Information
-
Document No.
-
Audit Title
-
Client / Site
-
Conducted on
-
Prepared by
-
Location
-
Personnel
Site and room information
-
Select date
-
Audit performed by:
-
Information: Additional info not mentioned or part of the questions etc, like mount of racks that might be installed, info about servers,communication special equippment or solutions etc.
1. Facilities.
-
1.1 Fire classification. <br>Fire classification exists and the room is a separate fire cell in it´s function and it meets the E-60 standard.
-
1.1.1 Storage archive. <br> Fire classification exists and the room is a separate fire cell in it´s funktion and meets the E-120 standard.)
-
1.2 Ceiling. <br>Sub ceiling allowed.<br>Recommendation is NO sub cieling
-
1.3 Floor. <br>Raised floor not mandatory.<br>Raised floor recommended if capaciry i more than 450 W / Squaremeter
-
1.4 Doors. <br>Doors in to the Dataroom/center and between fire cells follows E-60 standard or similar.<br>Doors into the DC is alarmed.<br>Door is of burgular resistent construction.
-
1.4.1 Fire sealing. <br>All walls, roofs or floors where cables, ducts, pipes etc is entering the room is fire sealed and air/gas/dust thight.
-
1.5 Cabeling standards. <br>The company cabeling standard is used in all new installations.<br>There are still old cablings in place that does not meet the company standards.
-
1.7 EMP protection. <br>No EMP protection needed for class 1.
-
1.8 Window. <br><br>Windows allowed but are protected from intrution and is NOT facing inwards the building to a room that is not a data room.
-
1.9 Printer. <br>There is no printer in the data room.
-
1.10 Monitors. <br>Monitors of CRT type is powered off when not in use, or controlled by timer or other solution.
-
1.11 Plastic cover. <br>Covers are available,
-
1.12 Own building. <br> No demand for separate building. Data room is in a co-location or a rented space..) (N/A default)
-
1.13 Classified burgular resistence. Intrusion protection is built in and gives full protection according to risk analysis done. Documentation or certification missing.
-
1.14 Preimeter protection. . Building secured. Security adopted to the local situation. Risk analysis done and issues adressed.
-
1.15 Compartmentalization. No compartmentalization needed. (separate room for plattforms/customer) (N/A default)
2. Electric power
-
2.1 Continous power. <br>Class 1: A basic site infrastructure implemented. No redundancy in power infrastructure, but timelimited UPS installed.
-
2.1.1 External power.<br>Class 1: External power distribution in via ONE single line.
-
2.1.2 A and B power on two internal distribution lines. <br>Class 1: Electrical distribution to computer rooms via ONE single feed
-
2.2 Cooling system connected to UPS?<br> Class 1: Cooling system NOT connected to UPS <br>Class 3&4: Internal coolong units connected to UPS
-
2.3 Time limited UPS. <br>Class 1: Time limited UPS installed. Time for taking down system and reaction time calculated.
-
2.4 Electrical installation. National electrical standard are followed.
-
2.5 UPS batteries outside data room. No wet batteries/UPS bat pacs in the data room. Existing batteries only inside equippment.
-
2.5.1 UPS capacity<br> UPS time adopted for enough time to react, decide and take down systems in a controlled way.<br>For how long time is UPS working?
-
2.6 Potential equalisation. Potential ground connection used in all new projects and installations. Raised floors shall be grounded
Ccooling & Ventilation
-
3.1 Continious cooling. <br>Class 1: No power backup to cooling equippment needed. (N/A default)
-
3.2 Cooling in battery room. <br>Cooling of separate UPS NOT mandatory. (High temperature reduces battery lifetime)
-
3.3 Ventilation i data room. Ventilation in data room NOT mandatory, but recommended. (Fire damers needed)<br>
-
3.31 Ventilation in battery room. Ventiation in rooms where batteries are stored, charged or connected to the UPS system shall be well ventilated.
-
3.4 Fire and smoke dampers for airflow. <br>There are fire dampers installed on the ducts for airflow in and out from the data room.
-
3.6 Overpressure<br>It is recommended to have overpressure in datarooms. NOT mandatory for class 1.
-
3.5 Temperature logg. <br>Temperature logg is recommended. Real time temperature shall be readable.
4. Lights
-
4.1 Normal lighting. <br>Manual lights according to office standard and with emergency light
-
4.2 Security starter.<br>Security starters installed in all lightning tubes that need a separate starter.
Smoke and wather detection
-
5.1 Smoke detection<br>there is a smoke detection funktion installed and verified/tested.
-
5.2 Wather detection. <br>No demands for wather detection, but recommended in any cases cooling or pipes in the room contains any fluids.
6. Fire Extinguishing
-
6.0 Redundant fire extinguishing system. <br>Class 1: NOT required.
-
6.1 Efficient, non destroying extinguishing system..<br>It is recommended to have a gas based extinguishing system installed.
