PHYSICAL SECURITY
- 1. - - - D
Unauthorized entry to the data center shall be prevented by locks, automatic admission checking system, or guards. If the data center is on the ground floor, the windows shall be of an unbreakable type, preferably also opaque and not possible to open.
YES _____ NO _____ N/A _____
___________________________________________________
___________________________________________________
- 1a Is the data center locked at all times? _____
- 1b What type of lock is used? ____________________
For combination and card type locks, how often is it changed to a new number or card? _______________________
- 2. - B C D
Fire extinguishers of carbon dioxide or Halon gas shall be located in the data center and in the adjacent one. Where applicable, the fire control organization should be consulted and it should make inspections.
YES _____ NO _____ N/A _____
_______________________________________________
_______________________________________________
- 3. - - - D
Automatic fire extinguishing installations, smoke detectors, and fire alarms are strongly recommended. However, in most countries, Halon will be forbidden within the first half of the 1990s. The technological developments must be observed. Before deciding for a new automatic Halon installation, corporate approval must be obtained.
YES _____ NO _____ N/A _____
_______________________________________________
_______________________________________________
- 4. - B C D
Sprinklers might be a suitable alternative if they are combined with an automatic power shut-off to the computer before the sprinklers are released.
YES _____ NO _____ N/A _____
_________________________________________
_________________________________________
- A What controls exist for the risk of fires in the data center or surrounding areas? Check all that apply.
Halon system _____
| Smoke alarms _____
|
Sprinkler _____
| Extinguisher _____
|
Other _________________
| Halon extinguisher _____
|
Will the activation of any of the above trigger a central alarm for times when the room is not manned?________________________
__________________________________________________________
- 5. - - C D
When constructing a data center, sewer and water pipes should be removed or the material changed to an anticorrosive material. If there is any risk of leakage, flooding, or water rising from the drainage system, there shall be (automatic) shut-off valves and gutters.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- 6. - - - D
- A water or moisture alarm should be installed.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- * 6a Is water damage a risk in the data center? _____
- * 6b Is there a raised floor? _____ If so, how high? _____ Are underfloor sprinklers needed? _____ in place? _____
- 7. - B C D
Where needed, air conditioning equipment shall be installed. If suitable, the capacity should be divided into at least two units.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- 8. - - - D
Equipment for alarm and power shut-off at unsuitable temperature or humidity should be installed.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- 9. A B C D
UPS, Uninterruptible Power Supply, should be installed where power disruptions are frequent and recovery takes a long time or where disruptions incur significant costs.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- * 9a Do you have a UPS? _____ If yes, then .....
how many minutes of backup does it provide? _____
is it linked to the CPU? _____
what items are protected? _____________________________
- 10. A B C D
Stabilizers should be used where voltage or frequency is not stable.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- 11. A B C D
When sending data media containing payment transactions, special security measures shall be taken to prevent the media from being altered. Such measures could be a fixed timetable for the conveyance, transport in a locked box, and an electronic seal on a tape.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
B What position is the CPU console keyswitch normally kept in?
_____________ Where is the key kept? ______________ Who has access to the key? _______________________________
Continued with OPERATIONS on the following page.
OPERATIONS
- 12. A B C D
Backup copies shall be taken so frequently that the time for a recovery procedure is relatively short. The recovery should not take more than four hours or create business disturbances or incur significant costs. For frequently used files, backup shall be at least daily. A full backup including low frequency files and system and application software shall be taken at least monthly.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- 13. A B C D
The backup copies shall be stored in such a way that they cannot be destroyed or stolen at the same time as the computer. This means that they should either be stored in another building or in a fireproof cupboard in another room than the computer. The backup copies shall be kept under lock and key.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- 14. A - - -
At least two generations of backup shall be kept.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- 15. - B C D
At least three generations of backup shall be kept.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
- * 15a Please indicate the appropriate information about making and storing backup files:
File type
| # of cycles
| when taken (daily, etc.)
| which are off-site?
|
Application data
| ______
| ______
| ______
|
Application program
| ______
| ______
| ______
|
Operating system
| ______
| ______
| ______
|
Utilities
| ______
| ______
| ______
|
Other
| ______
| ______
| ______
|