Previous Table of Contents Next


PHYSICAL SECURITY

1.  - - - D
Unauthorized entry to the data center shall be prevented by locks, automatic admission checking system, or guards. If the data center is on the ground floor, the windows shall be of an unbreakable type, preferably also opaque and not possible to open.
YES _____ NO _____ N/A _____
___________________________________________________
___________________________________________________
1a  Is the data center locked at all times? _____
1b  What type of lock is used? ____________________
For combination and card type locks, how often is it changed to a new number or card? _______________________
2.  - B C D
Fire extinguishers of carbon dioxide or Halon gas shall be located in the data center and in the adjacent one. Where applicable, the fire control organization should be consulted and it should make inspections.
YES _____ NO _____ N/A _____
_______________________________________________
_______________________________________________
3.  - - - D
Automatic fire extinguishing installations, smoke detectors, and fire alarms are strongly recommended. However, in most countries, Halon will be forbidden within the first half of the 1990s. The technological developments must be observed. Before deciding for a new automatic Halon installation, corporate approval must be obtained.
YES _____ NO _____ N/A _____
_______________________________________________
_______________________________________________
4.  - B C D
Sprinklers might be a suitable alternative if they are combined with an automatic power shut-off to the computer before the sprinklers are released.
YES _____ NO _____ N/A _____
_________________________________________
_________________________________________
A  What controls exist for the risk of fires in the data center or surrounding areas? Check all that apply.
Halon system _____ Smoke alarms _____
Sprinkler _____ Extinguisher _____
Other _________________ Halon extinguisher _____

Will the activation of any of the above trigger a central alarm for times when the room is not manned?________________________
__________________________________________________________
5.  - - C D
When constructing a data center, sewer and water pipes should be removed or the material changed to an anticorrosive material. If there is any risk of leakage, flooding, or water rising from the drainage system, there shall be (automatic) shut-off valves and gutters.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
6.  - - - D
A  water or moisture alarm should be installed.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
*  6a Is water damage a risk in the data center? _____
*  6b Is there a raised floor? _____ If so, how high? _____ Are underfloor sprinklers needed? _____ in place? _____
7.  - B C D
Where needed, air conditioning equipment shall be installed. If suitable, the capacity should be divided into at least two units.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
8.  - - - D
Equipment for alarm and power shut-off at unsuitable temperature or humidity should be installed.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
9.  A B C D
UPS, Uninterruptible Power Supply, should be installed where power disruptions are frequent and recovery takes a long time or where disruptions incur significant costs.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
*  9a Do you have a UPS? _____ If yes, then .....
how many minutes of backup does it provide? _____
is it linked to the CPU? _____
what items are protected? _____________________________
10.  A B C D
Stabilizers should be used where voltage or frequency is not stable.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
11.  A B C D
When sending data media containing payment transactions, special security measures shall be taken to prevent the media from being altered. Such measures could be a fixed timetable for the conveyance, transport in a locked box, and an electronic seal on a tape.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
B What position is the CPU console keyswitch normally kept in?
_____________ Where is the key kept? ______________ Who has access to the key? _______________________________

Continued with OPERATIONS on the following page.

OPERATIONS

12.  A B C D
Backup copies shall be taken so frequently that the time for a recovery procedure is relatively short. The recovery should not take more than four hours or create business disturbances or incur significant costs. For frequently used files, backup shall be at least daily. A full backup including low frequency files and system and application software shall be taken at least monthly.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
13.  A B C D
The backup copies shall be stored in such a way that they cannot be destroyed or stolen at the same time as the computer. This means that they should either be stored in another building or in a fireproof cupboard in another room than the computer. The backup copies shall be kept under lock and key.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
14.  A - - -
At least two generations of backup shall be kept.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
15.  - B C D
At least three generations of backup shall be kept.
YES _____ NO _____ N/A _____
__________________________________________________________
__________________________________________________________
*  15a Please indicate the appropriate information about making and storing backup files:
File type # of cycles when taken (daily, etc.) which are off-site?
Application data ______ ______ ______
Application program ______ ______ ______
Operating system ______ ______ ______
Utilities ______ ______ ______
Other ______ ______ ______


Previous Table of Contents Next