Data Center audit preparation
Assign topic to the user
We do not have any articles or customized documents on preparation of data center, but the truth is - if you want to implement ISO 27001 in a data center, there is no much difference to other IT companies. Majority of our customers are IT companies, and they find our documentation very convenient for their purpose. Here is a detailed description of our ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
If you are interested particularly on how to audit, this Internal Audit Toolkit can help you: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
And here's one article on ISO 27001 and cloud computing: https://advisera.com/27001academy/blog/2011/05/30/cloud-computing-and-iso-27001-bs-25999/
More analytical thread of conversation. Data center audit is truly an important aspect and I wish more concerns in this matter. I have already hired a better support from TechXact, but still I need to explore more on behalf of my own business. Is there anyone to suggest more beyond of such frequent auditing? Thanks for the conversation.
During the audit to a data center an auditor can request you information about the physical and environmental security (A.11 Physical and environment security), so some points that can be reviewed are A.11.1.1 Physical security perimeter, A.11.1.2 Physical entry control, A.11.1.3 Protecting against external and environmental threats (fire extinguishing system, humidity sensor, fire sensor, air conditioning, etc), A.11.2.1 Equipment siting and protection, A.11.2.3 Cabling security (generally it is a big problem in many data centers), etc.
Maybe this article can be interesting for you ³ISO 27001 Case study for data centers: An interview with Goran Djoreski² : https://advisera.com/27001academy/blog/2013/10/29/iso-27001-case-study-for-data-centers-an-interview-with-goran-djoreski/
As a best practice you can search more information about the standard ANSI/TIA-942 which is specifically related to minimum requirements for telecommunications infrastructure of data centers (it is not ISO standard, is an American National Standard).
Comment as guest or Sign in
Jan 12, 2016