Previous Table of Contents Next


One very different scenario is a false alarm in which someone knows that a system discharge is unnecessary and uses the abort button. Of course, this action does not reset the system, so someone with that capability must be summoned.

Telephone. A telephone and a directory, at least with the numbers of emergency response personnel, should be located within easy reach of the abort switch. Anyone who finds it necessary to press the switch can then call for any assistance believed necessary to reset the system, investigate the potential emergency, provide assistance to another employee who may be unable to evacuate, or other similar situation.

Backup System Considerations. There are a number of situations when a fire suppression system may fail, although it is more likely with a chemical system. The company should consider, and the IT auditor should verify, that the need for a second system has been considered and an appropriate decision reached. A chemical system can be supplemented by a water system that is ultimately supported by the local fire department.

Training and Documentation. Selecting and installing a system for physical security is only half the battle. Unless the appropriate employees are fully trained on alarm system operations, options, and responses, there is a risk that the control objectives will not be met in an emergency situation. The information provided during training should be provided in writing with one copy by the abort switch and telephone, one with the guard (if there is a guard), and other copies as needed.

THE DETECTION OF AND RESPONSE TO UNAUTHORIZED ACTIVITY

All of the environmental situations covered in the preceding pages could be generalized under the topics “accidental” or “acts of God.” Several of them, most likely fire, could be the result of unauthorized activity. Such activity could also result in equipment being stolen, damaged, reconfigured, or simply used for unauthorized or fraudulent activities. The data center room construction discussions covered the basics of preventive controls over unauthorized physical activity. The focus of this section is the detection of and the response to unauthorized physical activity in the data center.

Mechanical Detection Devices

To monitor the activity in and surrounding the data center, companies have several mechanical and human options. The mechanical options include the use of security cameras, motion sensors, and door and window sensors. The alternative to or supplement of these options is to hire guards who are posted in and around the computer facility at all times.

The Security Camera. The company can have a security camera installed if there is an internal guard service or external guard service with direct monitoring capabilities. This may not ensure that unauthorized activity is detected in real time, but should ensure that if such activity takes place and is not detected in realtime, subsequent detection should be possible.

A Motion Sensor. Anyone successfully entering the data center without authorization will almost certainly move about the room, even if it is only once to get to the desired location and a second time to exit the room. If a motion sensor is installed, it should be reasonable to expect that any unauthorized activity during off-hours will activate the sensor. The sensor should be connected outside the data center just like the rest of the alarm system. It would be management’s decision as to whether a motion sensor activation will sound an alarm in the data center. The reason to sound the alarm is to attempt to interrupt the unauthorized activity and to prevent problems at the risk of not catching the person or persons involved. Conversely, the reason to not sound the alarm is to provide time for the response personnel to reach the scene and capture the persons responsible for the unauthorized activity.

Door and Window Sensors. Sensors can also be installed that provide coverage for both the windows and the doors, whether they are broken or simply opened enough to permit access. The decisions about what alarms to sound and what responses to initiate must be made by the appropriate managers.

Having Guards in the Data Center

Companies that have full- or part-time internal guard services often require those guards to walk through the guarded areas periodically. These walk-throughs may be scheduled or unscheduled. In either case, there may be an electronic or manual system in place that the guard interacts with to prove with certainty that the walk-through was completed through the designated areas.

One of the guarded areas is likely to be the data center. The issue arises based on the location of the guard’s check-in point. It is recommended not to place the check-in point inside the data center, but at a point outside that gives the guard an opportunity to look in and check through internal windows, even if the only internal window is part of the door. The reasons for having the check-in point inside the data center may include one or more of the following:

  The guard is more likely to detect an environmental problem like fire or heat from inside the data center.
  The company wants the guards to be in a position to identify potential medical problems of systems personnel and to initiate the appropriate response.
  The guards should be in any area where they are expected to provide the most effective service.

The recommended responses to these items are:

  The guard is only present for a few minutes an hour at the most. Implementing a physical sensor and alarm system provides constant monitoring, which the guard can supplement from outside the room. The guard should know the number of persons expected to be on duty and should look in and determine that they are not experiencing any problems.
  The guard will be in the area if the check-in point is just outside the data center. In addition, it is not recommended to prevent them from entering the data center; rather, they should not be required to enter during every walk-through.
  Having untrained personnel in the data center is not a recommended practice in general. No exception should be made for the guards. It is possible for them to cause a problem accidentally, such as bumping into a piece of equipment and turning it off.


Previous Table of Contents Next