There are many things to “audit” inside a data center in order to keep it operating at peak performance. When your team starts talking about a data center audit, make sure you know your options.
Depending on your goals, and what you hope to accomplish, there are several types of data center audits that be conducted. Here’s a rundown of the most common, and what types of information they can uncover.
Security Audit
A data center audit focusing on physical security will document and ensure that the appropriate procedures and technology are in place to avoid downtime, disasters, unauthorized access and breaches. It will revolve around things like:
- Fire suppression systems
- Screening of employees and contractors who access equipment
- Biometrics or other forms of access control
- Video surveillance
- Cabinet-level security
In addition to analyzing current security processes, a security audit can also provide you with improvement recommendations.
Energy Efficiency/Power Audit
A data center energy efficiency audit helps you pinpoint potential ways to reduce energy usage and utility bills. By taking a close look at power use, the thermal environment and lighting levels, an energy audit can uncover things such as malfunctioning equipment, incorrect HVAC settings and lights being left on in unused/unoccupied spaces.
During a data center audit that focuses on energy efficiency, power usage effectiveness (PUE) can also be calculated (based on dividing total power usage by IT equipment power). By tracking this number, you can establish benchmarks and determine whether data center performance is improving or declining over time.
Asset Audit
A data center audit that involves inventory of assets creates a library of accurate, up-to-date information about all of the equipment in your data center – from servers and cabinets to storage devices.
The type of information documented in an asset audit could include:
- Manufacturer
- Model number
- RU position
- Equipment age
- Current performance level
- Maintenance records and requirements
Standards-Compliance Audit
Depending on your organization, and the types of data your data center processes and stores, there are many standards and guidelines to follow. A few examples:
- PCI: to ensure that acceptable practices are in place to protect credit card data
- HIPAA: to ensure that protected health information is stored and hosted online in accordance with HIPAA hosting standards, and that stored data is protected and available only to people who are authorized to view them
- Sarbanes-Oxley (SOX): to ensure proper management of electronic records
An audit to verify standards compliance results in documentation that proper policies and procedures are in place to meet requirements set forth by these standards.
Audits for other standards can also be conducted:
- SSAE 16: to measure data center controls relevant to financial reporting
- SOC 1: to measure data center controls relevant to financial reporting (similar to SSAE 16)
- SOC 2: to measure security, availability, processing integrity, confidentiality and privacy controls
- SOC 3: documentation of SOC 2 compliance along with a seal of approval for use on websites and other marketing materials and documents
Design Audit
This type of data center audit focuses on design, comparing the facility’s actual design to applicable standards and redundancy levels. Even though they’re typically performed before a new data center is built, or an existing data center is renovated, a design audit can also be performed to gather ideas for improved data center operations.
source:
https://www.belden.com/blog/data-centers/comparing-different-types-of-data-center-audits