-
6.2 Manual fire extinguisher. There is a minimum of one manual fire estinguisher per fire cell in the computer rooms, preferebly placed close to the entrance door. National fire protection rules are audited and followed.<br>
-
6.3 Extinction training. There has been a training conducted on handling manual fire extinguishing equipment.
-
6.4 Evacuation training. <br>Evacuation training is conducted on a regular basis.
7. Alarm handling
-
7.1 Alarms to alarm center.<br>It is recommendet to have facility alarms connected directly to a alarm center that reacts on alarms.
-
7.2 Electric power. <br>Reccomendation: There is an alarm connected to a suport supplier that reacts to alarm
-
7.3 Cooling equippment. <br>Reccomendation: There is an alarm connected to a suport supplier that reacts to alarm
-
7.4 Smoke detection. <br>Reccomendation: There is an alarm connected to a suport supplier that reacts to alarm
-
7.5 Water detection. <br>Reccomendation: There is an alarm connected to a suport supplier that reacts to alarm
-
7.6 Evacuation alarms. <br>follows alarm handling in Volvo Site Security Guidelines. VG SSG. The alarm is tester regulary.
-
7.7 Physical perimeter protection. Data room is treated as a Restricted zon.
-
7.8 Camera. Cameras not mandatory in Class 1, but recommended. Entances shall be covered as prio 1.
-
7.9 Video (storage of pictures). <br>Not applicable for class 1. when recording units is in place storage is min 30 days (National legislation to be followed)
-
7.10 Facility system.<br>Not mandatory for Class 1
8. Equipment documentation.
-
8.1 Documentation of IT equipment in data rooms. <br> Inventory and hardware lists of IT equipment is a plattform responsibillity.
-
8.2 Documentation of infrastructual equipment, power, cooloing etc.<br> Not mandatory for Class 1.
-
8.3 Documentation of support functions. <br> Not mandatory for class 1.
9. Orders and manners.
-
9.1 Clean room. <br>There exists on unused equipment, or any flammable substanse/iems in the data room.
-
9.2 Trash bin. There are NO trash bins in the dataroom.
-
9.3 Cleaning procedure. <br>Special care is taken when the data room i cleaned. <br>(Describe the process)
-
9.4 Computer room routine. The Volvo IT Computer room Routine is communicated to everyone with room access.
10. Information / Signs
-
10.1 Evacuation signs.<br>Evacuation exists according to Volvo standards and reviewed in Volvo Blue.
-
10.2 Room identification.<br>Follows Office standard. ( Office Security Guidelines)
11. Access handling
-
11.1 Register logg.<br>NOT mandatory for Class1
-
11.2. ID-Card and code.<br>Access Card OR code OR registrated key is used for entry.
-
11.3 Backup key. <br>Backup key function exists and a logg of use is in place.
-
11.4. Piggy backing. <br>NOT mandatory for Class 1.
12. Access controls
-
12.1 Access control system. <br>A control system is not mandatory for Class1.
-
12.2 Access list uppdate and review. <br>The access list is reviewed tvivel a year, according to Volvo ITCG demands.
-
12.3 Visiting restrictions. <br>Visitors are not allowed in the data rooms.
-
12.4 Logging. <br>All entries are logged.
13. Audit and review
-
13.1 Requests for audit. <br>All audits are done in a planed way or in planed requests.
-
13.2 Companion at audits. <br>Volvo personal allways accompanies an auditor in VolvoIT manager data rooms.
-
13.3 Audit reports <br>A copy of review / audit reports is always demanded after a performed review or audit.
14. Other premises
-
14.1 Unpacking area.<br> No unpacking of servers or other equippment is done inside the data room.
-
14.2 Garbage room <br>Not a demand for Class 1 data room. N/A default
-
14.3 Goods reception. No goods is stored inside the data room.
-
14.4 Adjacent room are inspected and is risk free.
15 Agreements
-
Do we have an agreement with a support supplier that will fix promblems where tre here is an alarm in the following areas: ...
-
15.1.1 Elektic power
-
15.1.2 Cooling & ventilation
-
15.1.3 Smoke detection
-
15.1.4 Extinguishing system
-
15.1.5 Alarm supervision (probably not applicable for a small och a Class 1 data center)
-
15.1.6 Water detection
-
15.1.7 Facility system ( system where other alarms are connected to)
-
15.2.1 Physical perimeter protection (intrusion alarm)
-
15.2.2 Passage system
-
15.2.3 Guard company
-
15.3.1 Telephone services
-
15.3.2 Cleaning company for cleaning inside data room.
Incidents
-
16.1 N/A for Class 1. (It is recommended to use the Security Incident Reprting System to logg securiyt related incidents.)
17 Inspections
-
17.1 Inspection reports<br> Internal inspections done regulary.<br>
-
17.2 Information to EMT<br> Central inspections collected for summary report to local Mgnt.
END
-
Signature:
