, especially when inside the building main
structure, should be protected.
2791 - TV cameras should be used to monitor the building's parking lot and
garage.
2792 - Redundancy should be provided to the electrical power infrastructure that
supplies electricity to the access control systems.
2793 - A mechanism restricting access to authorized persons should be installed
on emergency, equipment and maintenance entrances.
Group : Compliance
6524 - Corporate servers should be periodically checked to see whether their
configuration is in compliance with the established security standards and
requirements.
Group : Data/voice communication
2768 - Telephone lines should be protected against tapping.
2769 - The telephone lines should be frequently checked for tapping and
listening devices.
2770 - The telephone lines installed on the data center should not be allowed to
accept or make external calls.
Group : Electric circuits and power
17189 - The data center's power circuits should be divided according to the load
distribution.
2799 - Lightning rods should be installed to protect equipment and buildings.
2800 - Insulating material should be applied to the exposed areas of the data
center's electric installations.
2801 - Conductive installations and all types of conductive equipment that are
submitted to significant power levels should be electrically connected to the
ground.
2802 - Mechanisms to block access to electrical switchboards and control panels
should be installed in the datacenter.
2803 - Only the energy grid and control circuits belonging to the data center
should be located inside its facilities.
2805 - The circuits used for the datacenter should have a sufficient amount of
electric outlets.
2806 - Power outlets located on the floor should have a protective cover.
2808 - Emergency lights should be installed in the correct places inside the data
center facilities.
2809 - A redundant electric grid for the equipments should be in place and ready
for use.
2810 - The voltage at the entry point of the electrical distribution panels should
be monitored by a voltmeter that is capable of logging the readouts.
2811 - The amperage at the entry point of the electrical distribution panels should
be monitored by an ammeter that is capable of logging the readouts.
2813 - Up-to-date electric grid plans should be kept by the maintenance
personnel of the building's security team.
2814 - The IT hardware's supply electric power should be stabilized and fed by
exclusive non-shared wirings.
2815 - Electric generators and no-breaks should be installed in order to ensure
the continuous supply of power for the critical equipments.
2816 - Transformers, capacitors, stabilizers, central power generators and other
critical electric equipment should be well sheltered and protected.
2821 - Rainwater drainage pipes that pass through the datacenter should be
removed.
2822 - Pressurized gas pipes should be repositioned outside the datacenter
(except those used for firefighting purposes).
2836 - The rain drainage pipes should be cleaned regularly.
2838 - The terrace floor and building roof should be periodically waterproofed.
2840 - Water drainage gutters should be installed outside the building.
2851 - A gas suppression system should be used to fight fire in the datacenter.
Group : Identification and authentication
2772 - Employees and workers should always wear identification badges.
2778 - Badges with different colors and visual signs should be used to identify
individuals allowed in the environment.
Group : Information disposal
2796 - Trash pickups should be performed periodically.
2797 - Any material with sensitive information should be protected against nonauthorized access when being disposed of.
2798 - Specific-destined shredders should be used for disposing sensitive
information.
Group : Security incidents
2823 - Records of physical security incidents should be kept.
2824 - All images captured by the organizations' TV cameras should be recorded
and kept.
2825 - The images captured by the Closed Circuit TV should be often reviewed
and stored for any future need.
Group : Work environment
2844 - Any material that does not pertain to the data center operation should be
removed from its interior.
2845 - Warnings about the handling and storage of dangerous materials should
be affixed to places where they can be easily seen.
6120 - A list with the authorized types of dangerous material, accompanied by
their respective security procedures for storage, usage and transport, should be
released.