Because of the objective of this type of audit, the information security encompasses much more than just IT.
Multiple factors relate to data center procedures and activities that identify risks related to the data centre controls and efficient operation.
Possible audit assessments in this category can be :
- Systems and cross-functional training of procedures and personnel assignment and responsibilities
- Change management processes are in place and followed by IT and management personnel
- Back up procedures implementations
- Other methods to minimize downtime and prevent loss of important data
- Data centre physical security controls implementation and functioning for unauthorized access prevention
- Adequate environmental controls for equipment protection from floods, fire, natural disasters.