Because of the objective of this type of audit, the information security encompasses much more than just IT.

Multiple factors relate to data center procedures and activities that identify  risks related to the data centre  controls and efficient operation.

Possible audit assessments in this category can be :

•  Systems and cross-functional training of procedures and personnel assignment and responsibilities
• Change management processes are in place and followed by IT and management personnel
• Back up procedures implementations
• Other methods to minimize downtime and prevent loss of important data
• Data centre  physical security controls implementation and functioning for  unauthorized access prevention
• Adequate environmental controls for equipment protection from floods, fire, natural disasters.