Checklist of ISO/IEC 27001-A.11.2.2 Supporting utilities – electrical power

Introduction:

The uninterrupted supply of power and proper cooling is critical for the smooth operation of shared or critical IT systems. 

Facilities and electrical engineers must ensure that the electrical power arrangements for computer rooms, network closets, and other locations housing IT equipment are reliable and of high quality. 

They must also ensure that the air conditioning systems are properly installed and maintained. 

The A.11.2.2 Supporting utilities – electrical power control objective of ISO/IEC 27001 emphasizes the importance of ensuring that all facilities and supporting utilities are inspected and tested regularly. 

This article will provide a checklist to assess the power and air conditioning arrangements for computer rooms, network closets, and other locations housing shared or critical IT systems.

Sample Checklist:

  • Ask facilities or electrical engineers to explain the electrical power arrangements for computer rooms, network closets, and other locations housing shared or critical IT systems.
  • Determine whether computer-grade on-line UPSs, filters, etc. are available to provide reliable and high-quality power.
  • Assess whether there is adequate UPS capacity to support all essential equipment for a sufficient period, such as internal, rack-mounted, whole room, or whole site systems.
  • Verify how we know that all essential equipment uses secure supplies.
  • Assess whether there are generators of sufficient capacity to support critical IT systems during power outages.
  • Check whether UPSs and generators are operated, monitored, and maintained as per the manufacturer’s specifications and tested on-load regularly.
  • Determine if there are redundant (dual-routed) mains feeds from separate substations or grids if appropriate.
  • Assess the impact of power cabling, switchgear, or equipment changes or tests on systems and services.
  • Verify if there are properly specified and installed computer-grade air conditioners.
  • Check whether chillers/condensers are appropriately sited.
  • Assess whether there is adequate A/C capacity to support the heat load, even in a hot summer.
  • Determine if there are redundant/spare units or portables available to improve resilience and permit maintenance without affecting service.
  • Verify if there is temperature sensing with remote-reading over-temperature alarms and incident procedures.
  • Check whether air conditioning equipment is professionally operated, tested, and maintained as per manufacturer’s specifications.
  • Assess whether there are suitable operation and maintenance procedures, including filter cleaning and dealing with over-temperature or other alarms.
  • Check whether facilities and supporting utilities are being inspected and tested regularly to ensure proper functioning.
  • Determine whether they are alarmed for malfunctioning and unauthorized activity.
  • Assess how alarms are handled out-of-hours, including whether security guards have remote alarm indicators/sounders on their consoles, with suitable response procedures, training/exercises, etc.
See also  Checklist of ISO/IEC 27001-A.14.2.9 System acceptance testing

Conclusion:

Ensuring proper power and air conditioning arrangements for computer rooms, network closets, and other locations housing shared or critical IT systems is essential. 

The checklist provided above will help assess the power and air conditioning arrangements to ensure reliable and high-quality power supply and proper cooling. 

Inspecting and testing facilities and supporting utilities regularly is also critical to ensure their proper functioning. 

By addressing the A.11.2.2 control objective of ISO/IEC 27001, organizations can improve their power and air conditioning arrangements, enhance the security and resilience of their IT infrastructure, and avoid potential damage caused by power outages or overheating.

Leave a comment

Your email address will not be published. Required fields are marked *