Data Center Audit


Quite Involved in Discussions
Hi :bigwave:
I was been assigned to audit our data center. What are the things that I need to check and verify compliance? :confused: Do I have to work on security? :frust: With regards to networking, can i audit the design of the LAN? :confused:

Thanks in advance.
Best regards,
Raffy :cool:
Elsmar Forum Sponsor
Hi Raffy,

There is a lot to dig in to: This is just what came to mind right away…

Doc requirements, and in particular control of records: Backup, Virus protection and firewalls, Access rules… 4.2. Security

Objectives. 5.4.1.

Who is responsible for the operation of systems and applications? 5.5.1.

Competence and training. 6.2.2.

Infrastructure. 6.3. Design of the LAN

Purchasing. (Software, hardware, services) 7.4.

Validation of applications they put together. 7.5.2.

Customers property (Mainly information) 7.5.4. Security

Monitoring of the systems. 8.2.3

Analysis of system performance, and actions taken as a result 8.4, 8.5.

Improvement 8.5.2.

I hope that'll keep you happy for a while?

Atul Khandekar said:

Does that include standard apps they buy?
Hi Atul,

Now there's a good question. If the application is part of your process and you can't verify the results later, I'd say yes... Didn't think about that.

You'll somehow have to make certain that the application interacts with the rest of the process in the intended way. It's no different from when you buy a machine and hook it up in a production line...

Other opinions?


Atul Khandekar

Thanx Claes.
A company may have any/all of the following:
- Number of MS Office and CAD installations
- Some ERP software such as SAP
- Company-wide intranet / Knowledge Management System / LotusNotes
- One or just a few seats each of many smaller software pakages (eg. Calibration Management System)
It would be a daunting task validating these things! How does one go about it?

Well Atul,

I'm skating on thin ice here. (Honestly, just trying to get a grip on this myself - please, someone grab me if I'm heading for open water).

In the examples you mentioned I'd think it's a simple (is it?) matter of installing the stuff and see if it works. Then, as long as nothing is altered I guess the validation would stay valid?

What I was thinking of was something like software for running production machinery or something similar... I suppose the only way to validate that would be to systematically put the relevant commands through it and see if you get the intended reaction in the other end.

More opinions anyone?


Vash Stampede

We'll I think I may add some audit stuffs that you might want to look at:
computer hardware inventory list?
multiple network interfaces in windows or in linux (as its operating system)?
disaster recovery plan? (as in how would they recovered lost files)



Quite Involved in Discussions
Hi Claes,
Thank you for adding up, its great to have your answers to the questions... :cool:
I had some follow-up questions:
Is a machine history needed for each workstations? How about an OCAP (Out-of-Control-Activity Plan)? Can I require them with using the clause under Continuous Improvement? How about FMEA?

Thanks and best regards,
Awwwww... :eek: (blushing). I bet you say that to all computer freaks ;) Thank's Raffy.

Just be sure to note that I'm thinking this through as I'm answering, thereby without a doubt missing things... I'll be using this stuff myself next time I audit our computer jockeys. A discussion here is good for the old creativity.


Machine history for each work station? I wouldn't know. That must depend on what your local procedures say.

OCAP? That could certainly fall under preventive action, and if you keep it updated, for instance by using FMEA it should prove useful for continual improvement too (You could improve what's possible to improve and stuff the impossible into the contingency plan.). As before it's down to what your procedures say, but losing your network even temporarily could be disastrous, so a contingency plan would be a good idea for anyone. I think it should fall under clause 4.2.

