Benefits of Regular Data Center Audits
Regular audits are important to showcase what is going well and what needs improvement. They can also assist with preparing training schedules and can help employee issues from getting lost in the shuffle. There is no single standard that can cover all of the audits that you may need to run when working in a data center. However, there are standards to which many companies adhere when running checklists and audits.
A data center audit can take significant time and financial resources, so determining your end-goal is critical. Before you begin your own audit or commission a third party, compare the various types of audits and what they include.
A data center audit focusing on physical security will document and ensure that the appropriate procedures and technology are in place to avoid downtime, disasters, unauthorized access, and breaches. It includes issues such as:
- Screening of employees and contractors who access equipment
- Biometrics or other forms of access control
- Video surveillance
- Fire suppression systems
- Cabinet-level security
In addition to analyzing current security processes, a security audit can also provide you with improvement recommendations.
Access Control Audits
Periodic audits of access policies should be carried out as well, testing whether or not security personnel is following all authentication procedures and if access lists are up to date. A security audit also tests the readiness of security personnel and may incorporate additional screening and background checks of both data center employees and contractors who have access to the facility.
Energy Efficiency/Power Audit
Collectively, data centers utilize about three percent of the world’s electricity, but much of that power is used by smaller, less efficient facilities that are plagued by poor design, inconsistent processes, and limited oversight. A data center energy efficiency audit helps you pinpoint potential ways to reduce energy usage and utility bills. By taking a close look at power use, the thermal environment, and lighting levels, an energy audit can uncover things such as malfunctioning equipment, incorrect HVAC settings, and lights being left on in unused/unoccupied spaces.
During a data center audit that focuses on energy efficiency, power usage effectiveness (PUE) can also be calculated (based on dividing total power usage by IT equipment power). By tracking this number, you can establish benchmarks and determine whether data center performance is improving or declining over time.
A data center audit that involves an inventory of assets creates a library of accurate, up-to-date information about all of the equipment in your data center – from servers and cabinets to storage devices.
The type of information documented in an asset audit could include:
- Model number
- RU position
- Equipment age
- Current performance level
- Maintenance records and requirements
Depending on your organization, and the types of data your data center processes and stores, there are many standards and guidelines to follow. A few examples:
- PCI: to ensure that acceptable practices are in place to protect credit card data
- HIPAA: to ensure that protected health information is stored and hosted online following HIPAA hosting standards, and that stored data is protected and available only to people who are authorized to view them
- Sarbanes-Oxley (SOX): to ensure proper management of electronic records
An audit to verify standards compliance results in documentation that proper policies and procedures are in place to meet requirements set forth by these standards.
Audits for other standards can also be conducted:
- SSAE 18: to measure data center controls relevant to financial reporting
- SOC 1: to measure data center controls relevant to financial reporting (similar to SSAE 18)
- SOC 2: to measure security, availability, processing integrity, confidentiality, and privacy controls
- SOC 3: documentation of SOC 2 compliance along with a seal of approval for use on websites and other marketing materials and documents
This type of data center audit focuses on design, comparing the facility’s actual design to applicable standards and redundancy levels. Even though they’re typically performed before a new data center is built, or an existing data center is renovated, a design audit can also be performed to gather ideas for improved data center operations.
Silverback Data Center Solutions can audit your current data center performance, and make a plan to modify power consumption, maximize floor space, enhance security and reduce the potential for human error.