A data center audit can take significant time and financial resources, so determining your end-goal is critical. Before you begin your own audit or commission a third party, compare the various types of audits and what they include.
A data center audit focusing on physical security will document and ensure that the appropriate procedures and technology are in place to avoid downtime, disasters, unauthorized access and breaches. It includes issues such as:
- Screening of employees and contractors who access equipment
- Biometrics or other forms of access control
- Video surveillance
- Fire suppression systems
- Cabinet-level security
In addition to analyzing current security processes, a security audit can also provide you with improvement recommendations.
Energy Efficiency/Power Audit
A data center energy efficiency audit helps you pinpoint potential ways to reduce energy usage and utility bills. By taking a close look at power use, the thermal environment and lighting levels, an energy audit can uncover things such as malfunctioning equipment, incorrect HVAC settings and lights being left on in unused/unoccupied spaces.
During a data center audit that focuses on energy efficiency, power usage effectiveness (PUE) can also be calculated (based on dividing total power usage by IT equipment power). By tracking this number, you can establish benchmarks and determine whether data center performance is improving or declining over time.
A data center audit that involves inventory of assets creates a library of accurate, up-to-date information about all of the equipment in your data center – from servers and cabinets to storage devices.
The type of information documented in an asset audit could include:
- Model number
- RU position
- Equipment age
- Current performance level
- Maintenance records and requirements
Depending on your organization, and the types of data your data center processes and stores, there are many standards and guidelines to follow. A few examples:
- PCI: to ensure that acceptable practices are in place to protect credit card data
- HIPAA: to ensure that protected health information is stored and hosted online in accordance with HIPAA hosting standards, and that stored data is protected and available only to people who are authorized to view them
- Sarbanes-Oxley (SOX): to ensure proper management of electronic records
An audit to verify standards compliance results in documentation that proper policies and procedures are in place to meet requirements set forth by these standards.
Audits for other standards can also be conducted:
- SSAE 18: to measure data center controls relevant to financial reporting
- SOC 1: to measure data center controls relevant to financial reporting (similar to SSAE 18)
- SOC 2: to measure security, availability, processing integrity, confidentiality and privacy controls
- SOC 3: documentation of SOC 2 compliance along with a seal of approval for use on websites and other marketing materials and documents
This type of data center audit focuses on design, comparing the facility’s actual design to applicable standards and redundancy levels. Even though they’re typically performed before a new data center is built, or an existing data center is renovated, a design audit can also be performed to gather ideas for improved data center operations.
Silverback can review your current data center performance, and make a plan to modify power consumption, maximize floor space, enhance security and reduce the potential for human error.