Thread starter Similar threads Forum Replies Date
A What are Practical data center best practices IEC 27001 - Information Security Management Systems (ISMS) 1
M Informational US – National Evaluation System for Health Technology Coordinating Center (NESTcc) Solicits Public Comments for Data Quality and Methods Frameworks Medical Device and FDA Regulations and Standards News 0
P Conference Table power-data center Lean in Manufacturing and Service Industries 2
T CMM Max/Min data and Capability Capability, Accuracy and Stability - Processes, Machines, etc. 3
G Record test data into Word document Document Control Systems, Procedures, Forms and Templates 3
Stoic Warning letter examples for medical device companies related to the pharma guidance on data integrity? US Medical Device Regulations 5
C Primary data record ISO 17025 related Discussions 6
H Is it a requirement for run charts to have inspection data or can it have just a pass/fail check mark Records and Data - Quality, Legal and Other Evidence 4
I Brazil clinical data/trial requirement Other Medical Device Regulations World-Wide 1
W Part 145 Maintenance Data Review EASA and JAA Aviation Standards and Requirements 1
E Electronic Data Management ISO 17025 related Discussions 1
D ISO 14001 Finding - Missing Safety Data Sheets ISO 14001:2015 Specific Discussions 2
P Comparing Two Test Variables Using Attribute Data Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
K Before-After Data Analysis Statistical Analysis Tools, Techniques and SPC 1
D Gage type and data base maintainence Using GAGEpack Software 2
Dazzur Sharing Suppliers Performance Data with Supplier. Supplier Quality Assurance and other Supplier Issues 6
M Conducting a clinical investigation with clinical data from India EU Medical Device Regulations 3
T Data types vs Mathematical operations Six Sigma 4
T Gage R&R study - Ordinal data Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
optomist1 Data Bias - Surveys Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 0
V Levels of actions and consequence to data integrity US Food and Drug Administration (FDA) 10
M ADME data- substances based MD EU Medical Device Regulations 0
B Can a software that receive data from a MD be classified as Class I?or is not a MD? EU Medical Device Regulations 5
T Process Potential estimation for binary data Capability, Accuracy and Stability - Processes, Machines, etc. 3
RoxaneB Data Storytelling Misc. Quality Assurance and Business Systems Related Topics 4
MaHoDie Summative Evaluation with Post-Market Data? Human Factors and Ergonomics in Engineering 2
J EU Data Act Medical Information Technology, Medical Software and Health Informatics 0
P Transferring medical data from a device (Sec 201(h)): regulatory implications US Medical Device Regulations 3
Z Change color or shape of individual data point in control chart Using Minitab Software 6
R FDA ECG Data Requirements Medical Information Technology, Medical Software and Health Informatics 3
T SQL Server 2019 - Master Data Services - Validation needed? ISO 13485:2016 - Medical Device Quality Management Systems 4
C Elaborating a control chart with skewed data Manufacturing and Related Processes 4
D Data normality versus capability Capability, Accuracy and Stability - Processes, Machines, etc. 11
I In-Process Inspection Raw Data ISO 13485:2016 - Medical Device Quality Management Systems 3
T Class III device and shelf life data requirements US Medical Device Regulations 7
S Discussion on OBL and OEM test data for submission as per new EUMDR EU Medical Device Regulations 0
C How to place software version for SaMD product in HIBC secondary data structure (UDI-PI)? Other US Medical Device Regulations 4
PQ Systems Better Data Visualization & Communication with Statistical Indices Using SQCpack Software 0
PQ Systems Data Entry Workflows with SQCpack Using SQCpack Software 2
PQ Systems Data Security in the Quality Industry Using GAGEpack Software 0
B Establishing a Data Analysis Procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Fjalar ISO 20417:2021: Technical Data (6.6.4 c) Other Medical Device Related Standards 0
Z PMS Data collection for SAMD SaaS from clients EU Medical Device Regulations 3
S How to upload data in bulk on EUDAMED? EU Medical Device Regulations 16
M Validation of Data verification tool per 21 CFR 820 Quality Assurance and Compliance Software Tools and Solutions 1
J Stage 2 audit initial cert, few data points ISO 13485:2016 - Medical Device Quality Management Systems 4
placebo_master Risks of executing a verification protocol against existing data ISO 13485:2016 - Medical Device Quality Management Systems 4
Z Why Control Limits are not the same depending on type of exclusion of data points Using Minitab Software 7
D Question: How to analyze numerical and attribute data Reliability Analysis - Predictions, Testing and Standards 11
N Simple statistics questions on labor data Statistical Analysis Tools, Techniques and SPC 2

Similar threads

Top Bottom