IT Audit on Data Centre and Disaster Recovery Centre

Physical Security

Is the data centre located in a secure facility?

Are appropriate access controls in place (e.g., key card systems, biometric authentication)?

Is there 24/7 surveillance and monitoring of the data centre?

Are fire detection and suppression systems installed and regularly tested?

Are there environmental controls (e.g., temperature, humidity) to ensure equipment safety?

Are backup power systems (e.g., UPS, generators) in place and regularly maintained?

Network Infrastructure

Is the network architecture well-documented and up to date?

Are network devices (e.g., routers, switches) properly configured and secured?

Are there redundancies in the network design to ensure high availability?

Are network cables organized and labeled correctly?

Is there a network monitoring system in place to detect anomalies?

Server and Storage Infrastructure

Are servers and storage devices properly secured against physical and logical access?

Are server and storage configurations documented and up to date?

Is there a regular maintenance schedule for servers and storage equipment?

Are backups performed regularly and tested for data integrity?

Are there disaster recovery plans and procedures in place?

Data Backup and Recovery

Are backup procedures documented and followed consistently?

Is data backed up to an off-site location?

Are backup tapes or disks stored securely and protected from environmental hazards?

Are there regular tests of the backup and recovery processes?

Are backup logs reviewed for errors or anomalies?

Data Security and Privacy

Are access controls implemented to restrict data access based on user roles?

Is data encrypted both in transit and at rest?

Are there procedures in place to handle data breaches or unauthorized access incidents?

Is there a data classification policy to ensure appropriate security measures are applied?

Are privacy policies and compliance with relevant regulations (e.g., GDPR, HIPAA) maintained?

Incident Response and Business Continuity

Is there an incident response plan in place to handle IT security incidents?

Are incident response procedures regularly tested and updated?

Is there a business continuity plan that includes the data centre and disaster recovery centre?

Are there backup personnel assigned and trained to take over critical roles during emergencies?

Are there regular drills to ensure the effectiveness of the incident response and business continuity plans?

Documentation and Compliance

Are all IT systems and configurations properly documented?

Are there change management processes in place to track and approve system changes?

Are audit logs enabled and regularly reviewed?

Are there regular IT compliance assessments conducted (e.g., PCI DSS, ISO 27001)?

Are there procedures to address any identified compliance gaps or vulnerabilities?

Vendor Management

Are contracts and service level agreements (SLAs) with data centre and disaster recovery centre providers in place?

Are vendor performance and security reviews conducted periodically?

Are there incident response and escalation procedures for vendor-related issues?

Are there backup vendor options available in case of service disruptions or contract termination?

Are vendor contracts and agreements reviewed by legal and compliance teams?