Data Centre Compliance Blueprint

Cloud is one of the most signi?cant innovations in modern IT. However, many organizations are maintaining their operations physically either in their own data center or co-locating them. Along with such a model, many risks and compliance requirements would come bundled.

Here?is?my?interpretation?of?Data?Centre?Compliance?divided?into?Four?Chapters.

Chapter 1: Start from the Start

To start with, the most important thing is that you need to invest some time to understand your operations. Even though there are many experienced personnel, it is good practice not to assume based on our experience and be judgmental. Things can vary based on organizational culture and scenarios. So, give time to study the detailing around your organization's vision and goals.

What are the various policies of the organization?

What industry does your organization fall under, and what controls would be applicable?

How is the day-to-day operation of the data centre, both in terms of your operations and the Co-location (Colo) providers' activities around your services?

The scope agreed on plays a major role in delivering proper services avoiding cost overrun, and access to the right information within the stipulated time, which in turn gives satisfaction that the data centre operations are in safe hands. Ensure the scope agreement has a clause about Rights to Audit, a very critical clause.

Along with this, study your team, and understand their capabilities and daily routine. Write up a synopsis based on your study. Try and compare that with past activities, the organisation's written Policy and your experience over the years. And once you have that control, you can change your gear to identify gaps and suggest improvements. Unless that is done, you are bound to make slight miscalculations and will not be in the driving seat for the improvement and compliance of the operations.

Chapter 2: Road Map Creation and Walkthrough

• Either review existing processes and SOP or start creating if there are none. Involve all team members for their input, so the documents cover all aspects of operations.
• Start preparing a checklist for daily/weekly/monthly durations for the operations team and governance.
• Ensure that the checklist includes operational points and covers KCI and KRI from monitoring various compliance perspectives. For example, CCTV camera review, NTP correctness, utilization report of power, access logs, and addition and exit of employees.
• This is both helpful from operations as well as compliance point of view. It is also bene?cial in the event of any regulatory audit or internal issue. There is a lot more to the entire universe of data centre operations.
• Data centre operations is a vast area, but just covering the physical aspect, there are so many sections within that. So do not restrict only to these.
• Types of tickets, material management, rack management, power management, various reports and pieces of evidence capturing, incident responses, gate pass for visitors, reviews and MOM, actions, and closures around reviews are some of the parameters to be considered.

Chapter 3: Smooth Sailing

• The most critical and challenging task is to keep the ship a?oat. A lot of e?ort is involved in documenting the processes and SOPs, checklist, and walkthroughs, getting the buying from stakeholders on following. Following what is designed on a routine basis might sometimes make it dull and cause slippage. Even if no failures are observed, maintaining the status-quo is the biggest challenge because over a period, things begin to look redundant, and teams start ignoring to do what was agreed.
• It’s essential to ensure that you regularly connect with the team to reverify the need for what is being done. We need to stay prepared for risks in the future. But assuming that since we have things in control, there can’t be any risk is the biggest risk itself. Also, technology keeps changing, and so do resources and company policies based on regulatory needs. You need to ensure that updated rack diagrams are veri?ed, power utilization and consumption are regularly monitored, material management is cross- checked, and PPM reports from the Colo provider are studied.
• Also, create a repository where all reports, access logs reviews, evidence, MOM, recent certi?cate of organization and Colo providers are placed around the data centre. This act will ensure that governance is smooth, and the data showcased during any audit will be ready in no time. Remember, many times, if there is a delay in sharing evidence, some auditors think that there is no data or data is being fabricated.

Chapter 4: Conclusion

There is much more to data centre compliance, but if I were to write everything, it would be a book by itself. I intended to give some food for thought to all new data centre managers and members who would like to ensure that their operations don’t end up on the list of Non- compliance from any audit. With these few simple approaches as noted above, you will surely be able to ensure that there are no incidents from the Physical Security of the data centre operations. Other infrastructure support teams can be rest assured that they will have all support in real time from data centre Team.

Subscribe to our newsletters. Visit our website to learn more.