After the organization has evaluated potential site locations and determined a shortlist, an extra step in due diligence should be performed. Site visits or evaluations of potential building or construction areas can help to validate decisions, and identify any potential issues in chosen locations. Document and capture anything that is non-compliant and/or needing remediation using this checklist to identify any issues and ensure the data center facility is free of both internal and external threats.
This checklist addresses the following when evaluating potential building sites for the data center:
- External environment within which the data center may be located, including environmental and physical hazards nearby.
- Internal checkpoints to consider when conducting the site visit such as clean power, secured areas, and cooling equipment.
- Physical attributes of the building such as loading docks, water lines, and power grids.
- Access control to prevent intruders from entering the building.
Understand what to look for before and during a site visit to ensure due diligence has been covered, and to help with the final selection decision for a data center building site. Once the facility is fully operational, the ISO IEC 27002 2005 (17799 2005) Information Security Audit Tool, Section 9 Physical and Environmental Security Management Audit should be used to access the facility on a regular basis.