Previous Table of Contents Next


COMMENTS

Y/N 15. Do you have a written standards manual, or other document, that describes the normal practices for departmental employees to follow?
Please attach a copy (if small) or the table of contents.

COMMENTS

16. Personnel Issues
Y/N a. Investigations have shown that the risk of loss is as great in the area of swindle and sabotage as it is for fire and water damage. In light of these facts, is the background of those who will be employed in sensitive positions carefully checked?
Y/N b. Is continuing education a requirement for information systems personnel?
What is the annual minimum hours of training?Is training information recorded anywhere?
Y/N c. Is the IT staff cross-trained and expected to cover other functions in the department?
Y/N d. Have all employees taken at least five days of vacation in the past year?

COMMENTS

17. Are the following functions segregated from each other within the IT department? (Note that this may not be practical at smaller installations.)
Y/N a. Systems analysis and design?
Y/N b. Programming?
Y/N c. Physical library of tapes and disks?
Y/N d. Operating the computer?

COMMENTS

Y/N 18. Are any outside consultants or time-sharing services in use?If yes, please identify those in use, and provide an estimate of the total payments made to them in the past year.

COMMENTS

Y/N 19. Is there a practice of conducting post-implementation reviews for significant projects?
Please describe the process (comments section), what deliverables it has, and what happens to the information. Also, provide an example report from such a review.

COMMENTS

B. PHYSICAL SECURITY

Data center Access

1. How many entrances/exits are there?
Y/N 2. Do all doors have locks?
Y/N 3. Are the doors locked at all times the room is unattended?
4. What types of locks are used?
    a. How often are they changed?
Y/N     b. Are they changed automatically when someone leaves?
Y/N 5. Is the data center a separate fire zone (e.g., floor to ceiling walls, etc.)?
Y/N 6. Does security patrol the IT area?

COMMENTS

Data Center Room Sensor/Alarm System

Please indicate which of the following are in place and functioning.

Y/N 7.   Smoke detectors
Y/N 8.   Heat sensors
Y/N 9.   Particle sensors
Y/N 10. Water detectors
Y/N     a. Is water damage a risk in the data center?
Y/N     b. Is there a raised floor?
        If yes, how high is the floor from the subfloor?
Y/N     c. Are under-floor sprinklers needed?
Y/N         Installed?
Y/N     d. Does the data center have a drainage system?
Y/N         Is there any risk of flooding due to water rising out of the drainage system?
Y/N         Are automatic shut-off valves used?
Y/N 11. Are any or all of these sensors connected to the guard or other outside monitoring systems such that the triggering of any of these devices will require timely investigation?
Y/N 12. Are any or all of these systems tested regularly?
Y/N     How often is testing performed?
Y/N     Who does the testing?
Y/N     Are the results of the testing recorded?

COMMENTS

Fire Suppression Systems—Please note which of the following you have.

Y/N 13. Halon system
Y/N   Is there a prevent discharge button?
Y/N   Are there posted instructions by the prevent discharge button to ensure it is used properly?
Y/N 14. CO2 system
Y/N 15. Sprinkler system
Wet   Is it a wet or dry pipe system?
Dry
16. If you have a Halon system, is there a plan to replace it with a non-CFC chemical?

COMMENTS

Electrical Considerations

Y/N 17. Do you have an uninterruptible power source (UPS)?
  How many minutes of backup does it provide?
  What items are protected?
Y/N   Are the UPS and CPU logically linked to manage the power outage?
Y/N 18. Is the room air conditioned?
Y/N   Is it on a separate system or systems?
Y/N   Are air ducts closed automatically?

COMMENTS

Y/N 19. Is there an emergency power cutoff switch for the room?
Where is it located?
Y/N Is it protected from accidental contact?

COMMENTS

Y/N 20. Is the data center on a dedicated circuit breaker?
Y/N Is the breaker protected from accidental shut-off?
Y/N 21. Is there battery powered lighting in place?

COMMENTS

System Console Keyswitch

22. What position is the console keyswitch in? _______________
(This switch has four settings—secure, auto, normal, and manual. The secure position permits the system to be powered down but does not permit the system to be restarted unless the key is inserted and the keyswitch is turned into one of the other positions. The auto position permits an automatic system restart based on established parameters. The normal position also allows a certain amount of intervention in the IPL, but does not permit the system values to be changed. The manual position permits manual intervention, changes to system values, or the use of IBM’s Dedicated Service Tools—all of which present a significant risk to the established security and control settings. You may refer to IBM publication “Security Concepts and Planning” for more information.)
Y/N 23. Is the key removed from the key lock to avoid unauthorized changes to the key lock switch?

COMMENTS

Other Physical Security Considerations

Y/N 24. Is smoking permitted in the data center?
Y/N 25. Is trash removed promptly so that the risk of fire and accidents is minimized?
26. Who cleans the data center?
Y/N   If an outside cleaning service is used, are the employees supervised?
Y/N 27. Are cables and electrical wires either under a raised floor or covered to prevent accidents?

COMMENTS

C. LOGICAL SECURITY

1. Security Master Officer (QSECOFR)

Y/N a. Has one individual (and possibly an alternate) been designated as the master security officer? (The system provides a userid upon delivery that is defined as the security officer (QSECOFR). Additional security officers can be defined by assigning a user to the user class QSECOFR. The system also provides the ability to establish a person as a security administrator (user class *SECADM), rather than a security officer, with less capability than the security officer.)
Y/N b. Is a copy of the master security password written down and locked in a secure location?


Previous Table of Contents Next